Forcepoint Email Security mode

Steps

  1. Under Network Channels in the Email field, select one of the following action to take when a breach is discovered on network email channels. See the Possible actions for an action plan section.

    With Forcepoint Email Security (on-premises), the action option configured here applies to all email directions.

    For cloud infrastructure deployments such as Microsoft Azure, this option applies only to outbound email. (Inbound and Internal email is permitted, and an alert is sent to the Forcepoint Email Security administrator.)
    • Permit
    • Drop Attachments
    • Encrypt
    • Quarantine
    Note:

    Custom actions specifically for email DLP policies can be created in the Email Security module of the Forcepoint Security Manager. (Go to the Policy Management > Actions page, then click Add).

    Custom actions offer more control over what happens to email that leaks sensitive data. For example, Bcc the original unfiltered message, delay message delivery until a certain date, and so on.

    Any custom Forcepoint Email Security actions are displayed here, in addition to the default actions.

  2. Select Audit incident to have Forcepoint DLP to log incidents in the incident database. By default, audit is selected irrespective of the action.
    Warning: If you turn off this option, incidents are not logged, so you will not know when a policy is breached.

    When Audit incident is enabled, several additional actions are available. Select any of these actions to apply.

  3. If you select Send email notifications:
    • Select the message or messages to send.
    • Click a link to view or modify standard messages.
    • Click New to create a custom message.

    See Notifications and Adding a new message sections for details.

    Tip: There is a benefit to using the same template for each action plan. The system gathers notifications for individual users according to templates and combines them into a single notification. Therefore, if an incident contains 10 different rules, each with a different action plan but the same template, the user receives a single notification with the details of all the breaches.
  4. Click OK to save your changes.