Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-32
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 17 Data Loss Prevention
Message Actions
If you want to use local DLP policies similar to the ones on Enterprise Manager, you can recreate them
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
For information on creating DLP policies using the DLP Policy Manager, see
For instructions on removing the Email Security appliance as a partner device in Enterprise Manager,
see the RSA Enterprise Manager documentation.
see the RSA Enterprise Manager documentation.
Message Actions
You specify primary and secondary actions that the Email Security appliance will take when it detects a
possible DLP violation in an outgoing message. Different actions can be assigned for different violation
types and severities.
possible DLP violation in an outgoing message. Different actions can be assigned for different violation
types and severities.
Primary actions include:
•
Deliver
•
Drop
•
Quarantine
Secondary actions include:
•
Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.
•
Encrypting messages. The appliance only encrypts the message body. It does not encrypt the
message headers.
message headers.
•
Altering the subject header of messages containing a DLP violation.
•
Adding disclaimer text to messages.
•
Sending messages to an alternate destination mailhost.
•
Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with
critical DLP violations to a compliance officer’s mailbox for examination.)
critical DLP violations to a compliance officer’s mailbox for examination.)
•
Sending a DLP violation notification message to the sender or other contacts, such as a manager or
DLP compliance officer. See
DLP compliance officer. See
.
Note
These actions are not mutually exclusive: you can combine some of them within different DLP policies
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer, but you may want to deliver
messages with low severity levels.
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer, but you may want to deliver
messages with low severity levels.