Cisco Cisco Email Security Appliance C690 User Guide
11-27
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Step 2
Enter the number of characters within which the classifier’s rules must be found in order to count as a
proximity match.
proximity match.
Step 3
Enter the minimum total score for the classifier.
Step 4
Define a rule for the classifier, including the weight and maximum score.
Step 5
Click Add Rule to add the rule to the classifier. You can add multiple rules.
Step 6
Submit your classifier and continue creating the custom policy.
RSA Enterprise Manager
Starting in AsyncOS 7.6, Cisco provides the option of using RSA Enterprise Manager to create and
manage DLP policies for the Email Security appliances on your network. RSA Enterprise Manager is a
third-party software offered by RSA Security, Inc. It is not a part of the Cisco IronPort Email Security
appliance. Partnering your Email Security appliances with Enterprise Manager opens up a robust set of
DLP capabilities to your appliances while turning management of the appliances’ DLP functionality
over to Enterprise Manager. RSA Enterprise Manager also acts as a centralized manager for DLP across
all connected Email Security appliances.
manage DLP policies for the Email Security appliances on your network. RSA Enterprise Manager is a
third-party software offered by RSA Security, Inc. It is not a part of the Cisco IronPort Email Security
appliance. Partnering your Email Security appliances with Enterprise Manager opens up a robust set of
DLP capabilities to your appliances while turning management of the appliances’ DLP functionality
over to Enterprise Manager. RSA Enterprise Manager also acts as a centralized manager for DLP across
all connected Email Security appliances.
Note
This guide provides an overview of how the Email Security appliance integrates with RSA Enterprise
Manager along with instructions on configuring the Email Security appliance. Use the RSA Enterprise
Manager technical documentation for information on configuring Enterprise Manager to work with the
Email Security appliance and managing DLP policies using Enterprise Manager. This guide references
the RSA Enterprise Manager help when appropriate.
Manager along with instructions on configuring the Email Security appliance. Use the RSA Enterprise
Manager technical documentation for information on configuring Enterprise Manager to work with the
Email Security appliance and managing DLP policies using Enterprise Manager. This guide references
the RSA Enterprise Manager help when appropriate.
How RSA Enterprise Manager DLP Works
When you use RSA Enterprise Manager for DLP, Enterprise Manager becomes your interface for
managing the DLP policies for the Email Security appliances on your network and handling messages
that contain DLP violations. Setting up RSA Enterprise Manager for DLP requires you to configure both
your Email Security appliances and Enterprise Manager to work together to exchange data.
managing the DLP policies for the Email Security appliances on your network and handling messages
that contain DLP violations. Setting up RSA Enterprise Manager for DLP requires you to configure both
your Email Security appliances and Enterprise Manager to work together to exchange data.
First, create the outgoing mail policies and message actions you want to use for your DLP monitoring
and enforcement on the Email Security appliance. When you connect the Email Security appliance to
Enterprise Manager, as described in
and enforcement on the Email Security appliance. When you connect the Email Security appliance to
Enterprise Manager, as described in
, the Email Security
appliance sends the names and metadata of the mail policies and message actions to Enterprise Manager,
where you use this information when creating DLP policies. After you create and enable a DLP policy
in Enterprise Manager, Enterprise Manager sends the DLP policy as part of a data package to the Email
Security appliance. The Email Security appliance stores the DLP policies and uses them to scan outgoing
messages for violations based on the Enterprise Manager DLP policies and sends information on
incidents of DLP violations to Enterprise Manager for the administrator to view and manage. RSA
Enterprise Manager requires the User Distinguished Name LDAP query to retrieve the sender’s name
from messages in order to include this information as part of the DLP incident data sent by the appliance
when it detects a DLP violation.
where you use this information when creating DLP policies. After you create and enable a DLP policy
in Enterprise Manager, Enterprise Manager sends the DLP policy as part of a data package to the Email
Security appliance. The Email Security appliance stores the DLP policies and uses them to scan outgoing
messages for violations based on the Enterprise Manager DLP policies and sends information on
incidents of DLP violations to Enterprise Manager for the administrator to view and manage. RSA
Enterprise Manager requires the User Distinguished Name LDAP query to retrieve the sender’s name
from messages in order to include this information as part of the DLP incident data sent by the appliance
when it detects a DLP violation.
The order of the DLP policies defined in Enterprise Manager is important. When a DLP violation occurs,
the Email Security appliance matches DLP violations in a top-down manner and takes action against the
message based on the first policy it matches. You configure the policy order in Enterprise Manager,
which is sent as part of the data package to the Email Security appliance.
the Email Security appliance matches DLP violations in a top-down manner and takes action against the
message based on the first policy it matches. You configure the policy order in Enterprise Manager,
which is sent as part of the data package to the Email Security appliance.