Cisco Cisco Web Security Appliance S670 User Guide
Chapter 12 Data Security and External DLP Policies
Data Security and External DLP Policies Overview
12-2
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
The IronPort Web Security appliance secures your data by providing the following
capabilities:
capabilities:
•
IronPort Data Security Filters. The IronPort Data Security Filters on the
Web Security appliance evaluate data leaving the network over HTTP,
HTTPS, and FTP to control what data goes where and how and by whom.
Web Security appliance evaluate data leaving the network over HTTP,
HTTPS, and FTP to control what data goes where and how and by whom.
•
Third party data loss prevention (DLP) integration. The Web Security
appliance integrates with leading third party content-aware DLP systems that
identify and protect sensitive data. The Web Proxy uses the Internet Content
Adaptation Protocol (ICAP) which is a lightweight HTTP based protocol that
allows proxy servers to offload content scanning to external systems. By
offloading the content scanning to dedicated external systems, the Web Proxy
can take advantage of the deep content scanning in other products while being
free to perform other Web Proxy functions with minimal performance impact.
appliance integrates with leading third party content-aware DLP systems that
identify and protect sensitive data. The Web Proxy uses the Internet Content
Adaptation Protocol (ICAP) which is a lightweight HTTP based protocol that
allows proxy servers to offload content scanning to external systems. By
offloading the content scanning to dedicated external systems, the Web Proxy
can take advantage of the deep content scanning in other products while being
free to perform other Web Proxy functions with minimal performance impact.
By working with the IronPort Data Security Filters and external DLP systems, the
Web Security appliance allows you to protect information and intellectual
property and enforce regulatory and organization compliance by preventing users
from unintentionally uploading sensitive data. You define what kind of data is
allowed to leave the network.
Web Security appliance allows you to protect information and intellectual
property and enforce regulatory and organization compliance by preventing users
from unintentionally uploading sensitive data. You define what kind of data is
allowed to leave the network.
To restrict data that is leaving the network, the Web Security appliance provides
the following types of policy groups:
the following types of policy groups:
•
IronPort Data Security Policies. When you enable the IronPort Data
Security Filters, you can create IronPort Data Security Policies to enforce
business policies. For example, you can create a Data Security Policy that
prevents users from sending out Excel or zip files. For more information, see
Security Filters, you can create IronPort Data Security Policies to enforce
business policies. For example, you can create a Data Security Policy that
prevents users from sending out Excel or zip files. For more information, see
•
External DLP Policies. When you configure the appliance to work with an
external DLP system, you can create External DLP Policies to pass data
leaving the network to the external DLP system which scans the content and
determines whether or not to block the request. For more information, see
external DLP system, you can create External DLP Policies to pass data
leaving the network to the external DLP system which scans the content and
determines whether or not to block the request. For more information, see
Depending on your organization’s needs, you might want to use both Data
Security and External DLP Policies. For example, you might use the IronPort
Data Security Policies to block data uploads to websites with a low reputation
score. This way, the data is never sent to the external DLP system for a deep
content scan, which improves overall performance.
Security and External DLP Policies. For example, you might use the IronPort
Data Security Policies to block data uploads to websites with a low reputation
score. This way, the data is never sent to the external DLP system for a deep
content scan, which improves overall performance.