Cisco Cisco Email Security Appliance C370 Guida Utente
11-3
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
queue.” AsyncOS also provides the DLP Assessment Wizard to guide you through
setting up the most popular DLP policies. For more information, see
setting up the most popular DLP policies. For more information, see
The RSA Email DLP scanning engine scans each message, along with its headers
and attachments, using every classifier in the DLP policies enabled in the
outgoing mail policy. To scan headers, the Cisco IronPort appliance’s content
scanning engine prepends the headers to the message body or any MIME parts
that are content, and the RSA Email DLP scanning engine performs a content
matching classifier scan. To scan attachments, the content scanning engine
extracts the attachment for the RSA Email DLP scanning engine to scan.
and attachments, using every classifier in the DLP policies enabled in the
outgoing mail policy. To scan headers, the Cisco IronPort appliance’s content
scanning engine prepends the headers to the message body or any MIME parts
that are content, and the RSA Email DLP scanning engine performs a content
matching classifier scan. To scan attachments, the content scanning engine
extracts the attachment for the RSA Email DLP scanning engine to scan.
After scanning is complete, the RSA Email DLP engine determines if the message
violated any of the enabled DLP policies. If the violation matches more than one
DLP policy, the RSA Email DLP engine chooses the first matching DLP policy
listed in the outgoing mail policy in a top-down fashion. You define the order of
the DLP policies in the DLP Policy Manager.
violated any of the enabled DLP policies. If the violation matches more than one
DLP policy, the RSA Email DLP engine chooses the first matching DLP policy
listed in the outgoing mail policy in a top-down fashion. You define the order of
the DLP policies in the DLP Policy Manager.
The RSA Email DLP engine decides how to handle a message by first calculating
a risk factor score for the DLP violation. The risk factor score represents the
severity of the DLP violation, ranging from 0 to 100. The RSA Email DLP engine
compares the risk factor score to the Severity Scale defined for that DLP policy.
The Severity Scale categorizes the possible DLP violation as one of the following
severity levels:
a risk factor score for the DLP violation. The risk factor score represents the
severity of the DLP violation, ranging from 0 to 100. The RSA Email DLP engine
compares the risk factor score to the Severity Scale defined for that DLP policy.
The Severity Scale categorizes the possible DLP violation as one of the following
severity levels:
•
Ignore
•
Low
•
Medium
•
High
•
Critical
The severity level determines which actions, if any, are taken on the message.
You can use the DLP Incidents report to view information on DLP violations
discovered in outgoing mail. You can also use message tracking to search for
messages based on the severity of the DLP violation.
discovered in outgoing mail. You can also use message tracking to search for
messages based on the severity of the DLP violation.
•
For more information on DLP email policies and content matching classifiers,
see
see
•
For more information on content matching classifiers, see