Forcepoint Neo Platform
Forcepoint Neo is a cloud-managed, highly efficient endpoint monitoring platform that runs on Windows and macOS.
Management portal
Administrators monitor user activity on endpoint devices remotely through the Forcepoint Neo management portal. Analysts use the management portal to view investigation details.
User Activity Monitoring
User activity monitoring solution designed to alert organizations of risky user behavior so they can protect data and reduce risks.
Help and support
Access Forcepoint help and support services for assistance and troubleshooting.
Neo agent installation
Following instructions detail the steps for installing Neo agent on the endpoints in your organization. Follow these steps only if you are a new user of Forcepoint Neo. If you are deploying both Forcepoint Neo and Forcepoint DLP, follow the installation steps for Risk-Adaptive DLP.
System requirements
Before installing Neo, verify the system requirements for your endpoints.
Before you begin
Before installing the Neo endpoint and setting up your Dynamic User Protection service, verify that the antivirus software allows Neo and that Neo can communicate with Amazon Web Services.
Download Neo agent
These instructions detail the steps for downloading Neo agent from the Neo cloud portal.
Install Neo agent: Windows (Manual)
Install Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Uninstall Neo agent: Windows (Manual)
Uninstall Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Install and uninstall Neo agent: Windows (Using MECM)
Install Neo agent on Windows endpoints. Forcepoint Neo is a cloud-managed endpoint that runs on both Windows and Mac.
Install and uninstall Neo agent: macOS (manual)
Install Neo agent on macOS endpoints to get started analyzing your users with Forcepoint Neo.
Install and uninstall Neo agent: macOS (Using JAMF)
Install Neo agent on macOS endpoint using jamf.
Neo update
If you have previously installed Neo on your endpoints, you can update to the latest version manually, automatically when a new version is available, or on demand to meet your schedule.
Updating Neo on your endpoints
You can update your managed endpoints to the latest version of Neo either manually, automatically, or on demand. Each update method requires a specific version of Neo.
Update Neo manually
Manual updates for Neo allows your administrators to update specific managed endpoints on your schedule.
Over the air updates
The Over the air updates settings on the Settings tab on the management portal allows administrators to choose whether to update to the latest Neo version or to update to a Neo specific version.
Using Neo with Forcepoint Cloud Security Gateway
The Neo endpoint provides the capability to send data to Forcepoint Web Security Cloud for analysis through either a proxy connection or a direct connection.
About Neo for Forcepoint Cloud Security Gateway
Neo offers the functionality of the classic Forcepoint F1E agents (Proxy Connect Endpoint and Direct Connect Endpoint) in one package starting in Neo 21.03 (Windows 10) and Neo 21.06 (macOS Big Sur 11). Neo can intelligently switch between the proxy connect and direct modes depending on network conditions and performance.
Migrating from classic Forcepoint F1E to Neo
If you already deploy classic Proxy Connect Endpoint and Direct Connect Endpoint agents in your organization, you can migrate to Neo easily.
Downloading Neo agent
Download Neo agent from the Forcepoint Cloud Security Gateway portal or Neo cloud portal, depending on your Forcepoint licenses.
Installing Neo agent using Forcepoint Cloud Security Gateway
These instructions detail the steps for installing Neo agent on the endpoints in your organization. Follow these steps only if you are a new user of Forcepoint Neo.
Configuring the Neo connection mode in the Cloud Security Gateway portal
Configure the Neo connection mode in the Cloud Security Gateway portal. There are three options: intelligent auto-switching, proxy connect, and direct connect.
Forcepoint Neo Web operating mode
Using Risk-Adaptive DLP
Risk-Adaptive DLP ingests Forcepoint DLP data into Forcepoint Dynamic User Protection to perform user-centered modeling and analytics to profile user risk.
Overview of Risk-Adaptive DLP
Risk-Adaptive DLP combines the on-premises Forcepoint DLP Endpoint for Forcepoint F1E and the cloud-based Neo endpoint to provide user activity information to both Forcepoint DLP (on-premises) and Forcepoint Dynamic User Protection (cloud).
Install Forcepoint DLP Endpoint and Neo on an endpoint
Risk-Adaptive DLP requires both Forcepoint DLP Endpoint and Neo. You can manually install them on your endpoints, or you can deploy them using a third-party deployment tool, such as GPO or MECM.
Enable Risk-Adaptive DLP
Risk-Adaptive DLP must be enabled in Forcepoint Security Manager before user risk scores can be sent to Forcepoint DLP.
Configuring Forcepoint DLP policies by severity
After Risk-Adaptive DLP is enabled, Forcepoint DLP policies and action plans can be configured based on Dynamic User Protection severity.
User risk scores in Forcepoint DLP incident reports
After Risk-Adaptive DLP is enabled, user risk scores display in Forcepoint DLP incident reports for review and analysis.
SAML SSO Configuration
Neo cloud portal supporting login via SAML identity providers. This helps the user to login to the Neo cloud portal using SSO. It improves the Neo cloud portal user access experience and eases cross-platform login.
Configuring Neo cloud portal with Okta
Complete the following steps to configure Okta as a SAML identity provider for Neo cloud portal SSO authentication. This will ensure visibility and access control of the Neo cloud portal via Okta.
Configuring Neo cloud portal with Azure
Complete the following steps to configure Azure as a SAML identity provider for Neo cloud portal SSO authentication. This will ensure visibility and access control of the Neo cloud portal via Azure.
Configuring Neo cloud portal with Amazon S3 bucket
Complete the following steps to configure the Neo cloud portal with the Amazon S3 bucket. This allows replicating the objects like Alerts, Events, or Audit logs from the Neo cloud portal to the Amazon S3 buckets.
Sign in to the management portal
Signing in to the Forcepoint Neo portal with multi-factor authentication ensures that your account remains secure.
Enable multi-factor authentication
When you first sign in, you will be prompted to select an authentication method.
Change password
You can change your password at any time when signed in to Dynamic User Protection.
Sign-in using SAML identity providers
Neo cloud portal supports login via SAML identity providers like Okta and Azure. This helps to improve the Neo cloud portal user access experience and eases the cross-platform login.
Dashboards
The Dashboards provide overview on user, endpoint and devices activity.
Users
Use the Users dashboard to gain a high-level view of user activities in your organization.
Endpoints
Use the Endpoints dashboard to gain a high-level view on the status of Neo endpoints in your organization.
Devices
Investigation
Investigation displays a list of all your end-users, allowing you to view and filter all their activities at a glance or to drill down for further information.
Users
In the Users panel, you can view per user details on risk level, most recent activity, alerts, and also other details.
Alerts
Alerts tab displays detailed information on alerts recorded in the organization.
Devices
Devices investigation provides advanced tool to search, analyze, and obtain the device usage insights based on the correlation of users and endpoints.​
Active Directory attributes
Neo retrieves attributes from Active Directory to report user information to Dynamic User Protection. The following table displays the Active Directory attributes used in Dynamic User Protection. This information displays on the Overview panel.
Endpoint management
The Endpoint management dashboard is used to view and manage your endpoints.
Endpoint details
All of your endpoints display under Devices. When you click on a device from the list or from the Investigation dashboard, the Details panel displays with additional system information and functionality for the selected device.
Neo agent status
The Endpoint management dashboard and Details panel display the status of Neo for each endpoint.
Remove an endpoint
Devices can be removed from your organization using the Endpoint management dashboard.
Device control
Forcepoint Neo device control is a measure of protection that restricts user access to removable storage devices.
User activity monitoring
Using the User activity monitoring tab, administrators can customize the IOBs (modify the IoB predefined severity and exclude or include certain users and groups).
Resources
Browse users and groups that are available to Neo cloud portal or import them from the file.
Settings
The Settings dashboard provides access to user configuration for your organization. Administrators can use this dashboard to set up accounts and view tenant information. Analysts do not have access to this dashboard.
Users
Two types of users have access to the Dynamic User Protection management portal: administrators and analysts.
Neo endpoint
The Forcepoint Neo endpoint settings tab provides options for better management and troubleshooting of the endpoints to administrators. Administrators can now control Forcepoint Neo endpoint operational mode from the Cloud Portal, for advance troubleshooting and compatibility with 3rd party applications.​
Audit log
Advanced
The Advanced tab allows the administrators to integrate with Amazon Replication Service and External Identity Providers.
Export data from Forcepoint Neo portal
Generate PDF or CSV reports on users, devices, alerts, and endpoints.
Neo release code
Enhanced protection for Forcepoint Neo endpoints using a release code.
Product updates
Details of new and updated features, as well as known and resolved issues for Dynamic User Protection.
What's new?
New features and product updates added in this release.
Previous updates
Known and resolved issues
Refer to the Forcepoint Knowledge Base for details of current known issues and former issues that have been resolved.