Chapter11 Data Loss Prevention
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
Optionally, you can limit the DLP policy to messages with specific recipients or
senders, attachment types, or message tags. For more information, see Filtering
Messages for DLP Policies, page 11-13.
In the Critical Severity Settings section, choose whether to drop, deliver, or
quarantine messages containing critical DLP violations.
Optionally, you can choose to encrypt the message, modify its header, deliver it
to an alternate host, send a copy (bcc) to another recipient, and send a DLP
For information on DLP notifications, see the “Text Resources” chapter in the
Cisco IronPort AsyncOS for Email Configuration Guide.
If you want to define different settings for messages that match the high, medium,
or low severity level, uncheck the Inherit settings check box for the appropriate
security level. Edit the overall action for the message and the other settings.
If you want adjust the DLP violation severity scale for the policy, click Edit Scale
and adjust the settings. For more information, see Setting the Severity Levels,
Submit and commit your changes.
The policy is added to the DLP Policy Manager.
Customizing Classifiers for DLP Policies
Some of the DLP policy templates require customized classifiers for better
efficacy. These classifiers search for confidential identification numbers in
outgoing messages, such as patient or student identification numbers, but require
one or more regular expressions to define the patterns of your organization’s
record numbering system. You can also add a list of words and phrases that are
associated with the record identification number for supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the
supporting information to verify that the pattern is an identification number and
not a random number string. This results in less false positives.
As an example, use the HIPAA (Health Insurance Portability and Accountability
Act) template to create a policy. This template includes the Patient Identification
Numbers content matching classifier, which you can customize to detect a
patient’s identification number. Enter the regular expression
for the classifier. This regular expression detects
numbers in the pattern of 123-CL456789. Enter “Patient ID” for a related phrase.