Documentation | Support

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Glossary
Glossary
 
A
Analysis
The process that the Forcepoint DLP system uses to examine data to determine whether it contains protected content.
Assigned/Unassigned Incident
Incidents can be tracked through the system by administrators. To give a single administrator the responsibility to handle the incident, you can assign the incident to that administrator. Incidents that can be handled by any administrator are considered unassigned.
Authorization
The instruction to override security policy and send blocked email to the intended recipient. This can be performed by a security officer or by a content owner.
Authorization Code
The Forcepoint DLP-generated code in a Block email notification. When a reply is sent to the Block notification, the Authorization Code releases the blocked transmission.
Authorized Recipient
A user who is allowed to receive protected content.
B
Blocking
The prevention of data containing protected information from being sent to an unauthorized recipient.
C
Classifier
A description of the content being monitored or protected. Classifiers include characteristics like dictionary terms, file fingerprints, or patterns. The system compares data to classifiers and triggers an incident when it finds a match.
Content Group
An empty shell to which you later assign directories containing classified information of a certain type. Each directory within a Content Group can be assigned a security level that restricts its contents to users with matching or higher security levels.
Content Owner
A Content Owner can define and modify a file's distribution security policy. Content Owners can override security policy and authorize the distribution of a blocked transmission to the intended recipient.
Crawler
The Crawler is the agent that scans your documents looking for sensitive data. You can have several in your network if you are managing many documents.
Cumulative Rule
Accumulates matches to violations over time and creates an incident when a threshold is met (drip DLP). In contrast, a standard rule creates an incident each time its conditions are matched.
D
Database
A Forcepoint DLP component that stores the system configuration, settings, and roles that determine the behavior of the application; it also stores information about traffic transmitted through the system.
E
Event
An event is any transaction that traverses the Forcepoint DLP system. Not all events are stopped by the Forcepoint DLP sniffer and queued for analysis—for that to happen, something has to look suspicious, meaning that something in the event seems to match with a Policy rule.
*
Unmatched events are events that pass through the system transparently, because they raise no suspicion.
*
Policy matches are events that are analyzed as they traverse the system, because something in the transaction is suspicious according to the policies. Policy matches are then either deemed authorized incidents—events that seemed to match a policy but are in fact allowed—or incidents, which are policy violations.
External User
A user who is outside the organization or domain.
F
File System Directories
Registered directories on the corporate file server that contain files with classified content.
File Fingerprinter
A Forcepoint DLP component that scans specified folders and submits files for fingerprinting to the Forcepoint DLP DMS API.
File Fingerprints
Information that is protected by Forcepoint DLP. The information will be recognized even after the original file has been deleted from the corporate file server.
File Type
A data format, such as .doc, .pdf, or .xls.
Fingerprint Server
A Forcepoint DLP component that analyzes corporate file directories at predefined intervals and fingerprints files.
Forcepoint DLP Administrator
A user who manages and maintains the Forcepoint DLP system.
Forcepoint DLP Server
The server that controls all aspects of the Forcepoint DLP software.
Forcepoint Security Manager
A central management console that provides access to Forcepoint DLP, Forcepoint Email Security, and Forcepoint Web Security. A system administrator can define and monitor the distribution of security policies, and view reports for all 3 modules from one location.
Forensics Repository
The forensics repository contains complete information about your original transactions. In SMTP, for instance, it stores the original email message that was sent. For other channels, the system translates transactions into EML.
To configure the forensics repository, select it on the System Modules screen.
I
Ignored Incident
Incidents that are set as Ignored Incidents. Often files that are determined not to be violations or incidents (files or attachments) that are not malicious, can be set to be ignored. These incidents can then be filtered in or out using the main and quick filters.
Often, it is useful to set an incident as "ignored" when an incident was determined not to be a violation, (it looks like a violation but is not). Understanding ignored incidents can assist you in fine-tuning your policies to avoid blocking traffic unnecessarily. By default, the data presented in the Forcepoint Security Manager does not include incidents marked as ignored. Refer to "Filtering Incidents" to modify this setting.
Incident
An incident is a transaction or set of transactions that violate a policy. Depending on how you configure a rule, incidents can be created for every policy breach, or for matches that occur within a defined period.
Assigned/Unassigned Incident: Incidents can be tracked through the system by administrators. To give a single administrator the responsibility to handle the incident, assign the incident to a single administrator. Unassigned Incidents are those that have not been assigned and can therefore be handled by any administrator who has access to the incident.
Incident Database
The incident database saves basic information about incidents plus additional information that helps you analyze the data, such as: source, destination, the resolved source/destination hostname, breach information, analyzed by, detected by, and assigned to.
The incident database is part of the main Oracle management database.
Information Lifecycle
The changes (over time) to the importance level of information, from its most sensitive level at creation to its general distribution.
L
LDAP
Lightweight Directory Access Protocol is the protocol standard over TCP/IP that is used by email clients to look up contact information. Forcepoint DLP uses LDAP to automatically add users and groups to the Forcepoint DLP database.
M
Management Server
The management server includes all core Forcepoint DLP technology, including fingerprinting servers, policy servers, and patented data loss prevention technology.
MAPI
The protocol that sends email to recipients inside an organization/domain.
Matching Keyword
A predefined text string that must be protected; its presence in a document indicates that the document contains confidential information.
N
Notification
An email alert sent to the Security Officers and Content Owners, indicating that the information was addressed to an unauthorized recipient.
O
Owner
See Content Owner.
P
Permissions
Permissions define what a user is authorized to perform within the Forcepoint DLP structure.
Policy
The system can be set to include multiple policies. A policy is a list of criteria to be searched for over your channels. These criteria are set with a certain rule which defines what the system does when it comes across a transmission that meets the designated criteria.
Policy Category
Forcepoint DLP can be set to include multiple policies. These policies are grouped together to create policy categories.
Policy Category Group
Multiple policy categories can be grouped together to form policy category groups. These groups are then assigned to specific administrators for incident management and monitoring purposes. Often a policy category group reflects the corporate department associated with these events, such as Finance or Marketing. For example, the policy categories Intellectual Property, Malicious Concealment, and Source Code may be combined to form a policy category group called Technology. This group can then be assigned to administrators who are the VP of R&D and the CTO. These individuals would then be notified of violations of these policies and would be able to handle and track these incidents.
R
Registering
The process of identifying a unique set of characteristics for a document's contents. Forcepoint DLP uses registering to uniquely identify classified content.
Roles
Security profiles that can be applied to several users without having to define security details for each user.
Rule
Provides the logic for a policy. Rules are made up of conditions that govern the behavior of a policy, determining when, for example, to block or audit an action, or send a notification.
S
Security Level
A label, such as Top Secret, that represents a degree of confidentiality. Both users and classified content are assigned Security Levels. Users with a specific Security Level can only receive information classified with the same or lower Security Level.
Security Officer
A user who defines Forcepoint DLP security policies, and monitors security policy distribution within the organization. The Security Officer can override security policy and authorize the distribution of a blocked transmission to the intended recipient.
Security Policy
The policy within an organization that defines which classified information can be distributed to which recipients.
SMTP
The protocol used for sending email to recipients outside the organization.
System modules
These are the various components of Forcepoint DLP. They are either hardware-based physical devices, like the protector; software components, like the Forcepoint Security Manager, or virtual components like channels and services.
T
Traffic
The transmission of email messages sent through the electronic mail system or uploaded to the Internet.
U
Unmatched Events
Unmatched Events are events that pass through the system transparently because they raise no suspicion.
Urgency
The incident's urgency setting is a measure of how important it is to the corporation that this incident is handled. The urgency of an incident is automatically decided by Forcepoint DLP. This calculation takes both the sensitivity of the incident and the number of matched violations into account.
For example, if content triggers a violation because it includes 400 credit card numbers, and the credit card policy was set to medium sensitivity, then the urgency is set to critical due to the large number of violations (400) and the sensitivity (medium). This setting provides you with a relative measure for how urgent it is for someone to deal with this incident.
Users
The personnel within an organization who can distribute and receive information.
V
Views
Views are views into the incident database with filters applied. Several built-in views are provided. The most common are displayed on the main Reporting page. Views are very much like reports; they're graphical and contain colorful executive charts.

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Glossary
Copyright 2017 Forcepoint. All rights reserved.