How Forcepoint DDR Complements DSPM

Last week, Forcepoint introduced our first new product of 2025, Forcepoint DDR. In last week’s blog post, Kevin mentioned that Forcepoint DDR functions as a key add-on to Forcepoint DSPM.

These days, data risk equals business risk. That’s especially true when it leads to non-compliance with data privacy regulations or even worse when it turns into a data breach. Forcepoint DSPM and DDR help organizations manage these kinds of risks and many more.   

DSPM Assesses and Reduces Risky Data

Forcepoint DSPM provides organizations with visibility and control over all of its data. DSPM examines data based on sensitivity and potential risk impact. It does this through discovering and categorizing your organization’s data wherever it resides—identifying and correcting sensitive data in the process.  

Forcepoint DSPM uses AI Mesh technology to quickly and accurately classify data security risks. It provides visibility into all sensitive data like PII, PCI and HIPAA information and shines a light on your organization’s dark data or data whether it’s scattered across multiple locations across public or private clouds, across a growing list of cloud applications, plus on-prem locations as well.  It also provides visibility to your organization's redundant, obsolete and trivial (ROT) data that often sits unused and untouched for years.  

DSPM allows your organization to secure your data posture from data breaches and non-compliance with a growing list of international data regulations by providing protective measures to remediate data risk—whether that risk comes from mislocated data, inaccurate data access, data duplicates or over-permissioned data.

In other words, Forcepoint DSPM provides visibility and control in service of one goal: To eliminate data risk across your organization. 

DDR Takes DSPM Further

Forcepoint DDR is an important add-on to our DSPM solution. Where DSPM focuses on data at rest, DDR focuses on subset of an organization’s data—the part that’s actively being used. DDR brings continuous monitoring and dynamic incident alerts to the equation.  By operating this way, DDR enables continuous monitoring of both the data in use and the overall data security posture immediately after being deployed.

DDR looks at data that’s being used in some way across cloud and endpoints—an employee may create a new file or save a draft to cloud storage or save a final copy locally on their laptop. Or maybe they upload copies in multiple collaboration apps. Or they could change permissions access to a document to make it visible to anyone within the organization. Forcepoint DDR continuously monitors data while it’s in use to identify new levels of ongoing data risk.

DDR uses continuous monitoring to help focus security teams on remediation of those risks. Two examples where DDR helps mitigate risks: 1) Over-permissioned access to sensitive files that should only be accessible to a subset of employees and 2) Misplaced data that is stored or moved to an incorrect location. In both cases, security teams can create custom policies DDR can then use to remediate the situation.  

Beyond those examples, DDR can identify duplicate versions of files. And data lineage capabilities provide context into how a file changes over time—context that is especially useful during the investigation of potential breaches.

DDR acts to neutralize threats. It provides insights into threat detection while a threat is happening. It offers enhanced visibility to data risk by using rich context powered by Forcepoint’s AI Mesh technology. This allows security teams the opportunity to dynamically identify, monitor or respond to potential data threats—extending the data risk mitigation capabilities of Forcepoint DSPM.  

Another way to look at it: DDR actively monitors the tip of your organization’s data iceberg, where DSPM provides visibility and control to the massive data iceberg that lives below the surface. 

DDR analyzes the subset of data that’s in use at any given time. During this continuous monitoring process, it looks for changes to files that may be indicators of new levels of risk. DDR focuses on detecting and responding to changes to data and can update the security posture.

DSPM scans data across the organization to not only get a sense for the massive data iceberg below the surface, but also to get a point-in-time snapshot of data in use. During its scan, it can also see a snapshot of the data above the surface as well. DSPM also shows progress in terms of fixing ROT data, and it also provides updates for new compliance mandates, policies and repositories.  

DSPM and DDR focus on similar aspects of your organization’s data posture to provide a truly comprehensive view—all in an effort to reduce data risk. Alongside DSPM, DDR allows organizations to go further to detect breaches, helping to protect your data, reduce financial losses and maintain customer trust.  

To learn more about Forcepoint DSPM and our new DDR add-on, talk to an expert today.