Cisco Cisco Web Security Appliance S380 User Guide
15-3
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 15 Prevent Loss of Sensitive Data
Managing Upload Requests on an External DLP System
Step 1
Create and configure Data Security Policy groups. Cisco IronPort Data Security Policies use URL
filtering, web reputation, and upload content information when evaluating the upload request. You
configure each of these security components to determine whether or not to block the upload request.
filtering, web reputation, and upload content information when evaluating the upload request. You
configure each of these security components to determine whether or not to block the upload request.
When the Web Proxy compares an upload request to the control settings, it evaluates the settings in order.
Each control setting can be configured to perform one of the following actions for Cisco IronPort Data
Security Policies:
Each control setting can be configured to perform one of the following actions for Cisco IronPort Data
Security Policies:
For Cisco IronPort Data Security Policies, only the Block action is a final action that the Web Proxy takes
on a client request. The Monitor and Allow actions are intermediary actions. In both cases, the Web
Proxy evaluates the transaction against the External DLP Policies (if configured) and Access Policies.
The Web Proxy determines which final action to apply based on the Access Policy group control settings
(or an applicable external DLP Policy that may block the request).
on a client request. The Monitor and Allow actions are intermediary actions. In both cases, the Web
Proxy evaluates the transaction against the External DLP Policies (if configured) and Access Policies.
The Web Proxy determines which final action to apply based on the Access Policy group control settings
(or an applicable external DLP Policy that may block the request).
Related Topics
•
Managing Upload Requests on an External DLP System, page 13-3
•
Managing Upload Requests on an External DLP System
To configure the Web Security appliance to handle upload requests on an external DLP system, perform
the following tasks:
the following tasks:
Step 1
Choose Network > External DLP Servers. Define an external DLP system. To pass an upload request
to an external DLP system for scanning, you must define at least one ICAP-compliant DLP system on
the Web Security appliance.
to an external DLP system for scanning, you must define at least one ICAP-compliant DLP system on
the Web Security appliance.
Step 2
Create and configure External DLP Policy groups. After an external DLP system is defined, you
create and configure External DLP Policy groups to determine which upload requests to send to the DLP
system for scanning.
create and configure External DLP Policy groups to determine which upload requests to send to the DLP
system for scanning.
Step 3
When an upload request matches an External DLP Policy, the Web Proxy sends the upload request to the
DLP system using the Internet Content Adaptation Protocol (ICAP) for scanning. The DLP system scans
the request body content and returns a block or allow verdict to the Web Proxy. The allow verdict is
DLP system using the Internet Content Adaptation Protocol (ICAP) for scanning. The DLP system scans
the request body content and returns a block or allow verdict to the Web Proxy. The allow verdict is
Action
Description
Block
The Web Proxy does not permit the connection and instead displays an end user
notification page explaining the reason for the block.
notification page explaining the reason for the block.
Allow
The Web Proxy bypasses the rest of the Data Security Policy security service scanning
and then evaluates the request against the Access Policies before taking a final action.
and then evaluates the request against the Access Policies before taking a final action.
For Cisco IronPort Data Security Policies, Allow bypasses the rest of data security
scanning, but does not bypass External DLP or Access Policy scanning. The final action
the Web Proxy takes on the request is determined by the applicable Access Policy (or
an applicable external DLP Policy that may block the request).
scanning, but does not bypass External DLP or Access Policy scanning. The final action
the Web Proxy takes on the request is determined by the applicable Access Policy (or
an applicable external DLP Policy that may block the request).
Monitor
The Web Proxy continues comparing the transaction to the other Data Security Policy
group control settings to determine whether to block the transaction or evaluate it
against the Access Policies.
group control settings to determine whether to block the transaction or evaluate it
against the Access Policies.