Content Examination - Applying Secure Messaging

This article contains information on creating Content Examination definition in the Mimecast Administration Console, and applying it to a Content Examination policy. This includes setting up scanning options, policy overrides, and ensuring Secure Messaging for triggered content.

Secure Messaging can be triggered by looking for content defined by your administrator in outgoing messages. This ensures that business-critical, company-sensitive information does not leave the control of your messaging environment. Follow the steps in this guide to enable this feature.

Creating a Content Examination Definition

1. Log in to the Mimecast Administration Console.
2. Navigate to Policies | Gateway Policies.
3. Find the Content Examination item in the list and click on Definitions, to load a list of any previously created Content Examination definitions.
4. Click on the "+" icon on the root folder in the left-hand pane of the page to create a new folder.
5. To rename the folder:

• • • Click on the New Folder to select it.
    • Type your new name in the text box at the top of the folder list, for example, "My Content Examination Definitions".
    • Press Enter to apply the folder name change.

5. With your new folder selected, click on New Content Definition in the menu bar.
6. In the Policy Definition section:

• • • Add a Description, so that you can easily identify the definition later.
    • Leave the Definition Type as Independent Content Definition.
    • Set your Activation Score:
      • Each word you enter in the scanning option below will be assigned a number.
      • When the word is first found in an individual message component, for example, the message body or a message attachment, the message's score is incremented by the number associated with that word.
      • For example, if your word is found in the message body and one message attachment, the message score will be incremented twice by the number associated with that word.

7. In the Scanning Options section: 

• • • In Word / Phase Match List, enter the words that you wish to trigger Secure Messaging followed by "......", e.g.:

      Weight[ search text] --> 1 "Secure"

    • Select if the definition should apply a Case Sensitive Match.
    • Select if the definition should Match Multiple Words. This will increment the message score for every occurrence of a word, not just the first instance found.
    • Select which message components the definition should look for in your defined words:
      • Scan Subject Line.
      • Scan Message Headers.
      • Scan Message Body.
      • Scan Attachments.
        

        Most customers use Subject Line scanning only, set to trigger on "[Secure]" in the Word / Phase Match List.

8. In the Policy Override Options section:

• • • Click the Lookup button next to the Secure Messaging Override field, to select a Secure Messaging definition.
    • Leave all the other settings as the system default.

      This ensures that any message triggering this definition is sent using Secure Messaging, and makes your implementation simple to maintain and troubleshoot if required.

9. In the Notification Options, select who should be notified if this definition is triggered (optional).
10. Click on Save and Exit.
    

    At this stage, the definition will not be applied, but will be available in a policy.

Applying the Content Definition in a Policy

1. Log in to the Mimecast Administration Console.
2. Navigate to Policies | Gateway Policies.
3. Click on Content Examination from the list of policy types on the page to view any policies already created.
4. Click on New Policy from the menu bar.
5. Enter a description of the policy in the Policy Narrative text box.
6. Use Lookup to select the Content Examination definition you created in the previous step
7. Select which senders and recipients the policy should apply to, in the Emails From and Emails To sections.

8. In the Validity section, optionally set:

• • • The Date Range that the policy should be active, use the Always On button to set all time.
    • Policy Override, to force the policy to apply in a situation where there are conflicting policies.
    • Source IP Ranges, to specify if the policy should only apply when the Mimecast receives a connection from the defined IPs.

8. Do not set the Bi-Directional setting for a Secure Messaging policy (which is for internal to external messages only).
9. Click on Save and Exit to apply the policy.

Next Steps

Once the policy is saved, outbound messages containing the content specified in your Content Definition and matching the communication pair specified in your policy will be delivered via Secure Messaging using the system's default Secure Messaging definition.