Cisco Cisco Email Security Appliance X1070 User Guide
11-20
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Figure 11-8
DLP Assessment Wizard: Step 2. Reports
Step 3: Review
A summary of the DLP configuration information is displayed. You can edit the Policies and Reporting
information by clicking the Previous button or by clicking the corresponding Edit link in the upper-right
of each section. When you return to a step to make a change, you must proceed through the remaining
steps until you reach this review page again. All settings you previously entered will be remembered.
information by clicking the Previous button or by clicking the corresponding Edit link in the upper-right
of each section. When you return to a step to make a change, you must proceed through the remaining
steps until you reach this review page again. All settings you previously entered will be remembered.
Figure 11-9
DLP Assessment Wizard: Step 3. Review
Once you are satisfied with the information displayed click Finish. AsyncOS displays the Outgoing Mail
Policies page with your DLP policies enabled in the default outgoing mail policy. A summary of your
DLP policy configuration is displayed at the top of the page. Commit your changes.
Policies page with your DLP policies enabled in the default outgoing mail policy. A summary of your
DLP policy configuration is displayed at the top of the page. Commit your changes.
For information on editing the DLP policies and creating additional ones, see
. For information on enabling the DLP policies for other outgoing mail policies, see
Content Matching Classifiers
Content matching classifiers are the detection components of the RSA Email DLP scanning engine. They
search messages, message headers, and the content of extracted attachments for data patterns, such as
credit card numbers or driver license identification numbers, and the context in which the patterns
appear. For example, a classifier for detecting credit card numbers scans for not only patterns of numbers
that match the credit card number format, but supporting data like expiration dates and the names of
credit card companies. Evaluating the context of the data decreases the number of false positives.
search messages, message headers, and the content of extracted attachments for data patterns, such as
credit card numbers or driver license identification numbers, and the context in which the patterns
appear. For example, a classifier for detecting credit card numbers scans for not only patterns of numbers
that match the credit card number format, but supporting data like expiration dates and the names of
credit card companies. Evaluating the context of the data decreases the number of false positives.
Many of the policy templates from RSA include a predefined set of classifiers. When creating a policy
based on the Custom Policy template, you can choose an RSA classifier or add one of your own. For
information on creating your own classifier to use in custom DLP policies, see
based on the Custom Policy template, you can choose an RSA classifier or add one of your own. For
information on creating your own classifier to use in custom DLP policies, see
A number of policy templates require customization of one or more classifiers in order to detect sensitive
data. Customization includes creating a regular expression to search for identification numbers and a list
of words and phrases that may consistently appear with the identification number. For example, adding
a policy based on the FERPA (Family Educational Rights and Privacy Act) template requires creating a
regular expression to match custom student ID numbers. If the ID numbers consistently appear with the
phrase “Student ID,” such as “Student ID: 123-45-6789,” adding the phrase to the policy would improve
content matching accuracy. For more information on required customization for DLP policies, see
data. Customization includes creating a regular expression to search for identification numbers and a list
of words and phrases that may consistently appear with the identification number. For example, adding
a policy based on the FERPA (Family Educational Rights and Privacy Act) template requires creating a
regular expression to match custom student ID numbers. If the ID numbers consistently appear with the
phrase “Student ID,” such as “Student ID: 123-45-6789,” adding the phrase to the policy would improve
content matching accuracy. For more information on required customization for DLP policies, see
.