RSA Secured Implementation Guide for RSA DLP Network Partner Information Last Modified: March 17 th, 2014 Product Information Partner Name Microsoft Web Site http://www.office365.com/ Product Name Version & Platform Office 365 Product Description offers email, calendar and contacts designed to provide your business with the control you want and the security and reliability you need. With, you run your email on our globally-redundant servers, protected by built-in antivirus and anti-spam filters and unlimited, IT-level phone support 24 hours a day, seven days a week in your local language.
Solution Summary Office 365 provides easy-to-use, cloud-based management tools in a single location. Through the administration user interface your IT staff can set up new user accounts, control access to features, and see the status of all Office 365 services and tools in real time. is a part of Office 365 or can be purchased as a standalone product. To ensure that sensitive data does not leave, the DLP Interceptor, part of the RSA DLP Suite, is designed to identify sensitive information and act accordingly, based on a set of established policies that can be customized to apply customers' specific security drivers. Partner Integration Overview Protocols Supported Remediation Actions Available SMTP Allow, Audit, Block, Quarantine - 2 -
Partner Product Configuration Introduction Office 365 is a cloud-based monthly subscription service that lets you access your email, important documents, contacts, and calendar from virtually anywhere on almost any device. Microsoft Exchange Online provides business-class email, calendar and contacts to your PC, phone and web browser. Delivered as a hosted service from Microsoft, offers a high standard of physical and digital security for your information while providing the control you want and the reliability your business needs. Before You Begin This section provides instructions for integrating the partners product with the RSA Data Loss Prevention (DLP) Suite. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Configuring Microsoft Forefront for In order for to send all outgoing mail to the DLP Interceptor server, an outbound connector in the Microsoft Forefront connector must be configured for your domain. In order to do this, you must call an support representative and have them add the configuration. You will need to supply an internet routable IP address as well as having SMTP, port 25, open to the DLP Interceptor server. To ensure the Microsoft server has been properly configured, perform the following steps: 1. In a web browser, log on to the Microsoft Forefront online client. - 3 -
2. Select the Administration tab Company. 3. In the middle column, under Connectors Outbound Connectors you should have the IP address of the RSA DLP Intercept server listed. Important: If you do not see an outbound connector or if the connector is incorrect, please contact Microsoft Technical Support. - 4 -
Configuring the DLP Interceptor Once the Microsoft server is properly configured and the DLP Interceptor server is deployed, there are a few configuration steps that need to be completed before the Interceptor is ready to accept mail from. Complete the following steps: 1. From the RSA DLP Enterprise Manager, select the Admin tab Network then select the IP address of Interceptor in the left window. 2. Under Interceptor Configuration General Settings Smart Host, select the Deliver directly to Internet checkbox. 3. For the Relay Domain, enter the domain of your server that is allowed to relay email to the Interceptor. 4. Enter the DLP Interceptor s administrative user in the Admin Alias box. 5. OPTIONAL: To use TLS, check the Use TLS checkbox and the Interceptor will transmit mail as an encrypted string. You will need to let the Microsoft support representative know you have this turned on as they will need to change the configuration. - 5 -
6. OPTIONAL: Select or customize the X-Header Settings to each outgoing email. 7. OPTIONAL: Add the appropriate Email Subject Line Settings text. 8. Click the Save button at the top under Interceptor Configuration. The Interceptor is now ready to start accepting emails from. Note: For more information on the optional DLP Interceptor settings, please see the Administering Interceptors section in the RSA DLP Network 9.6 User s Guide. - 6 -
End User Experience The following screenshots demonstrate what an end user and DLP administrator would experience when sending an email with sensitive content and a DLP audit policy configured. Note: The screenshots provided below are for example purposes only. Depending on the DLP configuration, the Outlook client may behave differently in the way it processes blocked messages or attachments. 1. The end user browses to the Outlook Web App and composes a new message. - 7 -
2. The user enters credit card data in the body of the email which violates the corporate policy. 3. The user sends the email but the email recipient never receives the email. In the DLP Enterprise Manager, an incident is logged regarding the policy violation. - 8 -
Certification Checklist for RSA Data Loss Prevention Suite Date Tested: March 17 th, 2014 Certification Environment Product Name Version Information Operating System RSA DLP Enterprise Manager 9.6.1200.107 (SP2) Microsoft Windows Server 2003 RSA DLP Network Interceptor Server 9.6.1200.56 (SP2) Appliance Microsoft Office 365 Microsoft Windows 7 (x64) Microsoft Outlook Web App Office 365 Microsoft Windows 7 (x64) Protocol SMTP () Policy Content Result Allow Submit sensitive content as email attachment Allow Submit sensitive content in email body Allow Submit sensitive content in email subject line Audit Audit Audit Block Block Block Quarantine Quarantine Quarantine Audit Encrypt Quarantine Submit sensitive content as email attachment Submit sensitive content in email body Submit sensitive content in email subject line Submit sensitive content as email attachment Submit sensitive content in email body Submit sensitive content in email subject line Submit sensitive content as email attachment Submit sensitive content in email body Submit sensitive content in email subject line Add Email Subject Line Setting Text Add Email Subject Line Setting Text Add Email Subject Line Setting Text TLS Enabled X-Headers Settings (Inspected, Classification, Action Taken) JJO = Pass = Fail N/A = Non-Available Function - 9 -