Data Protection tab

Click the Data Protection tab in the policy to configure options for handling potential data issues using Data Protection Service (DPS).

This tab is available when adding a policy if Use Data Protection Service is selected on the Web > Settings > Data Protection Settings page.

Note: Data Protection Service integration requires an additional license. If you would like further information on integrating with Data Protection Service, please contact your account manager.

To enable this tab for an existing policy, navigate to Web > Settings > Data Protection Settings and use the table at the bottom to reset the data security selection for the policy. See Data Protection Settingsfor details.

When Data Protection Service is enabled, the cloud proxy sends user requests that may include sensitive data or files being posted to HTTP, HTTPS, and FTP sites to Data Protection Service for inspection. Sensitive data may include intellectual property, data that is protected by national legislation or industry regulation, and data suspected to be stolen by malware or malicious activities. Such requests are then blocked or allowed based on information provided to the cloud service by DPS, using the policies defined in the on-premises Forcepoint DLP product.

Important: Data Protection is not compatible with the I Series appliance.

On the Data Protection tab:

  1. When you are ready for DPS to be used for data security, toggle the Enable Data Protection Service to ON.

    Until that switch has been turned on and the change saved, data security is not monitored for the policy.

  2. The default selections for DPS timeout value and DPS fallback behavior are based on the same options on the Web > Settings > Data Protection Settings page. Edit them as necessary for this policy.

    See Data Protection Settings for more information.

  3. Click Save.
Important: The same user information must exist in both Forcepoint Web Security Cloud and Forcepoint DLP in order for user requests to be accurately inspected by Forcepoint DLP.

Users blocked for data security incidents receive a special block page. The block page can be configured by doing one of the following:

  • Click the Data Protection block page link at the top of the Data Protection tab in a policy.
  • Go to the Web > Policy Management > Block & Notification Pages page, expand the General section, and then select Data Protection.
Note: Requests that include files that exceed 10Mb in size are not forwarded to Data Protection Service. These requests are allowed and no log record is generated.