Cisco Cisco Email Security Appliance C650 Guía Del Usuario
15-34
Cisco AsyncOS 8.0 for Email User Guide
Chapter 15 Data Loss Prevention
Message Actions
•
Encrypting messages. The appliance only encrypts the message body. It does not encrypt the
message headers.
message headers.
•
Altering the subject header of messages containing a DLP violation.
•
Adding disclaimer text to messages.
•
Sending messages to an alternate destination mailhost.
•
Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with
critical DLP violations to a compliance officer’s mailbox for examination.)
critical DLP violations to a compliance officer’s mailbox for examination.)
•
Sending a DLP violation notification message to the sender or other contacts, such as a manager or
DLP compliance officer. See
DLP compliance officer. See
.
Note
These actions are not mutually exclusive: you can combine some of them within different DLP policies
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer, but you may want to deliver
messages with low severity levels.
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer, but you may want to deliver
messages with low severity levels.
Defining Actions to Take for DLP Violations (Message Actions)
Before You Begin
•
Create at least one dedicated quarantine to hold messages (or copies of messages) that violate DLP
policies.
policies.
This can be a local quarantine on an Email Security appliance or a centralized quarantine on a
Security Management appliance.
Security Management appliance.
For deployments with Enterprise Manager:
–
Set a timeout large enough for Enterprise Manager to complete its tasks.
–
Consider automatic actions carefully; although quarantined messages must be managed in
Enterprise Manager, the Email Security appliance still releases or deletes quarantined messages
when the quarantine exceeds the allotted space.
Enterprise Manager, the Email Security appliance still releases or deletes quarantined messages
when the quarantine exceeds the allotted space.
For information, see
•
If you want to encrypt messages before delivery, make sure you have set up an encryption profile.
See
See
•
To include disclaimer text when delivering messages with DLP violations or suspected violations,
specify disclaimer text in Mail Policies > Text Resources. For information, see
specify disclaimer text in Mail Policies > Text Resources. For information, see
•
To send a notification to the sender of a DLP violation or to another person such as a compliance
officer, first create the DLP notification template. See
officer, first create the DLP notification template. See
Procedure
Step 1
Select Mail Policies > DLP Message Actions.
Step 2
Click Add Message Action.
Step 3
Enter a name for the message action.
Step 4
Enter a description of the message action.