Risk-Adaptive Protection

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

General System Settings > Services > Risk-Adaptive Protection

Risk-Adaptive Protection

Administrator Help | Forcepoint DLP | Version 8.8.2

Risk-Adaptive Protection combines the power of the Forcepoint DLP and Forcepoint Behavioral Analytics capabilities, performing modeling and analytics to determine a user profile risk. Then, based on the user risk level, actions are executed when Forcepoint DLP polices are triggered.

Forcepoint provides two solutions that perform user activities modeling and determine the user profile risk:

Forcepoint Behavioral Analytics

Forcepoint Dynamic User Protection

Risk-Adaptive Protection with Forcepoint Behavioral Analytics

Forcepoint Behavioral Analytics is an on-premises solution that runs a set of dedicated servers that ingest DLP events and incidents data into the Forcepoint Behavioral Analytics platform, and performs modeling and analytics to determine a user risk profile. The calculated user risk level is sent to the Forcepoint Security Manager and pushed to the Forcepoint DLP Endpoints. Then, when Forcepoint DLP polices are triggered, different reactions can take place based on the current user risk level.

Forcepoint Behavioral Analytics requires that the endpoint to be connected to the corporate network in order for the endpoints to send the DLP events and incidents data to the Forcepoint Behavioral Analytics servers.

To enable Risk-Adaptive Protection with Forcepoint Behavioral Analytics:

1.

Deploy a Forcepoint Behavioral Analytics instance. See the Forcepoint Behavioral Analytics Administration and Troubleshooting manual.

2.

Enable Risk-Adaptive Protection in Forcepoint DLP. See Analytics.

3.

Configure relevant policies and rules so that actions are risk-level dependent. See Custom Policy Wizard - Severity and Action.

4.

Enable/Disable Risk-Adaptive Protection for specific users/groups. Use the RAP UserManager.exe. See the Dynamic Data Protection Getting Started Guide for more information.

5.

Users can be either custom or based on a user directory.

Users are assigned risk level 1 as a default risk-level value.

6.

Sync the modified list of Risk-Adaptive Protection users in the Forcepoint Behavioral Analytics system. See Forcepoint Behavioral Analytics Administration and Troubleshooting manual.

7.

Check DLP incidents. See Managing incident reports.

8.

Investigate users. See Forcepoint Behavioral Analytics Administration and Troubleshooting manual.

Configuring Risk-Adaptive Protection to use Forcepoint Behavioral Analytics

Administrator Help | Forcepoint DLP | Version 8.8.2

To use Risk-Adaptive Protection with Forcepoint Behavioral Analytics, go to the Settings > General > Services page. Select the Risk-Adaptive Protection tab, and then:

1.

Mark the Enable Risk-Adaptive Protection check box.

2.

Enter the following settings:

The Forcepoint Behavioral Analytics hostname or IP address.

The Port number. The default port number is 9093.

3.

Click Test Connection to test the Forcepoint Behavioral Analytics connection to Forcepoint DLP. A confirmation message returns.

If connection fails, enter again the Forcepoint Behavioral Analytics hostname or IP address and the port number; then test again.

4.

Click OK to save the changes.

5.

Click Deploy.


	Note If you already defined Forcepoint DLP rules to determine actions by user risk level, disabling this option (by clearing the Enable Risk-Adaptive Protection check box) disconnects Forcepoint Behavioral Analytics from Forcepoint DLP and actions are determined only by DLP matches.

Risk-Adaptive DLP with Forcepoint Dynamic User Protection

Forcepoint Dynamic User Protection is an endpoint blade that can be installed with the Forcepoint DLP Endpoint on the same machine. It performs modeling and analytics to determine a user profile risk on the endpoint itself, even when the endpoint is disconnected from the corporate network, or the user is working off-site.

Forcepoint DLP Endpoint passes all events and incidents to the Forcepoint Dynamic User Protection blade, which then calculates the current user's risk level locally on the endpoint. Then, when Forcepoint DLP polices are triggered, the action called for is based on the particular user's risk level.

To enable Risk-Adaptive DLP with Forcepoint Dynamic User Protection, do one of the following:

Build a unified Forcepoint One Endpoint installer to install Forcepoint DLP and the Dynamic User Protection blade.

Download Forcepoint Dynamic Endpoint Protection as a separate installer directly from the Forcepoint Dynamic User Protection cloud console, and distribute it to endpoint systems that are running Forcepoint DLP.

For more information, see the Forcepoint Dynamic User Protection Administrator Guide.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

General System Settings > Services > Risk-Adaptive Protection

Copyright 2021 Forcepoint. All rights reserved.