Lineage

Data Lineage empowers organizations with real-time visibility, advanced threat detection, and comprehensive forensic capabilities, ensuring sensitive data remains secure and traceable.

Data Lineage provides a comprehensive view of a file's lifecycle, tracking its origin, movement, transformation, and usage. This enhances security, compliance, and forensic investigations by offering end-to-end visibility into data activities. Traditional data monitoring provides static snapshots, which quickly become outdated, especially for large data sets. Real-time lineage addresses this by:
  • Reducing Dependency on Rescans: Once streaming is enabled, changes are captured instantly.
  • Improving Visibility: Organizations can see data movements in near real-time.
  • Enabling Faster Incident Response: Security teams can quickly assess and respond to threats.

Use Cases

Data Lineage was developed to enable forensic investigations, ensuring organizations can:
  • Investigate Incidents: Identify the root cause of security incidents, such as data breaches or unauthorized sharing.
  • Enhance Compliance: Maintain audit trails for regulatory requirements.
  • Support Risk Mitigation: Quickly respond to suspicious activities and apply appropriate remediation actions.

Pre-Requisites to See Lineage

  • Connection to Each Data Source: Ensure that each Data Source to be monitored has been configured in Forcepoint DSPM.
  • Enabling Streaming: Activate real-time event streaming for each connector.

List of Events Supported by Each Data Source

Common Events
  • Create
  • Modify
  • Delete
Extended Events (via Audit Logs)
  • Change Permissions
  • Share
  • Move
  • Copy
  • Rename
  • Upload
  • Download
Data Source Specifics
  • Google Drive: Audit log events available.
  • Azure (SharePoint Online, OneDrive, Blob, Files): Audit log events supported.
  • Box & Confluence: Extended events available in regular logs.
  • AWS S3, SMB, Dropbox: Limited to Create, Modify, and Delete.

Use Cases for Lineage

Lineage supports forensic investigations, such as:
  • External Sharing Investigation: When a file is shared externally, security analysts can trace its history to determine if the action was intentional or accidental.
  • Suspicious Activity Investigation: If a user accesses and downloads sensitive information after a password reset, lineage provides detailed insights.
  • Incident Response: Analysts can determine what actions to take, such as revoking access, quarantining files, or addressing user behavior