Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
Chapter 11 Data Loss Prevention
11-358
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Figure 11-1
RSA Email Data Loss Prevention Enabled
DLP Policies
A DLP policy is a set of conditions that AsyncOS and the RSA Email DLP
scanning engine use to determine whether an outgoing message contains sensitive
data and the actions that AsyncOS takes when a message contains such data.
scanning engine use to determine whether an outgoing message contains sensitive
data and the actions that AsyncOS takes when a message contains such data.
DLP policies include content matching classifiers developed by RSA, which the
RSA Email DLP scanning engine uses to detect sensitive data in messages and
attachments. The classifiers search for more than data patterns like credit card
numbers and driver license IDs; they examine the context of the patterns , leading
to fewer false positives. For more information, see
RSA Email DLP scanning engine uses to detect sensitive data in messages and
attachments. The classifiers search for more than data patterns like credit card
numbers and driver license IDs; they examine the context of the patterns , leading
to fewer false positives. For more information, see
If the DLP scanning engine detects a DLP violation in a message or an
attachment, the DLP scanning engine determines the risk factor of the violation
and returns the result to the matching DLP policy. The policy uses its own severity
scale to evaluate the severity of the DLP violation based on the risk factor and
applies the appropriate actions to the message. The scale includes five severity
levels: Ignore, Low, Medium, High, and Critical.
attachment, the DLP scanning engine determines the risk factor of the violation
and returns the result to the matching DLP policy. The policy uses its own severity
scale to evaluate the severity of the DLP violation based on the risk factor and
applies the appropriate actions to the message. The scale includes five severity
levels: Ignore, Low, Medium, High, and Critical.
Actions that can be taken on all severity levels except Ignore include:
•
The overall action to take on the message being examined: deliver, drop, or
quarantine.
quarantine.
•
Encrypt messages.
•
Alter the subject header of messages containing a DLP violation.
•
Add disclaimer text to messages.
•
Send messages to an alternate destination mailhost.
•
Send copies (bcc) of messages to other recipients. (For example, you could
copy messages with critical DLP violations to a compliance officer’s mailbox
for subsequent examination.)
copy messages with critical DLP violations to a compliance officer’s mailbox
for subsequent examination.)