Risk-Adaptive DLP with Forcepoint Dynamic User Protection

Forcepoint Dynamic User Protection is an endpoint blade that can be installed with the Forcepoint DLP Endpoint on the same machine. It performs modeling and analytics to determine a user profile risk on the endpoint itself, even when the endpoint is disconnected from the corporate network, or the user is working off-site.

Forcepoint DLP Endpoint passes all events and incidents to the Forcepoint Dynamic User Protection blade, which then calculates the current user’s risk level locally on the endpoint. Then, when Forcepoint DLP polices are triggered, the action called for is based on the particular user’s risk level.

If Forcepoint Security Manager is connected to Data Protection Service (see Configuring Data Protection Service section for more information) and if transactions are being sent to Data Protection Service for DLP analysis from one of DLP integrated cloud products such as Forcepoint CASB, Forcepoint Web Security Cloud or Forcepoint Email Security Cloud agents (see Cloud Security Gateway Integration Guide (Web Security Cloud, CASB, and DLP) and Forcepoint Email Security Cloud and Forcepoint DLP Integration Guide, for more information), then Data Protection Service will enforce the Forcepoint DLP polices based on the particular user's risk level and report to the DLP incidents reports.

To enable Risk-Adaptive DLP with Forcepoint Dynamic User Protection, do one of the following:

• Build a unified Forcepoint F1E installer to install Forcepoint DLP and the Dynamic User Protection blade.
• Download Forcepoint Dynamic Endpoint Protection as a separate installer directly from the Forcepoint Dynamic User Protection cloud console, and distribute it to endpoint systems that are running Forcepoint DLP.

For more information, see the Forcepoint Behavioral Analytics Administration and Troubleshooting manual.