On-prem DLP Integration

Forcepoint RBI can be integrated with Data Loss Prevention (DLP), so that the DLP policies are applied to RBI isolated sessions to prevent data loss.

Note:
  1. RBI only supports analysis of files uploaded in isolated sessions as per the file size limit supported by DLP. For more information on DLP file size limit, refer to the Forcepoint DLP Supported File Formats and Size Limits documentation.
  2. In case the error message that states "Your request has been blocked to prevent the loss or theft of potentially sensitive data. Please refresh, if the page is unresponsive" is displayed persistently. Please ensure to remove any restricted data that is shared in the current window.
The integration of Forcepoint RBI with DLP is done by using the ICAPS protocol for Cloud Forcepoint RBI.
Note:
  1. Forcepoint RBI is the ICAPS client and DLP Protector is the ICAPS server.
  2. The source (username or endpoint name), destination URL, and File or POST data of the RBI isolated sessions are sent to DLP. The response from DLP contains the Web policy decision.
  3. Forcepoint Security Manager is used to create user-level policies for DLP. The Username field has restriction that, it must contain only numbers and letters. RBI local username is an email address. Hence, if RBI authentication is used for DLP integration, the user-level policy cannot be applied.
Before you integrate DLP with Forcepoint RBI, make sure that the following requirements are met:
  • The DLP Protector component is configured.
    Note: The DLP-Protector/ICAPS server is exposed over public IP Address and is accessible to RBI RBC cluster for port 11344. A secure tunnel is configured using stunnel for Forcepoint DLP Protector ICAP communication. For more information, see Knowledge Base article 36918 .
  • The SSL decryption bypass for the RBI domain is configured in WCG. For example, *rbi.forcepoint.net.
Note: Forcepoint Cloud RBI is configured to redirect all file uploads and HTTP posts to the DLP Protector via ICAPS protocol for evaluating against DLP policies.

DLP evaluates the RBI session HTTP post/file uploads requests against the DLP Web policy. After the evaluation is completed, DLP responds with the appropriate Block/Allow action as defined in the DLP policy.

If the RBI receives the response from the DLP to block the HTTP post/file uploads, RBI will block the file HTTP post/file upload from completing and display an information banner to the end user.