Cisco Cisco Email Security Appliance C680 User Guide
11-2
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Data Loss Prevention Overview
The Cisco IronPort Email Security appliance’s Data Loss Prevention feature secures your organization’s
information and intellectual property and enforces regulatory and organizational compliance by
preventing users from emailing sensitive data from your network. You define what kind of data your
employees are not allowed to email by creating DLP policies that scan outgoing messages for any data
that may violate laws or corporate policies.
information and intellectual property and enforces regulatory and organizational compliance by
preventing users from emailing sensitive data from your network. You define what kind of data your
employees are not allowed to email by creating DLP policies that scan outgoing messages for any data
that may violate laws or corporate policies.
This document refers to any message content that violates your DLP policies as DLP violation and the
occurrence of message containing a violation as a DLP incident. When a DLP incident occurs, the
appliance takes the appropriate actions with the message to secure the information, such as quarantining
the message and sending a notification to someone in your organization responsible for data security.
occurrence of message containing a violation as a DLP incident. When a DLP incident occurs, the
appliance takes the appropriate actions with the message to secure the information, such as quarantining
the message and sending a notification to someone in your organization responsible for data security.
The Email Security appliance has an integrated DLP scanning engine and a set of DLP policies created
by RSA, which is referred to collectively in this documentation and on the appliance as RSA Email DLP.
You can configure the Email Security appliance’s outgoing mail policies to scan messages and
attachments for DLP violations. RSA Email DLP includes over 100 DLP policy templates designed by
RSA. See
by RSA, which is referred to collectively in this documentation and on the appliance as RSA Email DLP.
You can configure the Email Security appliance’s outgoing mail policies to scan messages and
attachments for DLP violations. RSA Email DLP includes over 100 DLP policy templates designed by
RSA. See
for more information.
For users of RSA’s Enterprise Manager, you can connect your Email Security appliances to Enterprise
Manager as partner devices, allowing the appliances to use Enterprise Manager as a centralized
management interface for multiple appliance on the network. Enterprise Manager provides a wider array
of DLP technologies than RSA Email DLP does on the local Email Security appliance.
Manager as partner devices, allowing the appliances to use Enterprise Manager as a centralized
management interface for multiple appliance on the network. Enterprise Manager provides a wider array
of DLP technologies than RSA Email DLP does on the local Email Security appliance.
RSA Email DLP’s policies are configured locally on the appliance while Enterprise Manager can
manage the DLP policies for multiple Email Security appliances, including clustered appliances, and
pushes those policies to the appliances for when the outgoing mail policies perform DLP scans.
manage the DLP policies for multiple Email Security appliances, including clustered appliances, and
pushes those policies to the appliances for when the outgoing mail policies perform DLP scans.
If enabled, DLP scanning is performed in the appliance’s “work queue” for outgoing mail immediately
after the Outbreak Filters stage. See
after the Outbreak Filters stage. See
for more information.
Data Loss Prevention Global Settings
To scan outgoing emails for sensitive data, you must first enable the Data Loss Prevention feature using
the Security Services > RSA Email DLP page. You can choose whether to use RSA Enterprise Manager
or RSA Email DLP for data loss prevention.
the Security Services > RSA Email DLP page. You can choose whether to use RSA Enterprise Manager
or RSA Email DLP for data loss prevention.
Select RSA Email DLP if you want to configure and manage your DLP policies on the local Email
Security appliance. You can choose to either run the DLP Assessment Wizard to enable the most popular
DLP policies on the appliance or manually configure DLP policies. To learn how to run the DLP
Assessment Wizard, see
Security appliance. You can choose to either run the DLP Assessment Wizard to enable the most popular
DLP policies on the appliance or manually configure DLP policies. To learn how to run the DLP
Assessment Wizard, see
. To learn how to manually
configure DLP policies, see
.
After you enable RSA Email DLP, you can enable the policies on your outgoing mail policies using the
Email Security Manager. For more information, see
Email Security Manager. For more information, see
Select RSA Enterprise Manager if you want to use Enterprise Manager to configure and manage the DLP
policies for your appliances. Enterprise Manager receives outgoing mail policy and message action
definitions from the Email Security appliance and then pushes DLP policies to connected Email Security
appliances. Administrators can also view DLP incidents and send commands to delete or release
messages from quarantines using Enterprise Manager.
policies for your appliances. Enterprise Manager receives outgoing mail policy and message action
definitions from the Email Security appliance and then pushes DLP policies to connected Email Security
appliances. Administrators can also view DLP incidents and send commands to delete or release
messages from quarantines using Enterprise Manager.