Business Units

Use the Main > Policy Management > Resources > Business Units page in the Data Security module of the Forcepoint Security Manager to define or manage custom groups that can be sources or destinations of information in your organization. For example, a business unit could comprise all Marketing personnel in the domain codivision.com.

Unlike Custom user directory groups, business units can contain any Forcepoint DLP resource. These can include both user directory entries, such as users and groups, and non-user directory resources, such as URL categories, geographical locations, custom users, custom computers, networks, domains, and printers.

Create a business unit by adding resources to it. Then assign it to a policy so that only these resources are permitted to send or receive data of a particular type.

If a business unit includes computers and users, but a policy applies only to users, Forcepoint DLP applies the policy only to users in the business unit.

If the analytics engine for incident risk ranking is installed, you can use business units to influence the risk scores shown in reports. First, create a business unit that contains what you consider to be high-risk resources. Then, on the SettingsGeneral > Analytics page, indicate which business units to use when calculating risk scores, and specify the level of risk.

To define a business unit, click New, then:

  1. Enter a Name for this business unit.
  2. Enter a Description for this business unit.
  3. Use the Display drop-down list to select the item to add to the business unit. Options include:
    • Directory Entries
    • Custom Computers
    • Domains
    • Networks
    • Custom Users
    • Countries (web destinations only; specifies which countries can receive data via web posts)

      The selected entry appears in the Available List grouping at the bottom of the page.

    • Custom User Directory Groups
  4. If there are more directory entries than fit on 1 page, use the Find field to specify criteria by which to filter the display, then click Apply.
    • Use the from type drop-down list to select the type of directory entry to search: All, Computer, Group, User, or Organization Unit (OU).
    • Use the in drop-down list to indicate whether you want to search all directory servers or the selected directory server.
  5. Use the Available Directory entries list to select the resources to add to the business unit, then and click the right arrow (>).

    You can add an entire group, then use exclusions to remove people from the business unit.

    Selected directory entries appear in the Selected List.

Forcepoint DLP includes a predefined business unit called Excluded Resources. By default, it includes a list of SaaS domains, such as salesforce.com, that are typically excluded from web policies and rules.

  • You can add domains and other resources to the business unit or remove them by clicking the business unit name and editing it.
  • This business unit is automatically added to the destination exclude list for every new web policy or rule.
  • When you create a policy or rule, you can exclude all resources in the business unit, or add or remove resources from the exclude list as needed.