Single-appliance Forcepoint Email Security deployments

Applies to:
  • Forcepoint Email Security, v8.5.x

Single email appliance

A simple email protection deployment uses a single appliance or X10G blade server. In this installation, all email analysis occurs in the on-premises appliance component using a robust collection of threat detection tools (Main > Policy Management > Filters).

The Personal Email Manager facility on the appliance allows an organization’s end users to manage blocked messages. The Secure Messaging portal lets an organization’s customers view and manage email that contains sensitive data.

In this scenario, the Email Log Server is installed on the same machine as the Forcepoint Security Manager. It can be installed on a separate machine if desired.

Data loss prevention (DLP) policies analyze email to ensure acceptable use policies are enforced and sensitive company data is not lost. An email DLP policy can also facilitate outbound message encryption. DLP policies are enabled in the Security Manager Email Security module (Main > Policy Management > Policies ) but are defined and configured in the Data Security module.

See the Forcepoint DLP Administrator Help for details about DLP policy settings. See the following Forcepoint Email Security Administrator Help topics for information about email filter and policy tools:

Single email appliance with Email Security Hybrid Module

This simple deployment uses a single appliance or X10G blade server. Forcepoint Email Security with the Email Security Hybrid Module offers a comprehensive email protection solution that combines the on-premises functions described earlier with hybrid (in-the-cloud) email analysis to manage an organization’s email traffic.

The Forcepoint Email Security Hybrid Module provides an extra layer of analysis, stopping a variety of email-borne threats before they reach the network, potentially reducing email bandwidth and storage requirements. Together with the Forcepoint Email Security Encryption Module, the Email Security Hybrid Module facilitates the transfer of outbound email to an encryption server before delivery to its recipient.

The email hybrid service prevents malicious email traffic from entering a company’s network by:
  • Dropping a connection request based on the reputation of the IP address of the request
  • Comparing the characteristics of inbound email against a Forcepoint database of known malware, and blocking any message that matches a database entry

The hybrid service may also include the results of its analysis as additional header information in email that it allows into the email protection system. This header information includes a threat detection “score,” which is then used to determine message disposition by the on-premises email protection system. This function can enhance email system performance.

Your subscription must include the Email Security Hybrid Module, and the email hybrid service must be enabled and properly registered before hybrid service analysis can begin. Register for the hybrid service in the Email Security module of the Security Manager (Settings > Hybrid Service > Hybrid Configuration ).

The Email Security Hybrid Service Log contains records of the email messages that are blocked by the email hybrid service. After the hybrid service is registered and enabled, users can view the log at Main > Status > Logs by clicking the Email Hybrid Service tab.

See the Forcepoint Email Security Administrator Help for details on all email hybrid service options: