How the Forcepoint Web Security DLP Module works

When the DLP Module is enabled:

1. Content Gateway intercepts outbound content and provides that content to Forcepoint DLP.
2. Forcepoint DLP analyzes the content to determine if the web posting or FTP upload is allowed or blocked, based on the Web DLP policy.
   • Transactions over HTTP, HTTPS, FTP, and FTP over HTTP can be examined.
   • The disposition is communicated to the proxy.
   • Forcepoint DLP logs the transaction.
3. The proxy acts on the Forcepoint DLP determination.
   • If the content is blocked, it is not transmitted to the remote host and Forcepoint DLP returns a block page to the sender.
   • If the content is allowed, it is forwarded to its destination.
     Note:

     When a request is blocked and the DLP server sends a block page in response:

     • Content Gateway forwards the block page to the sender in a 403 Forbidden message.
     • The block page must be larger than 512 bytes or some browsers will substitute a generic error message.

In addition to applying Web DLP policies, the DLP Module can be used to enable data theft analysis for outbound traffic. Configure outbound security options in the Web Security module of the Forcepoint Security Manager on the Scanning > Scanning Options page.