Every time I pushed the agent to laptops, I wasn't able to gain visibility.

With Forcepoint we found that one employee who left had taken some files, and we were able to stop it. And if somebody is under a notice period, we now monitor whether any files are about to go out. When they take something with them, we can see that. We can also identify any abnormal behaviors that are happening. A lot of times it happens that if somebody is about to leave, they try to take some information away with them. We catch that fast.

It also helps in terms of HR stuff because file movement can indicate people who are looking for jobs. We can see CV movements and it helps as an indicator of a dissatisfied employee. We can at least see the behavior and see if we can do something about it.

Before Forcepoint, we had data in terms of how many terabytes go in and out, but now we can specifically see what goes where.

The greatest benefit is the detection, detecting either accidental or unauthorized transmission of certain kinds of PCI or PII data that we prohibit. It's very useful to get that from alerts. We can also block them outright, depending on what threshold we have set. That's the most useful thing about DLP, that it prevents unauthorized usage of that kind of data.

I have seen benefits, particularly in terms of increased confidence in compliance with data protection regulations. When it comes to external auditors, I am confident that they won't find any issues related to data protection. Additionally, it has increased my confidence that our organization's intellectual property is not misused or extracted without permission.

When we deployed it for a bank, it proved highly efficient in terms of PCI compliance. It was very quick to pick up where people were divulging personal information regarding credit card holders. We then deployed very simple rules that we had customized, without the need for data classification.

Initially, if you were just doing PCI-DSS, because it's very limited information that you needed to protect, you could do it without data classification. This was good for an organization that had data to protect and wanted to comply with PCI-DSS, but had not done the data classification at that point.

The rules that we put into place were simple. For example, if more than two credit card numbers are being pushed out then block it, or first put it into monitoring mode and then block it.

The Forcepoint DLP is such a useful tool for organizations as it protects sensitive data with multiple kinds of functionality such as OCR and an analytics engine (which helps determine if any sensitive data is in danger of policy violations). It's easy to determine the incidents that have been triggered. This has helped to identify what sensitive data has been shared. The only part where it didn't work so well is during agent upgrading. If we automatically try to upgrade the agent it causes a lot of problems.

Forcepoint DLP helped a lot when an incident was created and we tried to have an auto-remediation of the incident. For DLP, an incident is a key factor. DLP is meant to generate an incident, and that incident should be managed. If no one is managing the incident, DLP is of no use. Forcepoint has an email workflow. It provides email incident remediation wherein an automatic email is generated for the manager. If a person violates a policy, we can configure it in a way that one email is sent to the manager. One email will also go to the end-user. The end-user can again analyze the activity and give us feedback about whether it was a genuine business need and we should release that email, or whether it was a mistake and we should quarantine that email. The decision is made by the manager or by the end-user who sent the email. This helped a lot and reduced the incident count. It was very helpful to have such a report and to be able to say that the end-user was aware of the fact that this email has been quarantined. After providing the legal justification, the email was released by him. It reduced 40% of incidents for emails. This kind of feature is not available in other DLP solutions, and I really appreciate having that feature.

In Sri Lanka, we have strong governance for data. Every organization prioritizes securing personal information and customer details. Forcepoint DLP protects data within and outside the organization.

It has helped us protect our internal data from external threats. It ensures no data reaches the outside via intentional or unintentional sharing of data. 

Having visibility under a single console has helped us. 

This solution has been very useful for myself, my colleagues, and our customers by helping us to be more informed about IT concepts and DLP systems. This includes how to deal with enterprise legal data, legal documents, and especially confidential documents. There are IT cultural activities that we learn from this solution.

This solution improved our organization in the sense that, when we switched over to Office 365, we were able to apply the DLP policies to our Office 365 traffic. It also increased the visibility of what is happening regarding data moving in and out. Thirdly, it offers executive reporting and allows us to see what is going on for executive decision making. Finally, it helps the organization in meeting the compliance requirements of the Central Bank.

It has helped us meet CTI requirements. Some employees accidentally shared compromising information and it was able to block that information. That is one of the biggest benefits we have seen from this tool.