Forcepoint Email Security mode

Steps

  1. Under Email, select an action to take when a breach is discovered on network email channels.

    With Forcepoint Email Security (on-premises), the action option configured here applies to all email directions.

    For cloud infrastructure deployments such as Microsoft Azure, this option applies only to outbound email. (Inbound and Internal email is permitted, and an alert is sent to the Forcepoint Email Security administrator.)

    • Permit the message to go through.
    • Block or deny the message or post.
    • Quarantine the message.

      Select Encrypt on release to have the system encrypt the message before it’s released.

      Note: Release from quarantine is not supported for messages detected by Forcepoint Email Security Cloud.
    • Drop attachments that are in breach of policy. Quarantines email messages that:
      • Have a body breach, but not an attachment breach.
      • Have breaches in both the message body and attachment.
      • Are detected by agents other than Forcepoint Email Security, such as the protector.
      • Fail to drop attachments when indicated.
      Note:
      • In a uuencoded attachment, additional content is placed between the attachments, including the attachment name. As a result, if a violation is found in a uuencoded attachment, the attachment is treated as email body and blocked, rather than dropped.
      • Note that only Forcepoint Email Security can drop attachments. If the drop attachments options is selected when the protector or Forcepoint Email Security Cloud is monitoring email, messages are quarantined when a policy is triggered.

      Select Encrypt on release to have quarantined messages encrypted before they’re released. If an attachment has been dropped, this option reattaches it and encrypts both the body and attachment before releasing the message.

      (Incidents are released from quarantine when an administrator selects Remediate > Release on the incident details toolbar. Release is not supported for messages detected by Forcepoint Email Security Cloud.)

    • Encrypt the message.
      Tip:

      Custom actions can also be created in the Email Security module of the Forcepoint Security Manager, specifically for email DLP policies. (Go to the Policy Management > Actions page, then click Add.)

      Custom actions offer more control over what happens to email that leaks sensitive data. For example, Bcc the original unfiltered message, delay message delivery until a certain date, and so on.

      Any custom Forcepoint Email Security actions are displayed here, in addition to the default actions.

  2. Select Audit incident to have Forcepoint DLP to log incidents in the incident database. By default, audit is selected irrespective of the action.
    Warning: If you turn off this option, incidents are not logged, so you will not know when a policy is breached.

    When Audit incident is enabled, several additional actions are available. Select any of these actions to apply.

  3. If you select Send email notifications:
    • Select the message or messages to send.
    • Click a link to view or modify standard messages.
    • Click New to create a custom message.

    See Notifications and Adding a new message sections for details.

    Tip: There is a benefit to using the same template for each action plan. The system gathers notifications for individual users according to templates and combines them into a single notification. Therefore, if an incident contains 10 different rules, each with a different action plan but the same template, the user receives a single notification with the details of all the breaches.
  4. Click OK to save your changes.