Cisco Cisco Web Security Appliance S170 Guía Del Usuario
C H A P T E R
15-1
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
15
Prevent Loss of Sensitive Data
•
Overview of Data Security and External DLP Policies, page 13-1
•
Managing Upload Requests, page 13-2
•
•
•
•
•
•
•
Overview of Prevent Loss of Sensitive Data
The Web Security appliance secures your data by providing the following capabilities:
When the Web Proxy receives an upload request, it compares the request to the Data Security and
External DLP Policy groups to determine which policy group to apply. If both types of policies are
configured, it compares the request to Cisco IronPort Data Security Policies before external DLP
Policies. After it assigns the request to a policy group, it compares the request to the policy group’s
configured control settings to determine what to do with the request. How you configure the appliance
to handle upload requests depends on the policy group type.
External DLP Policy groups to determine which policy group to apply. If both types of policies are
configured, it compares the request to Cisco IronPort Data Security Policies before external DLP
Policies. After it assigns the request to a policy group, it compares the request to the policy group’s
configured control settings to determine what to do with the request. How you configure the appliance
to handle upload requests depends on the policy group type.
Note
Upload requests that try to upload files with a size of zero (0) bytes are not evaluated against Cisco
IronPort Data Security or External DLP Policies.
IronPort Data Security or External DLP Policies.
Option
Description
Cisco IronPort Data Security
Filters
Filters
The Cisco IronPort Data Security Filters on the Web Security appliance
evaluate data leaving the network over HTTP, HTTPS and FTP.
evaluate data leaving the network over HTTP, HTTPS and FTP.
Third party data loss
prevention (DLP) integration
prevention (DLP) integration
The Web Security appliance integrates with leading third party
content-aware DLP systems that identify and protect sensitive data. The
Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which
allows proxy servers to offload content scanning to external systems
content-aware DLP systems that identify and protect sensitive data. The
Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which
allows proxy servers to offload content scanning to external systems