Cisco Cisco Email Security Appliance C160 Mode D'Emploi

A DLP policy is a set of conditions that the RSA Email DLP scanning engine uses 
to determine whether an outgoing message contains sensitive data and the actions 
that AsyncOS takes when a message contains such data. 

DLP policies include content matching classifiers developed by RSA, which the 
RSA Email DLP scanning engine uses to detect sensitive data in messages and 
attachments. The classifiers search for more than data patterns like credit card 
numbers and driver license IDs; they examine the context of the patterns, leading 
to fewer false positives. For more information, see 

Before RSA Email DLP scanning takes place, the AsyncOS’s content scanning 
engine prepends the To, From, CC, and Subject headers to the message body, or 
any MIME parts that are tagged as content. This allows the RSA Email DLP 
scanning engine to scan these headers using the DLP policy’s content matching 
classifiers. 

If the DLP scanning engine detects a DLP violation in a message or an 
attachment, the DLP scanning engine determines the risk factor of the violation 
and returns the result to the matching DLP policy. The policy uses its own Severity 
Scale to evaluate the severity of the DLP violation based on the risk factor and 
applies the appropriate actions to the message. The scale includes five severity 
levels: Ignore, Low, Medium, High, and Critical. 

Actions that can be taken on all severity levels except Ignore include:

The overall action to take on the message being examined: deliver, drop, or 
quarantine.

Encrypt messages. The appliance only encrypts the message body. It does not 
encrypt the message headers.

Alter the subject header of messages containing a DLP violation.

Add disclaimer text to messages.