Cisco Cisco Email Security Appliance C680 User Guide
11-10
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
•
For more information on content matching classifiers, see
•
For more information on the DLP Incidents report, see the “Using Email Security Monitor” chapter
in the Cisco IronPort AsyncOS for Email Daily Management Guide.
in the Cisco IronPort AsyncOS for Email Daily Management Guide.
•
For information on searching for messages with DLP violations in Message Tracking, see the
“Tracking Email Messages” chapter in the Cisco IronPort AsyncOS for Email Daily Management
Guide.
“Tracking Email Messages” chapter in the Cisco IronPort AsyncOS for Email Daily Management
Guide.
Note
The scanning engine only uses a classifier once when scanning a message. If an outgoing mail policy
has two or more DLP policies that use the same classifier, the policies use the result from a single
classifier scan.
has two or more DLP policies that use the same classifier, the policies use the result from a single
classifier scan.
Hardware Requirements
The RSA Email DLP feature is supported on all C-Series and X-Series appliances, except for the C10,
C30, C60, C100, C300D, C350D, C360D, and C370D appliances.
C30, C60, C100, C300D, C350D, C360D, and C370D appliances.
DLP Policies
A DLP policy is a set of conditions that the RSA Email DLP scanning engine uses to determine whether
an outgoing message contains sensitive data and the actions that AsyncOS takes when a message
contains such data.
an outgoing message contains sensitive data and the actions that AsyncOS takes when a message
contains such data.
DLP policies include content matching classifiers developed by RSA, which the RSA Email DLP
scanning engine uses to detect sensitive data in messages and attachments. The classifiers search for
more than data patterns like credit card numbers and driver license IDs; they examine the context of the
patterns leading to fewer false positives. For more information, see
scanning engine uses to detect sensitive data in messages and attachments. The classifiers search for
more than data patterns like credit card numbers and driver license IDs; they examine the context of the
patterns leading to fewer false positives. For more information, see
Before RSA Email DLP scanning takes place, AsyncOS’s content scanning engine prepends the To,
From, CC, and Subject headers to the message body, or any MIME parts that are tagged as content. This
allows the RSA Email DLP scanning engine to scan these headers using the DLP policy’s content
matching classifiers.
From, CC, and Subject headers to the message body, or any MIME parts that are tagged as content. This
allows the RSA Email DLP scanning engine to scan these headers using the DLP policy’s content
matching classifiers.
If the DLP scanning engine detects a DLP violation in a message or an attachment, the DLP scanning
engine determines the risk factor of the violation and returns the result to the matching DLP policy. The
policy uses its own Severity Scale to evaluate the severity of the DLP violation based on the risk factor
and applies the appropriate actions to the message. The scale includes five severity levels: Ignore, Low,
Medium, High, and Critical. You decide what the Email Security appliance does with the message by
specifying a message action for each severity level, except Ignore. For more information on message
actions, see
engine determines the risk factor of the violation and returns the result to the matching DLP policy. The
policy uses its own Severity Scale to evaluate the severity of the DLP violation based on the risk factor
and applies the appropriate actions to the message. The scale includes five severity levels: Ignore, Low,
Medium, High, and Critical. You decide what the Email Security appliance does with the message by
specifying a message action for each severity level, except Ignore. For more information on message
actions, see
Content of Policies
Email DLP policies contain the following information:
•
Name and description of the policy.