What's New in AsyncOS 15.0
Feature |
Description |
||||
---|---|---|---|---|---|
Improved Efficacy to Detect Threats |
Your email gateway is now more secure with:
Perform the following configuration steps to use this feature:
A new verdict - ThreatScanner Spam Positive is added in Message Tracking and Mail Logs to indicate that the message is categorized as “spam” due to improved threat detection. The recommended Anti-Spam policy action forThreatScanner Spam Positive verdict is Quarantine. The Graymail logs with Spamcause data are available at Information log levels. |
||||
Enforcing TLS for Outgoing Messages at Sender or Recipient Level |
The existing Destination Controls configuration allows you to override the TLS modes (such as TLS Mandatory, TLS Preferred, and so on) on a per-domain basis. If you need to enforce TLS for outgoing messages based on additional conditions such as – senders, recipients, and so on,
you can now use the You can configure the "Content Filter – Add/Edit Header" action to add the |
||||
URL Retrospective Verdict and URL Remediation |
The URLs with unknown reputation can turn malicious anytime, even after it has reached the user's mailbox. You can configure URL filtering on your email gateway to send alerts based on the URL retrospective verdicts received from Talos. You can also configure your email gateway to perform auto-remedial actions on the messages in user mailbox when the URL verdict changes from unknown to malicious. For more information, see Protecting Against Malicious or Undesirable URLs. |
||||
Integrating Secure Email Gateway with Threat Defense |
The Threat Defense Connector client connects the Secure Email Gateway with the Secure Email Threat Defense to scan messages for Advanced Phishing and Spoofing. When you configure the Threat Defense Connector, the Secure Email Gateway sends a copy of the actual message as an attachment to the Threat Defense portal’s message intake address. The message gets delivered to the user inbox, and advanced scanning completes in the Threat Defense portal. You can enable the Threat Defense Connector in any of the following ways:
For more information, see Integrating Secure Email Gateway with Threat Defense. |
||||
File Reputation Service Enhancement |
From AsyncOS 15.x release onwards, the email gateway uses a new version of the AMP engine. This new AMP engine uses HTTPS (port 443) instead of TCP to ensure secure communication between your email gateway and Secure Endpoint Cloud. For more information, see File Reputation Filtering and File Analysis. |
||||
Obtaining Configuration Information using AsyncOS APIs |
You can use the Configuration APIs to perform various operations (such as create, retrieve, update, and delete) in your email gateway. The various API categories for configuration are:
For more information, see the “Configuration APIs” section in the AsyncOS 15.0 API for Cisco Secure Email Gateway - Getting Started Guide. |
||||
Customizing Graymail Unsubscribe Banner |
You can customize the following settings of the Graymail Unsubscribe banner based on your organization’s requirements:
The banner message supports the following languages: English (United States), Italian, Chinese, Portuguese, Spanish, German, French, Russian, Japanese, Korean, and Chinese (Taiwan).
For more information, see Customizing Graymail Unsubscribe Banner based on Organizational Requirements. |
||||
Removal of Old Splunk Database for Email Tracking Data |
[For on-premises users only]: When you upgrade to Secure Email Gateway 15.0 and later, and if the email tracking data is contained in the Splunk database, the system deletes the Splunk database if you proceed with the upgrade. During the upgrade, a warning message indicating that the system will delete the Splunk database is displayed in the CLI or the web interface of your email gateway. Following is a sample warning message displayed at the time of the upgrade:
[For cloud users only]:When you upgrade to Secure Email Gateway 15.0 and later, and if the email tracking data is contained in the Splunk database, the system deletes the Splunk database if you proceed with the upgrade.
|
||||
FIPS Certification |
Cisco Secure Email Gateway is FIPS certified and has integrated the following FIPS 140-2 approved cryptographic module: Cisco Common Crypto Module (FIPS 140-2 Cert. #4036). For more information, see FIPS Management. |
||||
Deleting Log Files from Email Gateway |
You can now delete log files stored in the /data/pub/directories path of your email gateway. You can use the
For more information, see the “Example - Deleting Log Files” section of the CLI Reference Guide associated with this release. |
||||
Generation 2 Deployment Support for Hyper-V Models |
From AsyncOS 15.0 release onwards, Secure Email Gateway supports Generation 2 deployment for Hyper-V models.
For more information, see the Cisco Content Security Virtual Appliance Installation Guide, available from https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html. |
||||
Generation 2 Deployment Support for Azure |
From AsyncOS 15.0 release onwards, Secure Email Gateway supports Generation 2 deployment for Azure.
For more information, see the Cisco Secure Email Virtual Gateway and Secure Email and Web Manager Virtual on Azure Deployment Guide, available from https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html. |
||||
Microsoft Hyper-V Server 2019 Support |
Secure Email Gateway 15.0 supports Microsoft Hyper-V Server 2019. For more information, see the Cisco Content Security Virtual Appliance Installation Guide, available from https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html. |
||||
Supported Model for AWS Deployment |
From AsyncOS 15.0 release onwards, the supported model for AWS deployment is C600V only. For more information, see the Cisco Content Security Virtual Appliances on AWS EC2 Installation Guide, available from https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html. |
||||
New RAM Values for Secure Email Gateway Virtual Appliance Models |
From AsyncOS 15.0 release onwards, there are new RAM values for the following Secure Email Gateway virtual appliance models deployed through KVM or VMWare ESXi:
For details on the new RAM values applicable for each virtual appliance model, see the Cisco Content Security Virtual Appliance Installation Guide, available from https://www.cisco.com/c/en/us/support/security/email-security-appliance/products-installation-guides-list.html. |
||||
New DLP Policy Pre-defined Classifiers |
The following new DLP policy pre-defined classifiers are added in the Mail Policies > DLP Policy Manager > Add DLP Policy > Custom Policy > Add > Policy Matching Details page of your web interface:
|
||||
New Note for Removal of Weak Algorithms during System Upgrade |
[Applicable to FIPS and non-FIPS modes]: During the system upgrade to AsyncOS 15.0 and later, a new Note statement is added to inform you that the system removes all weak algorithms in Ciphers, Keys, KEX, and MAC (if configured) after the upgrade process. |
||||
ECDSA Certificates Support for SSL Communication |
You can now use the Elliptic Curve Digital Signature Algorithm (ECDSA) certificates that allow the combination of Elliptic Curve Diffie Hellman Ephemeral (ECDHE) algorithm for Key Exchange and ECDSA authentication to configure the following SSL services:
|