Introduction

This document describes the procedure to integrate the Forcepoint ONE and Forcepoint Security Manager (FSM) solutions so that Forcepoint ONE can enforce DLP policy and associated actions setup in the FSM for CASB channel in Forcepoint ONE.

The integration between Forcepoint ONE and Forcepoint DLP is achieved via multi-directional communication between the customer-deployed FSM server, the cloud-hosted Data Protection Service (DPS), and the Forcepoint ONE CASB cloud infrastructure.

  1. Policies are uploaded from the FSM to the cloud-hosted DPS.
  2. End-user transfers sensitive data from/to a cloud application that is under monitoring.
  3. This triggers the Forcepoint ONE CASB API/Proxy to send event details to the DPS for analysis.
  4. DPS returns the policy mitigation (for example: block or permit) post analysis.
  5. FSM downloads the incident and forensic information which can be viewed in the reporting section.

The FSM uses the following license modules that control the different interactions with sanctioned cloud applications.

  • DLP Cloud API: Leverages an API connection made to the supported cloud application. This option provides near real-time activity analysis after the operation occurs. Example of operation that are being monitored: file creation/modification, and sharing activities.
  • DLP Cloud Proxy: For cloud applications that connect to Forcepoint ONE CASB through a proxy connection, this option provides immediate action as the breach occurs on the cloud application activities. Operations that are being monitored include: File uploading and File downloading.