Components of Forcepoint DLP

Management Server

The management server provides the core information loss technology, capturing fingerprints,
applying policies, and storing incident forensics.
A deployment can include multiple Forcepoint DLP servers to share the analysis load, but there
is only one management server.
The management server also stores configuration settings, as well as the primary policy store,
primary fingerprint repository, and by default, the forensics repository.

Analytics engine

The analytics engine will communicate with the management server on a daily basis to identify
potentially risky incidents, rank them with similar activity, and assign them a risk score.
It is installed on a 64-bit Linux machine and uses heuristic engines to rank incidents with similar
activity and present the findings to an administrator via the Incident Risk Ranking dashboard of
the Security Manager.

Supplemental servers
Supplemental servers can be installed with only standalone components, such as the crawler,
rather than a full installation. This can help to conserve resources on the installation machine.

Full installations of supplemental Forcepoint DLP servers include a secondary fingerprint

repository, endpoint server, crawler, policy engine, and OCR server.

protector
The protector is a software appliance that can intercept and analyze web or email traffic.

For web traffic it can be configured in a mirror mode or ICAP mode, and for Email traffic it can
be configured in an MTA mode. This will allow Forcepoint DLP to apply policies to data in
motion with third party web security or email security solutions.
ESG (Email Security Gateway)

There are two options available for ESG (Email Security Gateway) deployment, both of which
require a license for the Forcepoint Email Security product.

The first resides on a V Series appliance. It filters inbound, outbound, and internal email
messages for spam and viruses, and uses Forcepoint DLP to analyse data content.

The second, called the Forcepoint DLP Email Gateway, is a virtual appliance for the Microsoft
Azure cloud infrastructure that allows an organization to protect data being sent through
Exchange Online email. Like other modules, it includes a policy engine and fingerprint
repository.

Forcepoint Web Content Gateway

To apply DLP policies to web traffic with the Forcepoint Web Content Gateway, there are two
available options.

Included with the Forcepoint DLP license is the ability to deploy the Web Content Gateway
specifically for applying DLP policies.

If an organization has Forcepoint Web Security, they will be able to integrate DLP with that Web
Content Gateway appliance to apply policies while also being able to scan for malware, leverage
URL categorization and more.