Forcepoint DLP and Email Security (formerly TRITON AP-DATA/AP-EMAIL) Administrator Bundle

Forcepoint DLP Administrator course:

Topic 1: Forcepoint DLP Architecture

1) AP-DATA Product and Basic Deployment

a) Forcepoint product overview
b) What is DLP
a) What is new in the 8.x versions
b) Simple Forcepoint DLP deployments, network topology before and after
c) Management consoles
d) Forcepoint DLP key configurations
e) Registering CG and Forcepoint Email Security
f) ICAP-mode Protector
g) Data security in cloud deployments

2) Forcepoint DLP Components, Transaction Processing

a) Involved machines, OS, virtualization, processes
b) Load Balancing and Policiy Engine Interface (PEI)
c) Processing data transactions, Policy Engine (PE)
d) Testing DLP channels
e) CLI tools to extract plaintext and test policies
f) Custom logic in rule conditions
g) Testing limits of file size, large ZIPs and timeouts.

Topic 2: DLP Policies

1) Custom and Predefined Classifiers

a) Keyphrases and dictionaries
b) Regular expressions
c) File classifiers
d) Script overview. “Supporting terms” near sensitive data; context analysis
e) Credit cards: PCI audit rules, CCN classifiers, Luhn check, prefixes (BINs)
f) Policy exceptions for custom LDAP groups, domains, etc.
g) Cumulative rules (Drip DLP)

2) Fingerprinting and ML

a) File fingerprinting; possibly with ignored sections
b) Database fingerprinting
c) Scheduling, exporting and synchronizing fingerprints
d) Machine Learning

Topic 3: Endpoints; Discovery

1) Data Endpoint

a) Data Endpoint Initial setup
b) EP statuses and disabling them
c) EP profiles, updates and incident reporting
d) Endpoint support for browsers
e) Endpoint support for email clients
f) Hooking application OS calls
g) Unhooking/excluding applications
h) Encryption with User-Defined Key and Profile Key
i) EP and printer drivers, screenshots, optical media, LAN control

2) Discovery Policies

a) Custom and predefined discovery policies
b) Scheduling file scans, incremental scanning
c) Scheduling scans of SharePoint Online, Outlook PST, etc.
d) Responding to discovery incidents
e) Configuring file discovery on EP
f) Incremental scans
g) FPNE – fingerprint classifiers on EP

Topic 4: Incidents and Maintenance

1) Incidents and Reporting

a) Incident manipulation: release, escalation, severity change, assignment, deletion
b) Action plans and notifications
c) Force-release feature
d) Email-based workflow
e) Create a Delegated Admin (DA) with limited permissions
f) Incident reports – exporting from TRITON GUI or with a script
g) Traffic and audit logs

2) Diagnostics, Backups, Upgrades

a) Inspecting PEI and PE logs; issues with timeouts and load balancing
b) Mega-breaches and performance
c) Gathering diagnostics for issue escalation
d) Archiving incident DB partitions and forensics
e) Full backup and restore of a AP-DATA Forcepoint DLP configuration
f) Semi-automatic failover
g) Forcepoint DLP Manager and system module upgrades, backward compatibility
h) Endpoint upgrades, backward and forward compatibility

Forcepoint Email Security Administrator course:

Topic 1: Features & Components

1) Forcepoint solution overview

a) Forcepoint solution introduction

2) Forcepoint Email Security features and new features

a) Key features
b) What’s new

3) Understanding the deployment

a) Forcepoint Email Security appliances
b) V-Series appliance interfaces
c) Network without Forcepoint Email Security
d) Network with Forcepoint Email Security
e) Required components
f) Internal daemons
g) Communications with external services
h) Supported V-Series and X-Series models and total resources
i) Hardware allocation

4) Getting started with Forcepoint Email Security

a) Fundamental email security concepts: protected domain and email relay
b) Setting up Forcepoint Email Security

5) Setting up users

a) Domain group
b) User directory

6) Defining email routing

a) Domain-based route
b) Directory-based route

Topic 2: Traffic & Policies

1) Traffic

a) Message processing flow
b) Setting connection properties (simultaneous connection per IP)
c) Configuring message properties (size, volume)
d) RBL & Reputation service
e) SMTP greeting delay
f) Recipient validation
g) DHA prevention
h) SPF check
i) SMTP authentication
j) Global IP block list
k) IP address group
l) Compare trusted IP group and Allow Access List

2) Quarantine system

a) Quarantine system overview
b) Queue monitor
c) Message queues

3) Policy

a) Policy flow
b) Policy type
c) Policy condition
d) Rules, filters, actions
e) Action options merge
f) Global IP and address permit list
g) Dynamic permit list
h) Built-in DLP
I. DLP integration
II. Registered with data security server

Topic 3: PEM & advanced configurations & Maintenance

1) Personal Email Manager (PEM)

a) PEM architecture
b) Enabling PEM
c) End user block/permit list

2) Threat Projection Cloud

a) Threat Protection Cloud introduction
b) Configure Threat Protection Cloud

3) Traffic shaping

a) 5 parameters
b) How traffic shaping works

4) Transfer Layer Security (TLS)

a) Enforced/Mandatory TLS vs opportunistic TLS
b) Enable enforced TLS for incoming/outgoing connections
c) Enforced TLS security level & encryption strength
d) CA issued or self-signed TLS certification process
e) Enable mandatory TLS
f) Enable opportunistic TLS

5) Secure Message Delivery

a) Secure Message Delivery scenario 1
b) Secure Message Delivery scenario 2
c) Enable Secure Message Delivery
d) Secure encryption queue
e) Secure Message Delivery end user experiences

6) Maintenance

a) Reporting
I. Log and reporting system overview
II. Log server and database deployment
III. Dashboard & alert & logs
IV. Presentation reports
V. Real-time monitor
VI. Log database partition & rollover & maintenance
b) System administration & maintenance
I. Manage appliances
II. Delegated administration
III. Backup and restore