So I'm trying to do something that from what I can see doesn't appear to be capable by the Ironport Appliance. I would like to be able to setup a way so when someone sends an email out the Ironport Appliance scans it with its DLP capabilities if it catches that there is a reason to trigger the DLP service it will encrypt the message and send it on its way out but also keep a copy in a quarantine so I can have a team go back and review these at a later date.
From what I can tell so far it appears I have to decide on one or the other. Either I set it up to allow the message to be encrypted and sent or I configure the DLP Policy to quarantine the message and then through the Quarantine I can release it and encrypt.
I think due to the flow process on the Ironport I wouldn't be able to apply a Message Filter to accomplish this either but maybe thats the solution to this.
Just as a side note I already have this in place in a Content Filter format for email messages that get manually encrypted per a keyword in the subject line. When the message is sent it is caught by the content filter that notices the message should be encrypted. At that point it encrypts the message and allows it to continue through but at the same time it saves a copy of the message in a quarantine. I'm looking to accomplish the same thing just instead of manual encryption I would like the DLP policy to catch that a message needs encryption.
Anyone have any ideas on this?