Forcepoint DLP basics
Forcepoint DLP protects organizations from data loss by:
- Monitoring data as it travels inside or outside the organization
- Protecting data while it is being manipulated in office applications, with policy- based controls that align with business processes
- Identifying and ranking high-risk incidents to help prevent or remediate data loss and data theft
Forcepoint DLP has the following main components:
- The management server is a Windows-based machine that hosts the Forcepoint Security Manager and Forcepoint DLP software.
The management server provides the core information loss technology, capturing fingerprints, applying policies, and storing incident forensics. A deployment can include multiple Forcepoint DLP servers to share the analysis load, but there is only one management server.
- A policy engine resides on all Forcepoint DLP servers, Web Content Gateway servers, and Forcepoint Email Security appliances. Policy engines are also integrated with
Windows, and Mac OS X running Forcepoint DLP Endpoint.
The policy engine is responsible for parsing data and using analytics to compare it to the rules in policies.
- The analytics engine resides on a 64-bit Linux machine.
It is used to identify potentially risky incidents, rank them with similar activity, and assign them a risk score.
- The policy database is a repository for Forcepoint DLP policies. For optimal performance, it is stored locally on each server (like the fingerprint database).