Cisco Cisco Email Security Appliance C160 Betriebsanweisung
11-30
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
DLP Policy Manager for Enterprise Manager DLP Policies
The DLP Policy Manager shows the RSA Enterprise Manager DLP policies currently in use on the Email
Security appliance. You can use the Manager to enable or disable individual DLP policies on the Email
Security appliance. Any outgoing mail policies assigned to the disable DLP policy will skip the policy
when evaluating messages for DLP violations.
Security appliance. You can use the Manager to enable or disable individual DLP policies on the Email
Security appliance. Any outgoing mail policies assigned to the disable DLP policy will skip the policy
when evaluating messages for DLP violations.
Figure 11-10
Enterprise Manager DLP Policies in DLP Policy Manager
If the Email Security appliance has not received the DLP policies from Enterprise Manager, it will
continue to use any existing RSA Email DLP policies until it receives a data package with the new
policies from Enterprise Manager.
continue to use any existing RSA Email DLP policies until it receives a data package with the new
policies from Enterprise Manager.
RSA Enterprise Manager and Language Support
The Email Security appliance displays any data it receives from RSA Enterprise Manager in the language
that was used in Enterprise Manager. The appliance does not display this information in the language
you selected for the appliance interface. This applies to DLP policies, classifiers, dictionaries, and
anything else created in Enterprise Manager that the appliance receives in the data package. For example,
if the DLP policies and classifiers from Enterprise Manager were written in English but the interface of
the Email Security appliance is displayed in French, the Email Security appliance displays the name and
descriptions of the DLP policies and classifiers from Enterprise Manager in English. The rest of the
interface remains in French.
that was used in Enterprise Manager. The appliance does not display this information in the language
you selected for the appliance interface. This applies to DLP policies, classifiers, dictionaries, and
anything else created in Enterprise Manager that the appliance receives in the data package. For example,
if the DLP policies and classifiers from Enterprise Manager were written in English but the interface of
the Email Security appliance is displayed in French, the Email Security appliance displays the name and
descriptions of the DLP policies and classifiers from Enterprise Manager in English. The rest of the
interface remains in French.
Quarantines
If a message containing a DLP violation matches a DLP policy that requires the message to be
quarantined, the Email Security appliance sends the message to the quarantine specified by the DLP
policy’s message action. The user responsible for evaluating DLP violations can review the incident
using Enterprise Manager and can then use Enterprise Manager to instruct the appliance to release or
delete the message from the quarantine. If the message action requires the message to be encrypted on
release, it is the Email Security appliance that encrypts the message, not Enterprise Manager.
quarantined, the Email Security appliance sends the message to the quarantine specified by the DLP
policy’s message action. The user responsible for evaluating DLP violations can review the incident
using Enterprise Manager and can then use Enterprise Manager to instruct the appliance to release or
delete the message from the quarantine. If the message action requires the message to be encrypted on
release, it is the Email Security appliance that encrypts the message, not Enterprise Manager.
Users can view messages quarantined by Enterprise Manager using the Monitor > Quarantines page in
the Email Security appliance’s GUI. Cisco recommends that users only release or delete messages with
DLP violations from Enterprise Manager, not the local Email Security appliance’s GUI.
the Email Security appliance’s GUI. Cisco recommends that users only release or delete messages with
DLP violations from Enterprise Manager, not the local Email Security appliance’s GUI.
Cisco also recommends the following procedures for using quarantines with Enterprise Manager:
•
Use one or more dedicated quarantines for DLP violations.
•
Set a timeout large enough for Enterprise Manager to complete its tasks.
•
Be aware that Email Security appliance will still release or delete quarantine messages when the
quarantine exceeds the allotted space.
quarantine exceeds the allotted space.
For more information on how quarantines work on the Email Security appliance, see the “Quarantines”
chapter in the Cisco IronPort AsyncOS for Email Daily Management Guide.
chapter in the Cisco IronPort AsyncOS for Email Daily Management Guide.