Cisco Email Security Appliance

Cisco Reputation Filters

Flexible Response Keeps Hostile Traffic off Your Network

As spam protection for your email infrastructure, Cisco IronPort Reputation Filters provide the outer layer. The first line of defense on Cisco IronPort Email Security Appliances, these filters remove up to 80 percent of incoming spam at the connection level, which:

  • Saves bandwidth
  • Conserves system resources
  • Yields exceptional levels of security for critical messaging systems

A proven preventive solution, these filters defend large ISP and enterprise networks, as well as small and medium-sized businesses, in production environments around the world.

Read Data Sheet (PDF - 418 KB)

Obtain Accurate Reputation Scores

Cisco IronPort SenderBase Network

Cisco IronPort SenderBase Network is the world's first and largest email and web traffic monitoring system. SenderBase:

  • Collects data from more than 120,000 networks worldwide, which is 10 times more than competing reputation monitoring systems
  • Tracks a broad set of more than 110 attributes from more than 30 percent of the world's email
  • Supports very accurate conclusions about a given sender

Sophisticated Security Modeling

Sophisticated security modeling uses the breadth of SenderBase data to generate granular reputation scores. These scores range from -10 (for the worst senders) to +10 (for the very best).

SenderBase Network
More than 120,000 Organizations Participate in the SenderBase Network, the World's Largest Email Traffic Monitoring System

Use Cisco Security Intelligence Operations

Cisco IronPort Web Reputation Filters

Cisco IronPort Web Reputation Filters also use Cisco Security Intelligence Operations (SIO), an advanced security infrastructure that provides threat detection, correlation, and mitigation. SIO continuously facilitates an exceptional level of security for Cisco customers. It also promotes fast and accurate protection with a combination of:

  • Threat telemetry
  • Global research engineer team
  • Sophisticated security modeling

This combination helps you securely collaborate and embrace new technologies.

Advanced Protection

Advanced protection powered by SIO delivers current and comprehensive security information to Cisco customers and devices. Threat mitigation data is provided through:

  • Dynamic rule updates for Cisco products, such as firewall, web, IPS, or email devices
  • Vulnerability aggregation and alert services from Cisco Security IntelliShield Alert Manager Service
  • Security best-practice recommendations and community outreach services

To help you stay ahead of the latest threats, when a new threat is detected (based on processing data in Cisco SensorBase):

  • It is extracted and correlated.
  • Rules and signatures are generated.
  • Systems are dynamically updated.
  • Updates are then immediately sent to Cisco security devices.

Get Dynamic Protection

Automatically Applied Mail Flow Policies

Cisco IronPort Email Security Appliances automatically apply mail flow policies to senders based on their reputation score. As the appliance receives inbound mail, a threat assessment of the sender is performed. This assessment returns a granular reputation score, which is linked to mail flow policies specified by the administrator.

Full Range of Mail Flow Control Policies

A full range of mail flow control policies can be defined to effectively cover all sender categories. With Cisco IronPort Reputation Filters, administrators can make sure that actions taken correspond with the level of threat.

"True" Rate Limiting

"True" rate limiting is based on sender reputation and addresses spammers in the gray zone, where it is unclear whether they are friend or foe. The Cisco IronPort system can limit recipients per hour accepted. Reputation filters respond to gray-zone mailers by this "true" rate limiting, but are not actually blocking. So, the false-positive rate is very low, less than 1 in 1 million.

Employ Comprehensive Management

Integrated Web-Based User Interface

An integrated web-based user interface makes it simple to manage sender groups and associated mail flow policies. Administrators easily create sender groups and configure policy parameters to meet their corporate-specific email security requirements.

Automatic Updates

Automatic updates help ensure that after the Cisco IronPort Email Security Appliance is configured, scores are dynamically updated based on the latest data from SenderBase. This feature eliminates the need for any ongoing management of the reputation filters.

Improve Your Catch Rate

Cisco IronPort Reputation Filters block up to 80 percent of incoming spam at the edge of your network, improving overall efficacy of your antispam solution.

Eliminate Administrator Maintenance

Cisco IronPort Reputation Filters adjust scores automatically as SenderBase pulls in new data. The mail administrator only needs to configure the desired policies, and the reputation filters do the rest.

Reduce False-Positives

Cisco IronPort Reputation Filters intelligently combine many different metrics before determining a sender's reputation. Confirmation of suspicious traffic patterns across many data types and sources will result in a poor reputation. This unique ability to triangulate information across SenderBase makes these filters a leader in reputation accuracy.

Cut Hardware Costs and Increase Message Throughput

Eliminating spam and unwanted mail before resource-intensive content filtering helps:

  • Improve overall system performance
  • Reduce the amount of supporting hardware required for the rest of the email infrastructure

Typical customer results show that downstream load is reduced by 3 to 5 times through use of Cisco IronPort Reputation Filters.

Reduce Risk from Denial of Service or Attacks

Cisco IronPort Reputation Filters score senders in real time and are adept at preventing damage from many types of distributed attacks. Attacks arising from zombie networks, which can bring content-based antispam systems to a halt, can be easily managed with these reputation filters.