Cisco Cisco Email Security Appliance C680 User Guide
11-5
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
To create the .zip file, click Export DLP Configuration on the Data Loss Prevention Settings page.
Enter a name for the .zip file and click Export. The Email Security appliance includes all active DLP
policies assigned to an outgoing mail in the .zip file. Disabled DLP policies and DLP that are not
assigned to an outgoing mail policy are not included in the .zip file.
Enter a name for the .zip file and click Export. The Email Security appliance includes all active DLP
policies assigned to an outgoing mail in the .zip file. Disabled DLP policies and DLP that are not
assigned to an outgoing mail policy are not included in the .zip file.
If the Email Security appliance is part of the cluster, the appliance only exports the policies from the
lowest level of the cluster. For example, if there are DLP policies at both the cluster and machine level,
the appliance only exports the DLP policies from the machine level.
lowest level of the cluster. For example, if there are DLP policies at both the cluster and machine level,
the appliance only exports the DLP policies from the machine level.
If the appliance is using RSA Enterprise Manager for DLP, you can use these instructions to export the
active DLP policies that Enterprise Manager sent to the appliance.
active DLP policies that Enterprise Manager sent to the appliance.
The file is ready to be imported in Enterprise Manager. See the RSA Enterprise Manager help for
instructions on importing the configuration into Enterprise Manager.
instructions on importing the configuration into Enterprise Manager.
Switching Data Loss Prevention Modes
If you want to go back to using RSA Email DLP for data loss prevention after using RSA Enterprise
Manager, use the Global Settings page to switch back to RSA Email DLP mode by following the steps
in
Manager, use the Global Settings page to switch back to RSA Email DLP mode by following the steps
in
.
The Email Security appliance automatically reverts back to the RSA Email DLP policies it used before
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.
If you want to use local DLP policies similar to the ones on Enterprise Manager, you can recreate them
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
See
for information on
creating DLP policies using the DLP Policy Manager.
See the RSA Enterprise Manager help for instructions on removing the Email Security appliance as a
partner device in Enterprise Manager if you want to stop using Enterprise Manager to manage the
appliance’s DLP policies.
partner device in Enterprise Manager if you want to stop using Enterprise Manager to manage the
appliance’s DLP policies.
Message Actions
When the Email Security appliance detects a possible DLP violation in an outgoing message, it needs to
know what to do with the message. Message actions define a primary action for the Email Security
appliance to take with the message, which can be Deliver, Drop, or Quarantine. You can also specify
secondary actions to take on messages. Secondary actions include:
know what to do with the message. Message actions define a primary action for the Email Security
appliance to take with the message, which can be Deliver, Drop, or Quarantine. You can also specify
secondary actions to take on messages. Secondary actions include:
•
Sending a copy to a system quarantine if you choose to deliver the message. The copy is a perfect
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.
•
Encrypting messages. The appliance only encrypts the message body. It does not encrypt the
message headers.
message headers.
•
Altering the subject header of messages containing a DLP violation.
•
Adding disclaimer text to messages.