Forcepoint DLP basics

Forcepoint DLP protects organizations from data loss by:

• Monitoring data as it travels inside or outside the organization
• Protecting data while it is being manipulated in office applications, with policy- based controls that align with business processes
• Identifying and ranking high-risk incidents to help prevent or remediate data loss and data theft

Forcepoint DLP has the following main components:

• The management server is a Windows-based machine that hosts the Forcepoint Security Manager and Forcepoint DLP software.

  The management server provides the core information loss technology, capturing fingerprints, applying policies, and storing incident forensics. A deployment can include multiple Forcepoint DLP servers to share the analysis load, but there is only one management server.

• A policy engine resides on all Forcepoint DLP servers, Web Content Gateway servers, and Forcepoint Email Security appliances. Policy engines are also integrated with Windows, and Mac OS X running Forcepoint DLP Endpoint.

  The policy engine is responsible for parsing data and using analytics to compare it to the rules in policies.

• The analytics engine resides on a 64-bit Linux machine.

  It is used to identify potentially risky incidents, rank them with similar activity, and assign them a risk score.

• The policy database is a repository for Forcepoint DLP policies. For optimal performance, it is stored locally on each server (like the fingerprint database).