Configuring a Content Examination Policy

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Jun 13, 2017
Version 11Show Document
  • View in full screen mode

Content examination policies form part of Mimecast's comprehensive Data Leak Prevention (DLP) and Content Examination system to secure information entering and exiting your organization. They require a definition to specifies what content to look, for and what the associated action should be if a match is found. The policy applies the definition to a traffic route for inbound or outbound scanning. Email delivery can be prevented using the held queue, and notifications can also be enabled for specific senders / recipients or groups of users.

Administrators should not have to use Content definitions to manage inbound emails for spam checking, as this is conducted by the Mimecast heuristic scanners.

Benefits

 

Scanning email contents is an essential service to ensure DLP. Administrators can create specific dictionaries of words and phrases to cater for the following example scenarios:

  • Preventing a database from being emailed externally (e.g. a list of customers or confidential product information).
  • Protecting the company from losing financial information (banking or credit card details).
  • Preventing specific files from being sent or received using a unique file identifier.
  • Automatically convert Microsoft Word documents to protected formats.
  • Protecting corporate identity by limiting use of profanity in messages.
  • Applying specific email branding for product or service promotions.
  • Additional features can also be enabled. For example:
    • Notifying / copying users when a message triggers a definition
    • Activating email encryption during transmission.

 

What You'll Need

 

  • An Administrator Console logon with access to the Administration | Gateway | Policies menu item.
  • A previously configured Content Examination definition.

 

Configuring a Policy

 

To create a policy:

  1. Log in to the Administration Console.
  2. Click on the Administration toolbar button. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item.
    If you don't see this menu item, your Mimecast account does not have the required permissions. Contact your administrator for assistance.
  4. Click on the Content Examination record. Any existing policies are listed.
  5. Either:
    • Click the New Policy button to create a policy
    • Click on the policy to be changed.
  6. Complete the Options section as required:

    Field / OptionDescription
    Policy NarrativeProvide a description of the policy to enable you to identify it. This is appended to emails in the archive that have the policy applied.
    Select OptionClick on the Lookup button to display a list of Content Examination definitions. Click on the Select link to the left of the definition to be applied when this policy is triggered.
    PreviewThis field is only displayed once a definition is selected in the "Select Option" field. Click on the preview definition icon icon to display a read only version of the definition. Click on the Go Back button to return to the policy.
  7. Complete the Emails From and Emails To sections as required:

    Field / OptionDescription
    Addresses Based On

    Specify the email address characteristics the policy is based on. The options are:

    OptionDescription
    Return Address (Mail Envelope From)Applies the policy to the SMTP address match, based on the email's envelope or true address (i.e. the address used during SMTP transmission).
    Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header. The "Addressed Based On" option is only available in the Emails From section.
    BothApplies the policy to the both the Mail Envelope and Message Header From addresses. This is the default setting for Impersonation Protection policies.
    Applies From

    Specify the sender characteristics the policy is based on. For multiple policies, apply them from the most to least specific. The options are:

    OptionDescription
    External AddressesIncludes only external organization addresses. This option is only available in the Emails From section.
    Freemail DomainsIncludes sender domains that are present on a Mimecast list of freemail domains. This option is only available in the Emails From section.
    Email Domain

    Enables you to specify one or more domain names to which the policy is applied. If selected, the "Specifically" field allows you to enter the required domain names.

    Address GroupsEnables you to specify a predefined directory or group. If selected, the "Profile Group" field allows you to select the required group by clicking the "Lookup" button.
    Header Display Name

    Enables you to specify a Header Display Name. If selected, the "Specifically" field allows you to enter the required name. This option is only available if the "Address Based on" option has been set to "The Message From Address" or "Both".

    Address Attributes

    Enables you to specify a predefined attribute. If selected, the "Where Attribute" field allows you to select the required attribute, and the "Is Equal To" field allows you to specify an attribute value.

    This option can only be used if attributes have been configured for user accounts.

    Individual Email AddressEnables you to specify an SMTP address. If selected, the "Specifically" field allows you to enter the required email address.
    Applies ToSpecify the recipient characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    OptionDescription
    Internal AddressIncludes only internal organization addresses. This option is only available in the Emails To section.
    Email DomainEnables you to specify one or more domain names to which the policy is applied. If selected, the "Specifically" field allows you to enter the required domain names.
    Address GroupsEnables you to specify a predefined directory or group. If selected, the "Profile Group" field allows you to select the required group by clicking the "Lookup" button.
    Address Attributes

    Enables you to specify a predefined attribute. If selected, the "Where Attribute" field allows you to select the required attribute, and the "Is Equal To" field allows you to specify an attribute value.

    This option can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. If selected, the "Specifically" field allows you to enter the required email address.
  8. Complete the Validity section as required:

    Field / OptionDescription
    Enable / DisableUse this option to enable or disable the policy.
    Set Policy as PerpetualClick the "Always On" button to set the policy's start and end dates to "All Time", meaning it never expires.
    Date RangeUse this option to override the "Set Policy as Perpetual" option and set a time period for the policy's activity. Click in the field to display a calendar, specify the required start and end date, and click the "Apply" button. Leave the "Eternal" option selected if you don't wish to specify a start or end date.
    Policy OverrideSelect this option to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.
    Bi-DirectionalUse this setting if you want the policy to apply when a recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Specify any required source IP ranges for the policy. These only apply if the source IP address used to transmit the email data falls inside, or matches, the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click the Save and Exit button.

 

See Also...

 

1 person found this helpful

Attachments

    Outcomes