Configuring Endpoint Deployment

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Configuring Endpoint Deployment

Configuring Endpoint Deployment

Administrator Help | Forcepoint DLP | Version 8.6.x

Deploying endpoint client software for Forcepoint DLP requires a subscription to Forcepoint DLP Endpoint.

Endpoint client software resides on an endpoint machine (such as a laptop or workstation). It monitors real-time traffic and applies security policies to applications and storage media, as well as data at rest. The client software allows administrators to analyze content on endpoint machines and block or monitor policy breaches (defined in endpoint profiles). Administrators can create policies that allow full content visibility without restricting device usage.

When endpoint client software is installed, it attempts to connect to a Forcepoint DLP server to retrieve policies and profiles. As soon as its settings are deployed, the endpoint client starts running according to its profile settings.

The endpoint server component is installed automatically on the management server and supplemental Forcepoint DLP servers. Endpoint servers receive incidents from, and send configuration settings to, endpoint clients.

The endpoint software deployment process includes the following basic steps:

1.

Install the Forcepoint DLP management server.

2.

Build a package for the endpoint client and deploy it on users' computers (desktop and laptop machines), as described in the endpoint documentation.

3.

Add an endpoint profile in the Data Security module of the Forcepoint Security Manager, or use the default profile installed with the client package. See Adding an endpoint profile and Rearranging and deploying endpoint profiles.

Endpoint profiles are templates that set service permissions. A profile describes the required behavior of an endpoint client: how it connects to endpoint servers, which user interface options are available on the client, and how it uses encryption to protect sensitive data. Each profile is deployed to selected endpoint clients.

4.

Configure endpoint settings. See Configuring endpoint settings.

5.

Create endpoint resources. See Endpoint Devices, Endpoint Applications, and Endpoint Application Groups.

6.

Create or modify a rule for endpoint channels. See Selecting endpoint destination channels to monitor.

7.

Define the type of endpoint machines to monitor, and configure on- and off-network behavior. See Custom Policy Wizard - Source.

8.

Deploy endpoint configuration settings.

Once endpoint client software has been deployed and configuration and profile creation is complete, administrators can:

Review the status of endpoint systems. See Viewing endpoint status.

Review incidents detected by endpoint software, and take action on them, such as editing the incident details, changing the severity of the incident, or escalating the incident to a manager. See Viewing the incident list.

In special circumstances, monitoring and protection can be bypassed for an endpoint client. See Bypassing endpoint clients for more information on this capability.

For information on what end users see on their machine when endpoint software is installed, see the Endpoint Solutions End User's Guide on the Forcepoint Documentation page. This document can be distributed to end users, as needed.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Configuring Endpoint Deployment

Copyright 2018 Forcepoint. All rights reserved.