How does data loss prevention work on ironport web security?
We are wondering how the cisco ironport s160 web filter can aid us in data loss prevention. One of the concerns is employee access to third party e-mail services (gmail, yahoo, hotmail, etc...). Now for the most part we have these web based e-mail services blocked. However there are some groups that need access, such as supervisors, executives, HR, etc.. The concern is that when these users are out there using their web based e-mail, there is nothing to stop them from leaking sensitive information. For in house e-mail, we can control that via an Ironport C160 email security appliance.
Is it possible to have web email opened up for certain people, but have the S160 do deep packet inspection on the web based e-mails form posts, and determine wheather or not to allow that http post action to occur, or return a block message? I think it sounds like a long shot, but I know with todays technology some DPI is possible.
Let me know if this is a farfetched idea or option, or if this is something we can easily configure on our current Ironport S160 web security appliance.
The built in Ironport Data Security Filters, which can be enabled under GUI > Security Services > Ironport Data Security Filters,
and then policies configured under GUI > Web Security Manager > Data Transfer Policy - Ironport Data Security, can be used for content block based on File Size, File Types, Custom Mime, and File name for traffic that uses HTTP, HTTPS and FTP.
For more deeper and specialized DLP, you will need to use External DLP Servers that can communicate with the WSA using ICAP protocol, and define under GUI > Network > External DLP Servers, and configure policy in GUI > Web Security Manager > Data transfer Policy - External Data Loss Prevention.
More information on your GUI > Top right side > Support and Help > On Line Help > Search for DLP.
I suggest contacting a Cisco SE, for further guidance on design and recommendations specially for External DLP.
BenefitsDocumentationPrerequisiteImage Download LinksSupported PlatformsLimitationsLicense RequirementsTopologyStep-by-step ConfigurationConfigure PATCreate Custom ZonesCreate Class MapCreate the Policy-mapCreate Zone PairAssign the Interfaces to the Zone...
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion
With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...