cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1646
Views
0
Helpful
2
Replies
Mike Kwilosz
Beginner

Quarantine and Send a DLP Encrypted Message?

So I'm trying to do something that from what I can see doesn't appear to be capable by the Ironport Appliance.  I would like to be able to setup a way so when someone sends an email out the Ironport Appliance scans it with its DLP capabilities if it catches that there is a reason to trigger the DLP service it will encrypt the message and send it on its way out but also keep a copy in a quarantine so I can have a team go back and review these at a later date.

From what I can tell so far it appears I have to decide on one or the other.  Either I set it up to allow the message to be encrypted and sent or I configure the DLP Policy to quarantine the message and then through the Quarantine I can release it and encrypt.

I think due to the flow process on the Ironport I wouldn't be able to apply a Message Filter to accomplish this either but maybe thats the solution to this.

Just as a side note I already have this in place in a Content Filter format for email messages that get manually encrypted per a keyword in the subject line.  When the message is sent it is caught by the content filter that notices the message should be encrypted.  At that point it encrypts the message and allows it to continue through but at the same time it saves a copy of the message in a quarantine.  I'm looking to accomplish the same thing just instead of manual encryption I would like the DLP policy to catch that a message needs encryption.

Anyone have any ideas on this?

Thanks,

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Andreas Mueller
Enthusiast

Hello Mike,

one possible solution would be to flag encryption on a DLP policy, and also aktivate the action "Send Copy (Bcc)"  in the advanced options to send that message to a specific mailbox on your internal mailserver.  If you rather want the message to be stored on the quarantines on the IronPort appliance, another possible approach would be to use an internal fake domain (quarantine@local), and an smtp route that injects the message again, where you set up a filter that all messages coming from the internal interface of the IronPort are going to a quarantine. You could even set up a dedicated listener for that.

Just a quick thought on the topic,

Andreas

View solution in original post

2 REPLIES 2
Andreas Mueller
Enthusiast

Hello Mike,

one possible solution would be to flag encryption on a DLP policy, and also aktivate the action "Send Copy (Bcc)"  in the advanced options to send that message to a specific mailbox on your internal mailserver.  If you rather want the message to be stored on the quarantines on the IronPort appliance, another possible approach would be to use an internal fake domain (quarantine@local), and an smtp route that injects the message again, where you set up a filter that all messages coming from the internal interface of the IronPort are going to a quarantine. You could even set up a dedicated listener for that.

Just a quick thought on the topic,

Andreas

View solution in original post

Thank you for the response.  I could see how this would work but I was hoping there might be just a little bit cleaner way to do the email to quarantine portion.  No doubt though this would definitely work.

Thanks,

Mike

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (35%)

Content for Community-Ad