What can I protect?

Forcepoint DLP can control or monitor the flow of data throughout an organization. Administrators can define:

  • Who can move and receive data
  • What data can and cannot be moved
  • Where the data can be sent
  • How the data can be sent
  • What action to take in case of a policy breach

Forcepoint DLP can be used with Forcepoint DLP Endpoint to secure all of the following (channels that require Forcepoint DLP Endpoint are marked with an asterisk [*]):

  • Network and endpoint email*- Monitor or prevent sensitive information from being emailed in or outside of a domain from both network and endpoint computers.
  • Mobile email- Define what content can and cannot be synchronized to mobile devices—such as phones and i-pads—from network email systems. This protects data in case an employee’s mobile devices is lost or stolen.
  • Web channels
    • FTP- Monitor or prevent sensitive information from being uploaded to file transfer protocol (FTP) sites.
    • Plain text- Monitor or prevent sensitive information from being sent via plain text (unformatted textual content).
    • HTTP/HTTPS- Monitor or prevent sensitive information from being posted to a website, blog, or forum via HTTP. SSL decryption is performed by the Web Content Gateway module.
    • Endpoint HTTP/HTTPS*- Monitor or protect endpoint devices such as laptops from posting data over the Web.
  • Endpoint applications*- Monitor or prevent sensitive data from being copied and pasted from one application to another on Windows endpoint clients. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.
  • Endpoint application file access monitoring*- Monitor applications such as IM, cloud storage, and FTP clients that access and share sensitive data.
  • Endpoint removable media*- Monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk.

    Forcepoint DLP Endpoint supports DLP analysis, encryption, and blocking for USB drives; it supports DLP analysis and blocking for native Windows CD/DVD writers. (Third-party CD/DVD authoring tools are not supported.)

  • Endpoint LANs*- Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.
    • Specify a list of IP addresses, hostnames or IP networks of computers that are allowed as a source or destination for LAN copy.
    • Intercept data copied from an endpoint client to a network share.
    • Set a different behavior according to the endpoint type (laptop/other) and location (connected/not connected to the corporate network).

      Note that Endpoint LAN control is currently applicable to Microsoft sharing only.

    • Endpoint printing* - Monitor or prevent sensitive data from being printed on local or network printers from endpoint client machines.

Comprehensive monitoring of these channels can prevent data from leaving an organization via the most common means.