New Feature for proxy

Roman Barabanov_ironport · ‎01-30-2009

Hi all!

I'm not found this feature in current Async OS documentation for web products.

So propose new feature - extended user logging mode.
In this mode all POST requests with posted data from some user group are grabbed and inserted into database for latest analysis by security operator.

Is it possible?

jowolfer · ‎02-02-2009

Roman,

If I understand correctly, you're looking for the ability to setup a special log that only records POSTs for a specific group of people?

Example: Log posts for all users in the "Internet Users" Active Directory group.

Is this correct?

Sergey Yushkin_ironport · ‎04-09-2009

Yes, it's correct.

Need for basic DLP in organization.

jowolfer · ‎04-09-2009

The 6.0 release has the ability to use Vontu DLP. The WSA will not save the POST content in a log, but the Vontu reporting will indicate which rules were broken and why.

Sergey Yushkin_ironport · ‎04-10-2009

ICAP compability for use other DLP ?

jowolfer · ‎04-10-2009

Correct, The ICAP protocol is being used for DLP with Vontu.

Please be aware that this is not full ICAP support. The WSA only supports ICAP with the Vontu server.

jdohrman · ‎04-10-2009

Hi,

Vontu will be the only qualified external DLP solution for now.

In addition to the external DLP functionality, Aurora (AsyncOS for Web 6.0) will also offer basic DLP functionality on-box in the IronPort Data Security Policies.
The corresponding idsdataloss logs would capture only the scanned outbound requests so I assume that this feature would be exactly what you are looking for...

Best Regards,
Jakob