Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
18-33
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 18 Data Loss Prevention
Message Actions
Lost Connectivity Between the Email Security Appliance and Enterprise
Manager
Manager
If connectivity between the Email Security appliance and Enterprise Manger is lost, any data that the
appliance and Enterprise Manager cannot send is queued for delivery until the connection is restored.
For the Email Security appliance, that means any data on messages containing possible DLP violations
is queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. If the Email Security appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
appliance and Enterprise Manager cannot send is queued for delivery until the connection is restored.
For the Email Security appliance, that means any data on messages containing possible DLP violations
is queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. If the Email Security appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
Related Topics
•
Switching from Enterprise Manager to RSA Email DLP
If you want to go back to using RSA Email DLP for data loss prevention after using RSA Enterprise
Manager, see
Manager, see
The Email Security appliance automatically reverts back to the RSA Email DLP policies it used before
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.
If you want to use local DLP policies similar to the ones on Enterprise Manager, you can recreate them
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
using the DLP Policy Manager. The Email Security appliance does not automatically create new policies
based on the ones used by Enterprise Manager and they cannot be imported from Enterprise Manager.
For information on creating DLP policies using the DLP Policy Manager, see
.
For instructions on removing the Email Security appliance as a partner device in Enterprise Manager,
see the RSA Enterprise Manager documentation.
see the RSA Enterprise Manager documentation.
Message Actions
You specify primary and secondary actions that the Email Security appliance will take when it detects a
possible DLP violation in an outgoing message. Different actions can be assigned for different violation
types and severities.
possible DLP violation in an outgoing message. Different actions can be assigned for different violation
types and severities.
Primary actions include:
•
Deliver
•
Drop
•
Quarantine
Secondary actions include:
•
Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.
clone of the original, including the Message ID. Quarantining a copy allows you to test the RSA
Email DLP system before deployment in addition to providing another way to monitor DLP
violations. When you release the copy from the quarantine, the appliance delivers the copy to the
recipient, who will have already received the original message.