What's new in Forcepoint DSPM 4.1
This section lists the new features and enhancements for the Forcepoint DSPM solution included in the current release.
Posted on July 07, 2026
Release Summary
Forcepoint DSPM is undergoing a focused evolution across the past few releases — from a foundational scanning architecture toward a fully unified, self-service-driven data security platform. DSPM 4.0 delivered high-throughput classification out of the box by combining DLP classifiers with the AI Mesh engine.
DSPM 4.1 takes the next meaningful step toward operational self-sufficiency, introducing self-service taxonomy label customization — giving organizations direct control over how their data is classified — alongside key reliability improvements: proactive disk back-pressure notifications, Admin Audit Logging for compliance-driven governance visibility, and Scan Status enhancements. The below sections describe the new features and enhancements delivered in DSPM 4.1.
Admin Audit Logging Enhancement
DSPM 4.1 now includes comprehensive Admin Audit Logging capabilities, a critical feature for organizations implementing DSPM with strict compliance and governance requirements. This enhancement addresses the audit trail and forensic investigation needs identified by enterprise customers across banking, financial services, and government sectors.
- Who performed the action (user email/ID).
- What was changed (module, functionality, and specific values).
- When the change occurred (date and timestamp).
- How the value changed (before/after state with complete change lineage).
Tag Alias Support
DSPM 4.1 now supports tag aliases for data source taxonomy definitions. This feature enables administrators to display user-friendly alternative names for out-of-the-box (OOTB) taxonomy tags, reducing confusion and improving the user experience.
Key Features
- Files classified after feature release display defined tag aliases in relevant fields.
- Files classified before this release continue to display tag names.
- Administrators see tag aliases in pattern creation and manual classification dropdowns.
- Tag name is shown as fallback when alias is not defined.
- Field names and columns remain unchanged.
- GQL queries and basic filtering continue to work by tag name.
- Fully backward compatible - existing integrations and APIs unaffected.
Scan Status Tracking Improvements
Enhanced scan status tracking provides real-time visibility into classification stage progress. Users now have accurate, up-to-date information about scan classification status across scan configurations, preventing confusion and accidental duplicate scans.
- Classification Stage Status Visibility.
- Improved Status Display: Scan configuration status now accurately reflects classification stage progress.
- Duplicate Scan Prevention.
- Smart Alerting: Users receive a clear alert when attempting to start a new scan for a configuration that has associated scans still in classification progress.
For more information, refer to the Scanning Data Sources section.
Securing Exchange On-Premises Through Data Discovery, Classification and Response
DSPM 4.1 now delivers an integrated sensitive data discovery, classification, and response workflow for Exchange On-Premises environments. This initiative addresses critical compliance and security challenges by enabling organizations to rapidly discover sensitive data, automatically classify it with high accuracy, and execute coordinated response actions.
- Faster Compliance: Reduce time-to-remediation from weeks to hours.
- Risk Visibility: Executive dashboards for sensitive data inventory and exposure.
- Scalability: Automated workflows eliminate manual classification bottlenecks.
- Regulatory Confidence: Complete audit trails for GDPR, CCPA, HIPAA, and internal compliance requirements
For more information, refer to the Exchange On-Premise section.
Introducing Synergy Light: A Deployment Option for FDC-Only Customers
This release introduces synergy light, a new lightweight Synergy deployment option built for FDC-only (Forcepoint Data Classification) customers who do not need the full AI mesh classifier stack. Synergy light runs only the DLP classifier engine, following the same pattern as the existing dspmlight deployment, and is delivered as a dedicated product code rather than a label to ensure full feature-flag compatibility.
Synergy light, provides a stripped-down Synergy deployment that removes the AI mesh classifiers to reduce the overall resource footprint. Using a dedicated product code (instead of a label) ensures clean feature-flag handling and deployment consistency.
- Lightweight Synergy deployment reduces resource consumption by removing AI mesh classifiers.
- DLP policy-based content classification for endpoint agents connecting to a synergy light cluster.
- End-to-end file classification through the DLP engine, with policy group batching to support large policy sets.
- Clear sizing guidance for on-premises synergy light deployments across relevant license configurations.
- Lower infrastructure cost and footprint for customers who only require DLP classification.
- Faster, simpler deployments tailored to FDC-only use cases.
- Consistent classification behaviour aligned with the established dspmlight pattern.
Teradata Structured Data Connector
DSPM 4.1 now includes native support for Teradata, a widely used enterprise data warehouse platform. This new structured data connector enables organizations to discover, catalog, and classify sensitive data stored in Teradata databases as part of their comprehensive data security and compliance programs.
- Seamless Teradata Integration
- Comprehensive Metadata Discovery
- Data Classification and Governance
- Minimal Database Permissions
- Reliability and Performance
For more information, refer to the Teradata section.
Oracle Exadata Support for Structured Data Discovery
The Oracle structured data connector now works with Oracle Exadata environments. Rather than introducing a separate connector, Exadata support is built into the existing Oracle connector, so there's no new setup process to learn. To accommodate the Wallet-based (mTLS) authentication typically used in Exadata deployments, a new Oracle Wallet authentication toggle has been added to the credentials configuration.
For more information, refer to the Oracle section.
SAP ASE Structured Connector
Forcepoint DSPM now includes support for SAP ASE (Adaptive Server Enterprise),formerly Sybase ASE as a scannable data source, extending the same level of discovery, classification, and risk analysis that are already provided for other supported databases. With the SAP ASE connector, Forcepoint DSPM can discover, classify, and monitor sensitive data stored in SAP ASE databases.
For more information, refer to the SAP ASE section.
Smarter Disk Space Protection with Monitoring, Alerts, and Automatic Safeguards
Disk Space Monitoring and Alerts
Forcepoint DSPM keeps a constant watch on available disk space. Whenever free space falls below a set threshold, administrators get an in-product notification urging them to act right away. Should disk space run out entirely, select product features are paused temporarily until enough space becomes available again.
Disk-Pressure Circuit Breaker
DSPM now guards against disk-exhaustion failures through a platform-wide disk-pressure circuit breaker. Once storage usage exceeds a configurable threshold, the system automatically halts new and deferrable tasks to keep the platform stable, observable, and recoverable — rather than continuing to take on work until the disk fills up and the cluster fails.
- Eliminate surprise outages — the platform self-protects instead of crashing when the disk is full and stays responsive and readable.
- Self-service recovery — cancel scans or delete old configurations to free space without contacting support.
- Less downtime and disruption — proactive protection means fewer incidents, faster mean-time-to-recovery, and a lighter support burden.
For more information, refer to the Problems due to inadequate resources section.
Database Scan Performance and Scale
- Scan much larger databases: DSPM can now scan databases with up to 4 million columns, 200,000 tables, and 10,000 users in a single pass — handling enterprise-scale data sources that previously couldn't be processed, with no additional infrastructure required.
- Faster, more reliable scans: Improved data streaming and processing deliver more stable, memory-efficient scans, so large scans complete reliably without interruption.
- Broader connector improvements: Faster column scanning and improved error recovery for Databricks and Snowflake, so a single timeout no longer interrupts an entire scan.
- Greater accuracy: More accurate user and permission reporting, including fixes for missing table permissions on Oracle, DB2, and Microsoft SQL Server, and more consistent results across connectors.