Cisco Cisco Web Security Appliance S370 Guia Do Utilizador
16-3
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 16 Prevent Loss of Sensitive Data
Managing Upload Requests on an External DLP System
Step 1
Create and configure Data Security Policy groups. Cisco Data Security policies use URL filtering,
Web reputation, and upload content information when evaluating the upload request. You configure each
of these security components to determine whether or not to block the upload request.
Web reputation, and upload content information when evaluating the upload request. You configure each
of these security components to determine whether or not to block the upload request.
When the Web Proxy compares an upload request to the control settings, it evaluates the settings in order.
Each control setting can be configured to perform one of the following actions for Cisco Data Security
policies:
Each control setting can be configured to perform one of the following actions for Cisco Data Security
policies:
For Cisco Data Security policies, only the Block action is a final action that the Web Proxy takes on a
client request. The Monitor and Allow actions are intermediary actions. In both cases, the Web Proxy
evaluates the transaction against the External DLP Policies (if configured) and Access Policies. The Web
Proxy determines which final action to apply based on the Access Policy group control settings (or an
applicable external DLP Policy that may block the request).
client request. The Monitor and Allow actions are intermediary actions. In both cases, the Web Proxy
evaluates the transaction against the External DLP Policies (if configured) and Access Policies. The Web
Proxy determines which final action to apply based on the Access Policy group control settings (or an
applicable external DLP Policy that may block the request).
Related Topics
•
Managing Upload Requests on an External DLP System, page 13-3
•
Managing Upload Requests on an External DLP System
To configure the Web Security appliance to handle upload requests on an external DLP system, perform
the following tasks:
the following tasks:
Step 1
Choose Network > External DLP Servers. Define an external DLP system. To pass an upload request
to an external DLP system for scanning, you must define at least one ICAP-compliant DLP system on
the Web Security appliance.
to an external DLP system for scanning, you must define at least one ICAP-compliant DLP system on
the Web Security appliance.
Step 2
Create and configure External DLP Policy groups. After an external DLP system is defined, you
create and configure External DLP Policy groups to determine which upload requests to send to the DLP
system for scanning.
create and configure External DLP Policy groups to determine which upload requests to send to the DLP
system for scanning.
Action
Description
Block
The Web Proxy does not permit the connection and instead displays an end user
notification page explaining the reason for the block.
notification page explaining the reason for the block.
Allow
The Web Proxy bypasses the rest of the Data Security Policy security service scanning
and then evaluates the request against the Access Policies before taking a final action.
and then evaluates the request against the Access Policies before taking a final action.
For Cisco Data Security policies, Allow bypasses the rest of data security scanning, but
does not bypass External DLP or Access Policy scanning. The final action the Web
Proxy takes on the request is determined by the applicable Access Policy (or an
applicable external DLP Policy that may block the request).
does not bypass External DLP or Access Policy scanning. The final action the Web
Proxy takes on the request is determined by the applicable Access Policy (or an
applicable external DLP Policy that may block the request).
Monitor
The Web Proxy continues comparing the transaction to the other Data Security Policy
group control settings to determine whether to block the transaction or evaluate it
against the Access Policies.
group control settings to determine whether to block the transaction or evaluate it
against the Access Policies.