Cisco Email Security Appliance

Cisco Reputation Filters

Keep Hostile Traffic off Your Network

As spam protection for your email infrastructure, Cisco Reputation Filters provide an outer layer of security. The first line of defense on Cisco Email Security Appliances, these filters remove up to 80 percent of incoming spam at the connection level, which:

  • Saves bandwidth
  • Conserves system resources
  • Yields exceptional levels of security for critical messaging systems

A proven preventive solution, these filters defend large Internet service provider and enterprise networks as well as small and medium-sized businesses in production environments around the world.

Obtain Accurate Reputation Scores

Cisco SenderBase Network

Cisco SenderBase Network is the world's first and largest email and web traffic monitoring system. SenderBase:

  • Collects data from more than 120,000 networks worldwide, which is 10 times more than competing reputation monitoring systems
  • Tracks a broad set of more than 110 attributes from more than 30 percent of the world's email
  • Supports highly accurate conclusions about a given sender

Sophisticated Security Modeling

Sophisticated security modeling uses the breadth of SenderBase data to generate granular reputation scores. These scores range from -10 (for the worst senders) to +10 (for the very best).

Use Cisco Talos

Cisco Web Reputation Filters

Cisco Web Reputation Filters also use Cisco Talos Security Intelligence and Research Group, an advanced security infrastructure that provides threat detection, correlation, and mitigation. Talos continuously facilitates an exceptional level of security for Cisco customers. It also promotes fast and accurate protection with a combination of:

  • Threat telemetry
  • Global research engineering team expertise
  • Sophisticated security modeling

This combination helps you securely collaborate and embrace new technologies.

Advanced Protection

Advanced protection that is powered by Talos delivers current and comprehensive security information to Cisco customers and devices. This feature provides threat mitigation data through:

  • Dynamic rule updates for Cisco products, such as firewall, web, IPS, or email devices
  • Vulnerability aggregation and alert services from Cisco Security IntelliShield Alert Manager Service
  • Security best-practice recommendations and community outreach services

To help you stay ahead of the latest threats, when a new threat is detected (based on processing data in Cisco SensorBase):

  • It is extracted and correlated
  • Rules and signatures are generated
  • Systems are dynamically updated
  • Updates are then immediately sent to Cisco security devices

Benefit from Cisco Advanced Malware Protection

Advanced Malware Protection (AMP) for the Cisco Email Security Appliance and Cisco Web Security Appliance detects and stops malicious files within email and web traffic, respectively. One of the solution's key capabilities is file reputation, which:

  • Captures a fingerprint of each file as it traverses the Cisco web and email security gateways
  • Sends the fingerprint to the AMP cloud-based intelligence network for a reputation verdict
  • Evaluates the results and automatically blocks malicious files and applies administrator-defined policies if necessary

Get Dynamic Protection

Automatically Applied Mail Flow Policies

Cisco Email Security Appliance automatically applies mail flow policies to senders based on their reputation score. As the appliance receives inbound mail, a threat assessment of the sender is performed. This assessment returns a granular reputation score, which is linked to mail flow policies specified by the administrator.

Full Range of Mail Flow Control Policies

A full range of mail flow control policies can be defined to effectively cover all sender categories. With Cisco Reputation Filters, administrators can help ensure that actions taken correspond with the level of threat.

"True" Rate Limiting

"True" rate limiting is based on sender reputation and addresses spammers in the gray zone, where it is unclear whether they are friend or foe. The Cisco system can limit recipients hour accepted.

Reputation filters respond to gray-zone mailers by using this "true" rate limiting feature, but are not actually blocking them. So, the false-positive rate is very low, less than one in one million.

Employ Comprehensive Management

Integrated Web-Based User Interface

An integrated web-based user interface makes it simple to manage sender groups and associated mail flow policies. Administrators easily create sender groups and configure policy parameters to meet their corporate-specific email security requirements.

Automatic Updates

Automatic updates help ensure that after the Cisco Email Security Appliance is configured, scores are dynamically updated based on the latest data from SenderBase. This feature eliminates the need for any ongoing management of the reputation filters.

Improve Your Catch Rate

Cisco Reputation Filters block up to 80 percent of incoming spam at the edge of your network, improving the overall efficacy of your antispam solution.

Greatly Reduce Administrator Maintenance

Cisco Reputation Filters adjust scores automatically as SenderBase pulls in new data. The mail administrator only needs to configure the desired policies, and the reputation filters do the rest.

Reduce False-Positives

Cisco Reputation Filters intelligently combine many different metrics before determining a sender's reputation. Confirmation of suspicious traffic patterns across many data types and sources will result in a poor reputation. This unique ability to triangulate information across SenderBase makes these filters a leader in reputation accuracy.

Cut Hardware Costs and Boost Message Throughput

By eliminating spam and unwanted mail before resource-intensive content filtering, you can:

  • Improve overall system performance
  • Reduce the amount of supporting hardware required for the rest of the email infrastructure

Typical customer results show that downstream load is reduced by three to five times when Cisco Reputation Filters are deployed.

Reduce Risk from Denial of Service or Attacks

Cisco Reputation Filters score senders in real time and are adept at preventing damage from many types of distributed attacks. Attacks arising from zombie networks, which can bring content-based antispam systems to a halt, can be easily managed with these reputation filters.