Configure DLP

DLP is a data loss prevention capability that allows for pattern matching (via regular expressions and keywords) against data as it is either being downloaded, uploaded, or scanned via API at rest.

DLP Pattern objects allow you to set the criteria match for protecting and controlling sensitive data. Forcepoint ONE SSE provides an extensive library of DLP patterns to allow customers to maintain compliance with legislative or company requirements (for example, HIPAA, SOX, PCI, and so on).

The DLP Objects page located under Protect > Objects is where you can define DLP objects that will be used on the policies page for controlling and performing actions in protected applications. The DLP Objects page is made up of predefined patterns and custom patterns that you created or imported from the Library page. For some of the predefined patterns, such as:

  • ATP - You should purchase the subscription for any of the supported Advanced Threat Protection (ATP) options to be able to implement into your application policies.
  • Forcepoint DLP - You should purchase the subscription for Forcepoint DLP to enforce DLP policy and associated actions setup in the Forcepoint Security Manager (FSM) for CASB and SWG channels in Forcepoint ONE SSE.


On the DLP Objects page, you can filter data patterns by column name(s). You can also sort the data patterns by clicking on the Data Patterns and Type.



Forcepoint ONE SSE allows you to create your own DLP patterns based on a number of different types:

  • Simple: Allows for simple keyword matches and/or regular expressions. The most commonly used data pattern type.
  • Advanced: Allows for more complex patterns doing combinations of other patterns or variable patterns based on Boolean logic.
  • Exact Match: Allows for the creation of a data pattern based on an exact data set in order to identify specific exact data (such as a particular person's personal information).

In addition, Forcepoint ONE SSE also supports a number of File-Based pattern types:

  • File Fingerprinting: Can create a "fingerprint" of example file(s) in order to identify a percentage based match (look for other files that look like this example file, must match at least 70%).
  • File Mime Type: Base a pattern on the format/nature of the file (identifying and blocking PDF type documents).
  • File Size: Allows customers to apply a data pattern based on the size of the file (block all downloads if they are larger than 50mb).
  • File Metadata: Can specify the exact metadata to check and what value you wish to match on. This can be any of the inherent metadata of the file such as the file name, product version, exact size, etc.
    Note: File Mime Type and File Size data patterns are only supported for API scanning.