Topic 1: Forcepoint DLP Architecture
1. AP-DATA Product and Basic Deployment
- Forcepoint product overview
- What is DLP
- What is new in the 8.x versions
- Simple Forcepoint DLP deployments, network topology before and after
- Management consoles
- Forcepoint DLP key configurations
- Registering CG and Forcepoint Email Security
- ICAP-mode Protector
- Data security in cloud deployments
2. Forcepoint DLP Components, Transaction Processing
- Involved machines, OS, virtualization, processes
- Load Balancing and Policiy Engine Interface (PEI)
- Processing data transactions, Policy Engine (PE)
- Testing DLP channels
- CLI tools to extract plaintext and test policies
- Custom logic in rule conditions
- esting limits of file size, large ZIPs and timeouts.
Topic 2: DLP Policies
1. Custom and Predefined Classifiers
- Keyphrases and dictionaries
- Regular expressions
- File classifiers
- Script overview. “Supporting terms” near sensitive data; context analysis
- Credit cards: PCI audit rules, CCN classifiers, Luhn check, prefixes (BINs)
- Policy exceptions for custom LDAP groups, domains, etc.
- Cumulative rules (Drip DLP)
2. Fingerprinting and ML
- File fingerprinting; possibly with ignored sections
- Database fingerprinting
- Scheduling, exporting and synchronizing fingerprints
- Machine Learning
Topic 3: Endpoints; Discovery
1, Data Endpoint
- Data Endpoint Initial setup
- EP statuses and disabling them
- EP profiles, updates and incident reporting
- Endpoint support for browsers
- Endpoint support for email clients
- Hooking application OS calls
- Unhooking/excluding applications
- Encryption with User-Defined Key and Profile Key
- EP and printer drivers, screenshots, optical media, LAN control
2. Discovery Policies
- Custom and predefined discovery policies
- Scheduling file scans, incremental scanning
- Scheduling scans of SharePoint Online, Outlook PST, etc.
- Responding to discovery incidents
- Configuring file discovery on EP
- Incremental scans
- FPNE – fingerprint classifiers on EP
Topic 4: Incidents and Maintenance
1. Incidents and Reporting
- Incident manipulation: release, escalation, severity change, assignment, deletion
- Action plans and notifications
- Force-release feature
- Email-based workflow
- Create a Delegated Admin (DA) with limited permissions
- Incident reports – exporting from TRITON GUI or with a script
- Traffic and audit logs
2. Diagnostics, Backups, Upgrades
- Inspecting PEI and PE logs; issues with timeouts and load balancing
- Mega-breaches and performance
- Gathering diagnostics for issue escalation
- Archiving incident DB partitions and forensics
- Full backup and restore of a AP-DATA Forcepoint DLP configuration
- Semi-automatic failover
- Forcepoint DLP Manager and system module upgrades, backward compatibility
- Endpoint upgrades, backward and forward compatibility