Integrating Forcepoint DLP and Forcepoint CASB

This chapter provides an overview of how to configure the integration between Forcepoint DLP and Forcepoint CASB, and how to configure DLP policies for sanctioned cloud applications.

The integration is achieved via multi-directional communication between the customer-deployed Forcepoint Security Manager server, the cloud-hosted Data Protection Service and DLP agents, and Forcepoint CASB cloud infrastructure. Within this chapter and the Forcepoint Security Manager user interface, Forcepoint uses the following terms to describe the different interactions with sanctioned cloud applications.

  • DLP Cloud API (available from Forcepoint DLP 8.5.0): Leveraging an API connection made to the supported cloud application, this option provides near real-time activity analysis soon after the operation occurs. For example, uploads, downloads, and sharing activity.
  • Cloud Data Discovery, also known as data at rest (DAR) (available since Forcepoint DLP 8.6.0): Data discovery and remediation of sensitive data at rest and data shared within sanctioned cloud applications. This capability also leverages an API connection to each supported cloud application.
  • DLP Cloud Proxy (available from Forcepoint DLP 8.7.1): For cloud applications that connect to Forcepoint CASB through a proxy connection, this option provides immediate, inline activity analysis as the activity occurs.
DLP Cloud API protection enables action plans that occur shortly after an operation, such as placing a file in quarantine. DLP Cloud Proxy protection enables real-time DLP scanning of operations and content moving to or from the cloud, with real-time mitigation, such as blocking. To this end, as of Forcepoint DLP 8.7.1, a new resource type is available, Cloud Applications. This means that rules and action plans can be configured to apply to specific applications, such as Box.
Note: When Forcepoint Web Security Cloud is integrated with Forcepoint CASB and Forcepoint DLP, a user request that includes both a request to a protected cloud application and potential data loss is forwarded by the cloud proxy to Forcepoint CASB. Forcepoint CASB then forwards it to Forcepoint DLP.