Configuring Advanced Threat Protection

Forcepoint ONE SSE provides Advanced Threat Protection (ATP) via partnerships with Crowdstrike and Bitdefender.

Once any of these ATP options have been purchased, you will be able to implement threat protection into your application policies (protecting against both known and unknown malware). Options will appear as predefined data pattern objects that can be used in any of your application policies. You can access these data patterns on the Protect > Objects > DLP Objects page.

In Forcepoint ONE SSE, Crowdstrike is named as Malware-Crowdstrike and Bitdefender is named as Malware-Bitdefender.

Note: Even if you have not purchased ATP, Forcepoint ONE SSE will still provide alerts in your logs if our ATP engine identifies malicious files during proxy or API scans (seen as a Bitglass-Malware-Suspect in the log lines). Files identified as malicious will not be scanned for DLP pattern matching.