4 Replies Latest reply on Jul 24, 2014 4:52 PM by glennsantacruz

    Conversion from Cisco IronPort / encryption policies

    glennsantacruz

      We are working to convert from an on-site Cisco IronPort C160 to McAfee SaaS email protection, for outbound email encryption.  In our current environment, the IronPort is configured to encrypt on receipt of a message with a keyword in the subject line, and remove that keyword prior to sending the message.

       

      For example, I want a policy such that:

       

      1) I send an email with subject line, "[fancypants] This is a test"

       

      2) The policy detects "[fancypants]" in the subject line and encrypts the message ( as expected )

       

      3) The policy removes the keyword, such that the recipient sees the subject line as "This is a test" ( instead of the original subject, "[fancypants] This is a test" )

       

       

       

      Is it possible to configure McAfee encryption for these two features:

       

      1) Encrypt on keyword contained *only* in the subject line ( not anywhere else in the message body )

       

      2) Modify the subject ( strip the keyword ) by policy

        • 1. Re: Conversion from Cisco IronPort / encryption policies
          big_mike

          Hello glennsantacruz,

           

          1. Encrypt on keyword contained *only* in the subject line ( not anywhere else in the message body )
            1. The content scanner for the encryption product will scan the entire message including the header, subject, body, and attachments. There is no way to restrict it to one field.
          2. Modify the subject ( strip the keyword ) by policy
            1. The product will not strip the keyword when it  passes through their MTA's. What you can do is set up your users to user their Send Encrypted plugin for Outlook which injects a trigger into the header to flag it as encrypted. This injection is completely invisisble to the sender and the recipient.
          • 2. Re: Conversion from Cisco IronPort / encryption policies
            glennsantacruz

            Thank you for your responses.  With regard to the Outlook plug-in and its behavior, could you please share the header triggering mechanism?  We have a number of non-Outlook clients ( OWA, iPhone, BlackBerry, etc. ) and we also have a means of intercepting/modifying emails prior to sending them to McAfee.  We could implement our own "subject line" scanner, triggering on a keyword, then injecting the same header as the Outlook client.  This would allow us a more seamless migration away from our existing workflow with IronPort.

            • 3. Re: Conversion from Cisco IronPort / encryption policies
              glennsantacruz

              I found the header after reviewing messages sent with the Outlook plugin: "x-mfe-encrypt: Yes"

               

              Will use our own interception techniques to simulate our current IronPort policies, injecting the header as needed; I'll post results when done, and hopefully this can help others.

              1 of 1 people found this helpful
              • 4. Re: Conversion from Cisco IronPort / encryption policies
                glennsantacruz

                Our workaround does indeed work as expected.  To summarize:

                 

                • We intercept outbound messages from our Exchange servers, checking for keywords in the subject line
                • If a keyword is found, we inject the header, "x-mfe-encrypt: Yes" and strip the keyword
                • The resulting message is processed by McAfee and encrypted dependent upon the header
                • This works for all clients using the Exchange server: OWA, iPhone, BlackBerry, etc.

                 

                It would be desirable for McAfee to offer this level of customization, especially considering that not all organizations can (or want to) use the Outlook plugin. 

                 

                Message was edited by: glennsantacruz on 7/24/14 4:52:50 PM CDT