Forcepoint ONE Demo Series – CASB Use Case

To bring this point to life, Forcepoint Vice President of Sales, SSE, Shane Moore, demonstrates how Forcepoint ONE is easy to use for both end users and administrators.

Enforcing data loss prevention (DLP) is most effective when considering contextual information such as user group, device type, and user location. Making configuration of DLP for managed SaaS apps simple, while factoring in contextual data, is a key differentiator for the Forcepoint ONE CASB.

  • User experience: Connections to a SaaS app being managed by Forcepoint ONE are seamlessly directed to a Forcepoint ONE reverse proxy URL, ensuring all file uploads and downloads can be monitored and controlled.
  • User experience: An attempt to download a Word document from a corporate SharePoint account is blocked because it is being requested from an unmanaged device. The user is also presented an information box explaining why the download is blocked.
  • Administrator experience: A single proxy policy for Office 365 lets the administrator qualify the scope of the policy based on user group, device type, and location, and specify multiple file download and upload actions for different match patterns. Match patterns are selected from a dropdown of dozens of predefined or custom patterns. Download actions include allow, block, notify, encrypt, apply DRM, track, and watermark. In an upload DLP policy, the administrator can specify a match pattern that invokes malware scanning from Bitdefender or CrowdStrike and use that to block upload of malware.
  • Administrator experience: Viewing the policy log report lets administrators see all user attempts to upload or download sensitive data or malware, with fields for timestamp, user name, SaaS app, user location, activity (download or upload), policy action, file name, and match pattern.
  • User experience: A user is denied access to their corporate Office 365 account because they used an anonymizer service which was detected by the CASB based on the user’s IP address, and an appropriate “application blocked” is page is displayed.

Key demo takeaways:

Key features demonstrated:

  • Using SAML authentication, the CASB can determine whether a connecting device is managed based on the presence of the Forcepoint ONE unified agent or a certificate from a third-party vendor.
  • During authentication, the CASB determines user group, device type, and user location which can be used block the user or require MFA. This contextual data is also used for controlling access to individual SaaS apps.
  • A single proxy policy can contain multiple upload and download DLP policies, used in tandem, to monitor and control movement of sensitive data and malware.
  • Building proxy policies is facilitated by dropdown fields for selecting among dozens of predefined and custom match patterns.
  • Administrators can view a report of file movement attempts and use that data to demonstrate compliance with data privacy standards.

If you find this video useful, check on the on-demand version of it. Register to watch the full platform demo,

This post was first first published on Forcepoint website by Jeff Birnbaum. You can view it by clicking here