See how Insoft Services is responding to COVID-19

Forcepoint DLP Administrator Course

X

Kontaktiere uns

Wir würden uns freuen, von Ihnen zu hören. Bitte füllen Sie dieses Formular aus, um vorab zu buchen oder um weitere Informationen zu unseren Angebotsmöglichkeiten anzufordern.

Abonnieren

Ich möchte E-Mails mit den neuesten Informationen und Werbeaktionen von Insoft erhalten.

Datenschutz & Privatsphäre

Hiermit erlaube ich Insoft Ltd., mich zu diesem Thema zu kontaktieren. Des Weiteren ermächtige ich Insoft Ltd., meine personenbezogenen Daten für die Zwecke dieser Aktivitäten zu sammeln und zu speichern. Alle Ihre Daten werden gemäβ unserer Datenschutzrichtlinie geschützt und gesichert.


Schulungsplan


Oct 14 - Oct 16, 2020
09:00 - 17:00 (CEST)
Online

Feb 3 - Feb 5, 2021
09:00 - 17:00 (CEST)
Online

Apr 28 - Apr 30, 2021
09:00 - 17:00 (CEST)
Online

Jul 26 - Jul 28, 2021
09:00 - 17:00 (CEST)
Online

Oct 26 - Oct 28, 2021
09:00 - 17:00 (CEST)
Online

Forcepoint DLP Administrator Course
3 days  (Instructor Led Online)  |  Network Security

Course Details

Kursbeschreibung

During the three days, you will learn how to test an existing deployment, how to administer policies and reports, handle incidents and endpoints, upgrade and manage the Forcepoint DLP system. You will develop skills in creating data policies, building custom classifiers and using predefined policies, incident management, reporting, and system maintenance.

Kursziele

  • Understand simple Forcepoint DLP product deployments
  • Create and use custom classifiers
  • Use predefined classifiers, rules and policies
  • Control various channels of potential data leaks – in TCP networking, discovery and by endpoint
  • Manipulate incidents and reports
  • Configure incident workflows using TRITON GUI or email
  • Perform the backup and restore

Kursinhalt

Topic 1: Forcepoint DLP Architecture

1) AP-DATA Product and Basic Deployment

  • Forcepoint product overview
  • What is DLP
  • What is new in the 8.x versions
  • Simple Forcepoint DLP deployments, network topology before and after Management consoles
  • Forcepoint DLP key configurations
  • Registering CG and Forcepoint
  • Email Security
  • ICAP-mode Protector
  • Data security in cloud deployments

 

2) Forcepoint DLP Components, Transaction Processing

  • Involved machines, OS, virtualization, processes
  • Load Balancing and Policiy Engine Interface (PEI)
  • Processing data transactions, Policy Engine (PE)
  • Testing DLP channels
  • CLI tools to extract plaintext and test policies
  • Custom logic in rule conditions
  • Testing limits of file size, large ZIPs and timeouts.

 

Topic 2: DLP Policies

1) Custom and Predefined Classifiers

  • Keyphrases and dictionaries
  • Regular expressions
  • File classifiers
  • Script overview. “Supporting terms” near sensitive data; context analysis
  • Credit cards: PCI audit rules, CCN classifiers, Luhn check, prefixes (BINs)
  • Policy exceptions for custom LDAP groups, domains, etc.
  • Cumulative rules (Drip DLP)

 

2) Fingerprinting and ML

  • File fingerprinting; possibly with ignored sections
  • Database fingerprinting
  • Scheduling, exporting and synchronizing fingerprints
  • Machine Learning

 

Topic 3: Endpoints; Discovery

1) Data Endpoint

  • Data Endpoint Initial setup
  • EP statuses and disabling them
  • EP profiles, updates and incident reporting
  • Endpoint support for browsers
  • Endpoint support for email clients
  • Hooking application OS calls
  • Unhooking/excluding applications
  • Encryption with User-Defined Key and Profile Key
  • EP and printer drivers, screenshots, optical media, LAN control

 

2) Discovery Policies

  • Custom and predefined discovery policies
  • Scheduling file scans, incremental scanning
  • Scheduling scans of SharePoint Online, Outlook PST, etc.
  • Responding to discovery incidents
  • Configuring file discovery on EP
  • Incremental scans
  • FPNE – fingerprint classifiers on EP

Topic 4: Incidents and Maintenance

1) Incidents and Reporting

  • Incident manipulation: release, escalation, severity change, assignment, deletion
  • Action plans and notifications
  • Force-release feature
  • Email-based workflow
  • Create a Delegated Admin (DA) with limited permissions
  • Incident reports – exporting from TRITON GUI or with a script
  • Traffic and audit logs

 

2) Diagnostics, Backups, Upgrades

  • Inspecting PEI and PE logs; issues with timeouts and load balancing
  • Mega-breaches and performance
  • Gathering diagnostics for issue escalation
  • Archiving incident DB partitions and forensics
  • Full backup and restore of a APDATA Forcepoint DLP configuration
  • Semi-automatic failover
  • Forcepoint DLP Manager and system module upgrades, backward compatibility
  • Endpoint upgrades, backward and forward compatibility