Flexible Response Keeps Hostile Traffic off Your Network
As spam protection for your email infrastructure, Cisco IronPort Reputation Filters provide the outer layer. The first line of defense on Cisco IronPort Email Security Appliances, these filters remove up to 80 percent of incoming spam at the connection level, which:
- Saves bandwidth
- Conserves system resources
- Yields exceptional levels of security for critical messaging systems
A proven preventive solution, these filters defend large ISP and enterprise networks, as well as small and medium-sized businesses, in production environments around the world.
Read Data Sheet (PDF - 418 KB)
Obtain Accurate Reputation Scores
Cisco IronPort SenderBase Network
Cisco IronPort SenderBase Network is the world's first and largest email and web traffic monitoring system. SenderBase:
- Collects data from more than 120,000 networks worldwide, which is 10 times more than competing reputation monitoring systems
- Tracks a broad set of more than 110 attributes from more than 30 percent of the world's email
- Supports very accurate conclusions about a given sender
Sophisticated Security Modeling
Sophisticated security modeling uses the breadth of SenderBase data to generate granular reputation scores. These scores range from -10 (for the worst senders) to +10 (for the very best).
More than 120,000 Organizations Participate in the SenderBase Network, the World's Largest Email Traffic Monitoring System
Use Cisco Security Intelligence Operations
Cisco IronPort Web Reputation Filters
Cisco IronPort Web Reputation Filters also use Cisco Security Intelligence Operations (SIO), an advanced security infrastructure that provides threat detection, correlation, and mitigation. SIO continuously facilitates an exceptional level of security for Cisco customers. It also promotes fast and accurate protection with a combination of:
- Threat telemetry
- Global research engineer team
- Sophisticated security modeling
This combination helps you securely collaborate and embrace new technologies.
Advanced protection powered by SIO delivers current and comprehensive security information to Cisco customers and devices. Threat mitigation data is provided through:
- Dynamic rule updates for Cisco products, such as firewall, web, IPS, or email devices
- Vulnerability aggregation and alert services from Cisco Security IntelliShield Alert Manager Service
- Security best-practice recommendations and community outreach services
To help you stay ahead of the latest threats, when a new threat is detected (based on processing data in Cisco SensorBase):
- It is extracted and correlated.
- Rules and signatures are generated.
- Systems are dynamically updated.
- Updates are then immediately sent to Cisco security devices.
Get Dynamic Protection
Automatically Applied Mail Flow Policies
Cisco IronPort Email Security Appliances automatically apply mail flow policies to senders based on their reputation score. As the appliance receives inbound mail, a threat assessment of the sender is performed. This assessment returns a granular reputation score, which is linked to mail flow policies specified by the administrator.
Full Range of Mail Flow Control Policies
A full range of mail flow control policies can be defined to effectively cover all sender categories. With Cisco IronPort Reputation Filters, administrators can make sure that actions taken correspond with the level of threat.
"True" Rate Limiting
"True" rate limiting is based on sender reputation and addresses spammers in the gray zone, where it is unclear whether they are friend or foe. The Cisco IronPort system can limit recipients per hour accepted. Reputation filters respond to gray-zone mailers by this "true" rate limiting, but are not actually blocking. So, the false-positive rate is very low, less than 1 in 1 million.
Employ Comprehensive Management
Integrated Web-Based User Interface
An integrated web-based user interface makes it simple to manage sender groups and associated mail flow policies. Administrators easily create sender groups and configure policy parameters to meet their corporate-specific email security requirements.
Automatic updates help ensure that after the Cisco IronPort Email Security Appliance is configured, scores are dynamically updated based on the latest data from SenderBase. This feature eliminates the need for any ongoing management of the reputation filters.
Improve Your Catch Rate
Cisco IronPort Reputation Filters block up to 80 percent of incoming spam at the edge of your network, improving overall efficacy of your antispam solution.
Eliminate Administrator Maintenance
Cisco IronPort Reputation Filters adjust scores automatically as SenderBase pulls in new data. The mail administrator only needs to configure the desired policies, and the reputation filters do the rest.
Cisco IronPort Reputation Filters intelligently combine many different metrics before determining a sender's reputation. Confirmation of suspicious traffic patterns across many data types and sources will result in a poor reputation. This unique ability to triangulate information across SenderBase makes these filters a leader in reputation accuracy.
Cut Hardware Costs and Increase Message Throughput
Eliminating spam and unwanted mail before resource-intensive content filtering helps:
- Improve overall system performance
- Reduce the amount of supporting hardware required for the rest of the email infrastructure
Typical customer results show that downstream load is reduced by 3 to 5 times through use of Cisco IronPort Reputation Filters.
Reduce Risk from Denial of Service or Attacks
Cisco IronPort Reputation Filters score senders in real time and are adept at preventing damage from many types of distributed attacks. Attacks arising from zombie networks, which can bring content-based antispam systems to a halt, can be easily managed with these reputation filters.