Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Glossary
Glossary
 
A
Analysis
The process that the TRITON AP-DATA system uses to examine data to determine whether it contains protected content.
Assigned/unassigned incident
Incidents can be tracked through the system by administrators. To give a single administrator the responsibility to handle the incident, you can assign the incident to that administrator. Incidents that can be handled by any administrator are considered unassigned.
Authorization
The instruction to override security policy and send blocked email to the intended recipient. This can be performed by a security officer or by a content owner.
Authorization Code
The TRITON AP-DATA-generated code in a Block email notification. When a reply is sent to the Block notification, the Authorization Code releases the blocked transmission.
Authorized Recipient
A user who is allowed to receive protected content.
B
Blocking
The prevention of data containing protected information from being sent to an unauthorized recipient.
C
Content Group
An empty shell to which you later assign directories containing classified information of a certain type. Each directory within a Content Group can be assigned a security level that restricts its contents to users with matching or higher security levels.
Content Owner
A Content Owner can define and modify a file's distribution security policy. Content Owners can override security policy and authorize the distribution of a blocked transmission to the intended recipient.
Crawler
The Crawler is the agent that scans your documents looking for sensitive data. You can have several in your network if you are managing many documents.
D
Database
A TRITON AP-DATA component that stores the system configuration, settings, and roles that determine the behavior of the application; it also stores information about traffic transmitted through the system.
TRITON Manager
The graphical user interface that enables the security officer to manage the TRITON AP-DATA, TRITON AP-EMAIL, and TRITON AP-WEB systems, define and monitor the distribution of security policies, and view reports.
E
Event
An event is any transaction that traverses the TRITON AP-DATA system. Not all events are stopped by the TRITON AP-DATA sniffer and queued for analysis—for that to happen, something has to look suspicious, meaning that something in the event seems to match with a Policy rule.
*
Unmatched events are events that pass through the system transparently, because they raise no suspicion.
*
Policy matches are events that are analyzed as they traverse the system, because something in the transaction is suspicious according to the policies. Policy matches are then either deemed authorized incidents—events that seemed to match a policy but are in fact allowed—or incidents, which are policy violations.
External User
A user who is outside the organization or domain.
F
File System Directories
Registered directories on the corporate file server that contain files with classified content.
File Fingerprinter
A Data Security component that scans specified folders and submits files for fingerprinting to the Data Security DMS API.
File Fingerprints
Information that is protected by TRITON AP-DATA. The information will be recognized even after the original file has been deleted from the corporate file server.
File Type
A data format, such as .doc, .pdf, or .xls.
Fingerprint Server
A Data Security component that analyzes corporate file directories at predefined intervals and fingerprints files.
Forensics Repository
The forensics repository contains complete information about your original transactions. In SMTP, for instance, it stores the original email message that was sent. For other channels, the system translates transactions into EML.
To configure the forensics repository, select it on the System Modules screen.
I
Ignored Incident
Incidents that are set as Ignored Incidents. Often files that are determined not to be violations or incidents (files or attachments) that are not malicious, can be set to be ignored. These incidents can then be filtered in or out using the main and quick filters.
Often, it is useful to set an incident as "ignored" when an incident was determined not to be a violation, (it looks like a violation but is not). Understanding ignored incidents can assist you in fine-tuning your policies to avoid blocking traffic unnecessarily. By default, the data presented in the TRITON Manager does not include incidents marked as ignored. Refer to "Filtering Incidents" to modify this setting.
Incident
An incident is a transaction or set of transactions that violate a policy. Depending on how you configure a rule, incidents can be created for every policy breach, or for matches that occur within a defined period.
Assigned/Unassigned Incident: Incidents can be tracked through the system by administrators. To give a single administrator the responsibility to handle the incident, assign the incident to a single administrator. Unassigned Incidents are those that have not been assigned and can therefore be handled by any administrator who has access to the incident.
Incident Database
The incident database saves basic information about incidents plus additional information that helps you analyze the data, such as: source, destination, the resolved source/destination hostname, breach information, analyzed by, detected by, and assigned to.
The incident database is part of the main Oracle management database.
Information Lifecycle
The changes (over time) to the importance level of information, from its most sensitive level at creation to its general distribution.
L
LDAP
Lightweight Directory Access Protocol is the protocol standard over TCP/IP that is used by email clients to look up contact information. TRITON AP-DATA uses LDAP to automatically add users and groups to the data security database.
M
MAPI
The protocol that sends email to recipients inside an organization/domain.
Matching Keyword
A predefined text string that must be protected; its presence in a document indicates that the document contains confidential information.
N
Notification
An email alert sent to the Security Officers and Content Owners, indicating that the information was addressed to an unauthorized recipient.
O
Owner
See Content Owner.
P
Permissions
Permissions define what a user is authorized to perform within the TRITON AP-DATA structure.
Policy
The system can be set to include multiple policies. A policy is a list of criteria to be searched for over your channels. These criteria are set with a certain rule which defines what the system does when it comes across a transmission that meets the designated criteria.
Policy Category
TRITON AP-DATA can be set to include multiple policies. These policies are grouped together to create policy categories.
Policy Category Group
Multiple policy categories can be grouped together to form policy category groups. These groups are then assigned to specific administrators for incident management and monitoring purposes. Often a policy category group reflects the corporate department associated with these events, such as Finance or Marketing. For example, the policy categories Intellectual Property, Malicious Concealment, and Source Code may be combined to form a policy category group called Technology. This group can then be assigned to administrators who are the VP of R&D and the CTO. These individuals would then be notified of violations of these policies and would be able to handle and track these incidents.
R
Registering
The process of identifying a unique set of characteristics for a document's contents. TRITON AP-DATA uses registering to uniquely identify classified content.
Roles
Security profiles that can be applied to several users without having to define security details for each user.
S
Security Level
A label, such as Top Secret, that represents a degree of confidentiality. Both users and classified content are assigned Security Levels. Users with a specific Security Level can only receive information classified with the same or lower Security Level.
Security Officer
A user who defines TRITON AP-DATA security policies, and monitors security policy distribution within the organization. The Security Officer can override security policy and authorize the distribution of a blocked transmission to the intended recipient.
Security Policy
The policy within an organization that defines which classified information can be distributed to which recipients.
SMTP
The protocol used for sending email to recipients outside the organization.
System modules
These are the various components of TRITON AP-DATA. They are either hardware-based physical devices, like the protector; software components, like the TRITON Manager, or virtual components like channels and services.
T
Traffic
The transmission of email messages sent through the electronic mail system or uploaded to the Internet.
TRITON AP-DATA Administrator
A user who manages and maintains the TRITON AP-DATA system.
TRITON AP-DATA Server
The server that controls all aspects of the TRITON AP-DATA software.
TRITON management server
The Management Server is the TRITON AP-DATA component that includes all core technology and Forcepoint fingerprinting servers, policy servers, and patented data loss prevention technology.
TRITON Manager
A central management console that provides access to Forcepoint data, Web, and email security modules. A system administrator can define and monitor the distribution of security policies, and view reports for all 3 modules from one location. Also known as the TRITON Manager.
U
Unmatched Events
Unmatched Events are events that pass through the system transparently because they raise no suspicion.
Urgency
The incident's urgency setting is a measure of how important it is to the corporation that this incident is handled. The urgency of an incident is automatically decided by TRITON AP-DATA. This calculation takes both the sensitivity of the incident and the number of matched violations into account.
For example, if content triggers a violation because it includes 400 credit card numbers, and the credit card policy was set to medium sensitivity, then the urgency is set to critical due to the large number of violations (400) and the sensitivity (medium). This setting provides you with a relative measure for how urgent it is for someone to deal with this incident.
Users
The personnel within an organization who can distribute and receive information.
V
Views
Views are views into the incident database with filters applied. Several built-in views are provided. The most common are displayed on the main Reporting page. Views are very much like reports; they're graphical and contain colorful executive charts.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Glossary
Copyright 2016 Forcepoint LLC. All rights reserved.
View all fonts in this project