Topic Thread

Expand all | Collapse all

[CA DLP 12.5] CA DLP and ICAP

Jump to Best Answer
  • 1.  [CA DLP 12.5] CA DLP and ICAP

    Posted 04-24-2013 11:04 AM
    Hi!
    Hopefully someone on here has experience with ICAP in CA DLP,m because the documentation is alright, but not very detail oriented and I don't have time for trial and error.
    I read the docs on ICAP and I have some follow up questions:
    1) Am I correct in assuming that other devices can connect to CA DLP for ICAP Responses and that CA DLP sends those responses based on which policies (if any) are triggered by the supplied e-mail content?
    2) Is ICAP a separate "E-Mail Source" for each Policy (e.g., SMTP Agent, Symantec Enterprise Vault, Outlook)?
    3) ICAP only allows for Block or Allow Responses, which Control Actions correspond to which ICAP response?


  • 2.  RE: [CA DLP 12.5] CA DLP and ICAP

    Posted 04-24-2013 11:27 AM
    Also,
    Am I correct, I only need to install the ICAP Inegration components on the Policy Engine Servers in order to enable ICAP in CA DLP?


  • 3.  RE: [CA DLP 12.5] CA DLP and ICAP

    Posted 04-24-2013 01:29 PM
    And,
    If CA DLP has already scanned an e-mail, but our Edge mail server sends it back to CA DLP for ICAP processing, will the PE server recognize that this message has already been scanned?


  • 4.  RE: [CA DLP 12.5] CA DLP and ICAP
    Best Answer

    Posted 04-24-2013 04:27 PM
    Dave - Lots of questions there! Let me try to answer what I can...

    1) Yes, except that the ICAP integration will only use file(Data In Motion) triggers.

    2) 'Data In Motion' triggers do have a separate entry under 'Which File Sources?' titled 'ICAP Agent for File'

    3) In the 'Control Action' associated with the policy trigger, the 'Intervention' setting handles this. Select 'Block' to block and 'None' to Allow Responses.

    ...Also...

    You can install the ICAP Integration components(ICAP Agent) on a PE, or on a different server all together. A PE Hub will be installed with the ICAP components that will route anything that needs policy applied to it to the PE(s) specified in the hub configuration. The ICAP Integration components are all you need to install. You then need to configure your ICAP Client(on something like a Blue Coat proxy or Squid installation) to use that ICAP Server(i.e. - the CA DataMinder ICAP Agent).

    ...And...

    For the scenario you described with the Edge mail server, the PE will apply policy again. The only CA DataMinder component that can recognize that a message has already been processed by a PE and not re-process it is the Exchange Server Agent.

    Hope that helps!


  • 5.  RE: [CA DLP 12.5] CA DLP and ICAP

    Posted 04-24-2013 04:44 PM
    Bill,
    Once again, you are amazing.
    So, if DataMinder treats ICAP only as a file, then that means we will have to retrieve To or From fields if we need to trigger off of them, right?
    I don't have much experience with Data In Motion, so I am trying to catch up.


  • 6.  RE: [CA DLP 12.5] CA DLP and ICAP

    Posted 04-26-2013 11:30 AM
    I don't have any hands-on experience trying to pull To or From fields from file data captured through the ICAP integration. I don't believe it was designed for applying policy in that way. You may be able to do it using an xmlattr datalookup, but I'm afraid that is pure speculation on my part.

    You would likely be better off focusing on applying policy to emails through other channels(Exchange/Domino Server Agent, Archive Integration, Outlook/Notes endpoint integration, etc.)