Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 11 Data Loss Prevention
11-6
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Figure 11-1
RSA Email Data Loss Prevention Enabled
DLP Policies
A DLP policy is a set of conditions that the RSA Email DLP scanning engine uses
to determine whether an outgoing message contains sensitive data and the actions
that AsyncOS takes when a message contains such data.
to determine whether an outgoing message contains sensitive data and the actions
that AsyncOS takes when a message contains such data.
DLP policies include content matching classifiers developed by RSA, which the
RSA Email DLP scanning engine uses to detect sensitive data in messages and
attachments. The classifiers search for more than data patterns like credit card
numbers and driver license IDs; they examine the context of the patterns, leading
to fewer false positives. For more information, see
RSA Email DLP scanning engine uses to detect sensitive data in messages and
attachments. The classifiers search for more than data patterns like credit card
numbers and driver license IDs; they examine the context of the patterns, leading
to fewer false positives. For more information, see
Before RSA Email DLP scanning takes place, the AsyncOS’s content scanning
engine prepends the To, From, CC, and Subject headers to the message body, or
any MIME parts that are tagged as content. This allows the RSA Email DLP
scanning engine to scan these headers using the DLP policy’s content matching
classifiers.
engine prepends the To, From, CC, and Subject headers to the message body, or
any MIME parts that are tagged as content. This allows the RSA Email DLP
scanning engine to scan these headers using the DLP policy’s content matching
classifiers.
If the DLP scanning engine detects a DLP violation in a message or an
attachment, the DLP scanning engine determines the risk factor of the violation
and returns the result to the matching DLP policy. The policy uses its own Severity
Scale to evaluate the severity of the DLP violation based on the risk factor and
applies the appropriate actions to the message. The scale includes five severity
levels: Ignore, Low, Medium, High, and Critical.
attachment, the DLP scanning engine determines the risk factor of the violation
and returns the result to the matching DLP policy. The policy uses its own Severity
Scale to evaluate the severity of the DLP violation based on the risk factor and
applies the appropriate actions to the message. The scale includes five severity
levels: Ignore, Low, Medium, High, and Critical.
Actions that can be taken on all severity levels except Ignore include:
•
The overall action to take on the message being examined: deliver, drop, or
quarantine.
quarantine.
•
Encrypt messages. The appliance only encrypts the message body. It does not
encrypt the message headers.
encrypt the message headers.
•
Alter the subject header of messages containing a DLP violation.
•
Add disclaimer text to messages.