Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7770
Views
0
Helpful
3
Replies

How does data loss prevention work on ironport web security?

keithsauer507
Level 5
Level 5

‎04-06-2011 08:42 AM

We are wondering how the cisco ironport s160 web filter can aid us in data loss prevention.  One of the concerns is employee access to third party e-mail services (gmail, yahoo, hotmail, etc...).  Now for the most part we have these web based e-mail services blocked.  However there are some groups that need access, such as supervisors, executives, HR, etc..  The concern is that when these users are out there using their web based e-mail, there is nothing to stop them from leaking sensitive information.  For in house e-mail, we can control that via an Ironport C160 email security appliance.

Is it possible to have web email opened up for certain people, but have the S160 do deep packet inspection on the web based e-mails form posts, and determine wheather or not to allow that http post action to occur, or return a block message?  I think it sounds like a long shot, but I know with todays technology some DPI is possible.

Let me know if this is a farfetched idea or option, or if this is something we can easily configure on our current Ironport S160 web security appliance.

Thanks!

Labels:
0 Helpful
3 Replies 3

edadios
Cisco Employee
Cisco Employee

‎04-06-2011 04:41 PM

Hello Keith,

The built in Ironport Data Security Filters, which can be enabled under GUI > Security Services > Ironport Data Security Filters,

and then policies configured under GUI > Web Security Manager > Data Transfer Policy - Ironport Data Security,  can be used for content block based on File Size, File Types, Custom Mime, and File name for traffic that uses HTTP, HTTPS and FTP.

For more deeper and specialized DLP, you will need to use External DLP Servers that can communicate with the WSA using ICAP protocol, and define under GUI > Network > External DLP Servers, and configure policy in GUI > Web Security Manager > Data transfer Policy - External Data Loss Prevention.

More information on your GUI > Top right side > Support and Help > On Line Help > Search for DLP.

I suggest contacting a Cisco SE,  for further guidance on design and recommendations specially for External DLP.

I hope this infomration helps you.

Regards,

Eric

0 Helpful

Ken Stieers
VIP
VIP

‎04-13-2011 09:34 AM

DLP is currently an "off box" facility... You can point your WSA at an external DLP solution that can take an ICAP feed. (RSA, Symantec, McAfee, and I'm sure a host of others have solutions...)

0 Helpful

keithsauer507
Level 5
Level 5
In response to Ken Stieers

‎04-20-2011 09:05 AM

We have a vendor coming in to do a demo of DLP.  It's a little bit of everything.  PC Client, appliance that ironport webfilter can talk to, IDS, etc...

Thanks!

0 Helpful
Customers Also Viewed These Support Documents