Forcepoint Neo PlatformForcepoint Neo is a cloud-managed, highly efficient endpoint monitoring platform that runs on Windows and macOS.
Management portal Administrators monitor user activity on endpoint devices remotely through the Forcepoint Neo management portal. Analysts use the management portal to view investigation details.
User Activity Monitoring User activity monitoring solution designed to alert organizations of risky user behavior so they can protect data and reduce risks.
Help and support Access Forcepoint help and support services for assistance and troubleshooting.
Neo agent installation Following instructions detail the steps for installing Neo agent on the endpoints in your organization. Follow these steps only if you are a new user of Forcepoint Neo. If you are deploying both Forcepoint Neo and Forcepoint DLP, follow the installation steps for Risk-Adaptive DLP.
System requirements Before installing Neo, verify the system requirements for your endpoints.
Before you begin Before installing the Neo endpoint and setting up your Dynamic User Protection service, verify that the antivirus software allows Neo and that Neo can communicate with Amazon Web Services.
Download Neo agentThese instructions detail the steps for downloading Neo agent from the Neo cloud portal.
Install Neo agent: Windows (Manual)Install Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Uninstall Neo agent: Windows (Manual)Uninstall Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Install and uninstall Neo agent: Windows (Using MECM)Install Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Install and uninstall Neo agent: macOS (manual)Install Neo agent on macOS endpoints to get started analyzing your users with Forcepoint Neo.
Neo update If you have previously installed Neo on your endpoints, you can update to the latest version manually, automatically when a new version is available, or on demand to meet your schedule.
Updating Neo on your endpoints You can update your managed endpoints to the latest version of Neo either manually, automatically, or on demand. Each update method requires a specific version of Neo.
Update Neo manuallyManual updates for Neo allows your administrators to update specific managed endpoints on your schedule.
Over the air updatesThe Over the air updates settings on the Settings tab on the management portal allows administrators to choose whether to update to the latest Neo version or to update to a Neo specific version.
Using Neo with Forcepoint Cloud Security Gateway The Neo endpoint provides the capability to send data to Forcepoint Web Security Cloud for analysis through either a proxy connection or a direct connection.
About Neo for Forcepoint Cloud Security Gateway Neo offers the functionality of the classic Forcepoint F1E agents (Proxy Connect Endpoint and Direct Connect Endpoint) in one package starting in Neo 21.03 (Windows 10) and Neo 21.06 (macOS Big Sur 11). Neo can intelligently switch between the proxy connect and direct modes depending on network conditions and performance.
Migrating from classic Forcepoint F1E to Neo If you already deploy classic Proxy Connect Endpoint and Direct Connect Endpoint agents in your organization, you can migrate to Neo easily.
Downloading Neo agent Download Neo agent from the Forcepoint Cloud Security Gateway portal or Neo cloud portal, depending on your Forcepoint licenses.
Installing Neo agent using Forcepoint Cloud Security Gateway These instructions detail the steps for installing Neo agent on the endpoints in your organization. Follow these steps only if you are a new user of Forcepoint Neo.
Configuring the Neo connection mode in the Cloud Security Gateway portal Configure the Neo connection mode in the Cloud Security Gateway portal. There are three options: intelligent auto-switching, proxy connect, and direct connect.
Using Risk-Adaptive DLP Risk-Adaptive DLP ingests Forcepoint DLP data into Forcepoint Dynamic User Protection to perform user-centered modeling and analytics to profile user risk.
Overview of Risk-Adaptive DLP Risk-Adaptive DLP combines the on-premises Forcepoint DLP Endpoint for Forcepoint F1E and the cloud-based Neo endpoint to provide user activity information to both Forcepoint DLP (on-premises) and Forcepoint Dynamic User Protection (cloud).
Install Forcepoint DLP Endpoint and Neo on an endpointRisk-Adaptive DLP requires both Forcepoint DLP Endpoint and Neo. You can manually install them on your endpoints, or you can deploy them using a third-party deployment tool, such as GPO or MECM.
Enable Risk-Adaptive DLPRisk-Adaptive DLP must be enabled in Forcepoint Security Manager before user risk scores can be sent to Forcepoint DLP.
Configuring Forcepoint DLP policies by severity After Risk-Adaptive DLP is enabled, Forcepoint DLP policies and action plans can be configured based on Dynamic User Protection severity.
User risk scores in Forcepoint DLP incident reports After Risk-Adaptive DLP is enabled, user risk scores display in Forcepoint DLP incident reports for review and analysis.
SAML SSO ConfigurationNeo cloud portal supporting login via SAML identity providers. This helps the user to login to the Neo cloud portal using SSO. It improves the Neo cloud portal user access experience and eases cross-platform login.
Configuring Neo cloud portal with Okta Complete the following steps to configure Okta as a SAML identity provider for Neo cloud portal SSO authentication. This will ensure visibility and access control of the Neo cloud portal via Okta.
Configuring Neo cloud portal with AzureComplete the following steps to configure Azure as a SAML identity provider for Neo cloud portal SSO authentication. This will ensure visibility and access control of the Neo cloud portal via Azure.
Configuring Neo cloud portal with Amazon S3 bucketComplete the following steps to configure the Neo cloud portal with the Amazon S3 bucket. This allows replicating the objects like Alerts, Events, or Audit logs from the Neo cloud portal to the Amazon S3 buckets.
Sign in to the management portal Signing in to the Forcepoint Neo portal with multi-factor authentication ensures that your account remains secure.
Enable multi-factor authenticationWhen you first sign in, you will be prompted to select an authentication method.
Change passwordYou can change your password at any time when signed in to Dynamic User Protection.
Sign-in using SAML identity providersNeo cloud portal supports login via SAML identity providers like Okta and Azure. This helps to improve the Neo cloud portal user access experience and eases the cross-platform login.
Dashboards The Dashboards provide overview on user, endpoint and devices activity.
UsersUse the Users dashboard to gain a high-level view of user activities in your organization.
EndpointsUse the Endpoints dashboard to gain a high-level view on the status of Neo endpoints in your organization.
Investigation Investigation displays a list of all your end-users, allowing you to view and filter all their activities at a glance or to drill down for further information.
Users In the Users panel, you can view per user details on risk level, most recent activity, alerts, and also other details.
Alerts Alerts tab displays detailed information on alerts recorded in the organization.
DevicesDevices investigation provides advanced tool to search, analyze, and obtain the device usage insights based on the correlation of users and endpoints.
Active Directory attributesNeo retrieves attributes from Active Directory to report user information to Dynamic User Protection. The following table displays the Active Directory attributes used in Dynamic User Protection. This information displays on the Overview panel.
Endpoint management The Endpoint management dashboard is used to view and manage your endpoints.
Endpoint details All of your endpoints display under Devices. When you click on a device from the list or from the Investigation dashboard, the Details panel displays with additional system information and functionality for the selected device.
Neo agent status The Endpoint management dashboard and Details panel display the status of Neo for each endpoint.
Remove an endpointDevices can be removed from your organization using the Endpoint management dashboard.
Device control Forcepoint Neo device control is a measure of protection that restricts user access to removable storage devices.
User activity monitoring Using the User activity monitoring tab, administrators can customize the IOBs (modify the IoB predefined severity and exclude or include certain users and groups).
Resources Browse users and groups that are available to Neo cloud portal or import them from the file.
Settings The Settings dashboard provides access to user configuration for your organization. Administrators can use this dashboard to set up accounts and view tenant information. Analysts do not have access to this dashboard.
Users Two types of users have access to the Dynamic User Protection management portal: administrators and analysts.
Neo endpoint The Forcepoint Neo endpoint settings tab provides options for better management and troubleshooting of the endpoints to administrators. Administrators can now control Forcepoint Neo endpoint operational mode from the Cloud Portal, for advance troubleshooting and compatibility with 3rd party applications.
Advanced The Advanced tab allows the administrators to integrate with Amazon Replication Service and External Identity Providers.
Export data from Forcepoint Neo portalGenerate PDF or CSV reports on users, devices, alerts, and endpoints.
Neo release code Enhanced protection for Forcepoint Neo endpoints using a release code.
Product updates Details of new and updated features, as well as known and resolved issues for Dynamic User Protection.
What's new? New features and product updates added in this release.
Known and resolved issues Refer to the Forcepoint Knowledge Base for details of current known issues and former issues that have been resolved.