Advanced Threat Protection for Microsoft 365 Solution Overview

Available Languages

Download Options

  • PDF
    (1.0 MB)
    View with Adobe Reader on a variety of devices
Updated:May 14, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (1.0 MB)
    View with Adobe Reader on a variety of devices
Updated:May 14, 2025
 

 

Summary

While Microsoft E3 provides only basic phishing and spam filtering, E5 offers some advanced email threat detection. Microsoft customers currently using E3 may be moving away from secure email gateways and are often mistakenly under the impression that E3 capabilities are robust enough for complete email protection.

The AI-powered protections in Cisco®Secure Email Threat Defense are a key differentiator, providing a more complete level of defense. Microsoft customers considering moving to E5 to achieve broader and more advanced protections from that platform will find even more robust protections from the combination of Cisco User and Cisco Breach Protection Suites.

Secure Email Threat Defense is a key part of both the Cisco User Protection and Cisco Breach Protection Suites, which provide a comprehensive, network-led SaaS solution with built-in detections from email, network and endpoints. Unified within Cisco XDR, these detections provide analytics that empower quick and accurate detection, investigation and response. In addition, users are protected on any device, anywhere they work.

Product highlights

Secure Email Threat Defense maximizes an organization’s email security investment by augmenting Microsoft 365 with comprehensive, AI-powered advanced threat protection. Deployed in minutes, Email Threat Defense sits behind any email gateway to detect and block dangerous and damaging threats.

Features:

      Complete visibility of inbound, outbound, and internal messages.

      Using numerous AI models, it:

    Uncovers known, emerging, and targeted threats with advanced threat detection capabilities.

    Identifies malicious techniques and gains context for specific business risks.

    Rapidly searches for dangerous threats and remediates all threat instances in real time.

    Utilizes searchable threat telemetry to categorize threats, and understands which parts of your organization are most vulnerable to attack.

    Detects malicious QR codes, account takeover, and Business Email Compromise (BEC).

    Cisco Extended Detection and Response (XDR) natively integrates telemetry from Secure Email Threat Defense and utilizes user accounts as an asset for correlation. All threat verdicts from Email Threat Defense are a part of Cisco XDR’s incident attack chains.

Expanded visibility for better threat detection

Figure 1.         

Expanded visibility for better threat detection

Comprehensive Attack Protection

Figure 2.         

Comprehensive Attack Protection

Powerful AI detections that catch the widest array of threats

Email Threat Defense bolsters your existing Microsoft investment by:

      Providing AI-powered detections including:

    Natural Language Processing (NLP)

    Image processing

    Computer vision

    Large Language Models (LLMs)

    Social Graph (SG) analysis and

    Sender reputation/verification

      Evolving AI tools to uncover existing and emerging threats

      Utilizing over 200 Machine Learning– based detectors that evaluate signals to determine intent of the email

      Providing instantaneous searchable threat telemetry that empowers more informed responses

      Surfacing the highest value targets in your organization to understand where you are most vulnerable to attack

      Remediating threats across the entire organization in only a few clicks

AI capabilities within Email Threat Defense

Type of Threat

How Email Threat Defense leverages AI and other techniques to address it

Business Email Compromise (BEC)

  Social graphing of relationships determine new or rare senders
  Detectors for non-payload emails, like initial lure or direct deposit requests
  Deriving unparalleled context for specific business risks by correlating key markers of malicious intent, including sense of urgency, calls to action, and sentiment

Advanced phishing/spear phishing

  Embedding AI technology that extracts and analyzes the content of image-only emails that aim to evade text-based detections
  Identifying malicious techniques used in advanced attacks targeting your organization
  Detects behavioral analysis and anomalies of URL payloads using reputation, crawling, and static analysis techniques

Image analysis and obfuscation

  Utilizes Optical Character Recognition (OCR) detection that leverages Long Short-Term Memory (LSTM) neural networks for content extraction
  Recognition of scripting, encoding, and embedding techniques like QR codes, HTML smuggling, and JavaScript used to obfuscate URL and file payloads

Account takeover

  Monitoring internal and outbound mail to quickly alert your team to potentially compromised accounts

User impersonation

  Applying behavioral models to VIPs and targeted personnel to identify impersonation attempts on names, email address, and even job titles

Unwanted email

  Categorizes emails as spam and graymail using a combination of Bayesian, heuristics, and Machine Learning–generated rules

File reputation and analysis

  Secure Hash Algorithm (SHA)-based blocking of known malware and unlimited analysis of files against 2,500+ behavioral indicators using Cisco Secure Malware Analytics.

Feature comparison: Email Threat Defense and Microsoft E3 and E5

Feature

Cisco Email Threat Defence

Microsoft 365 E3

Microsoft 365 E5

Basic (Core) Email Security

SPAM Detection

Yes

Yes

Yes

Malware Detection (AV)

Yes

Yes

Yes

Malware Behavioral Analysis (Sandboxing)

Yes

No

No

Malicious URLs Detection

Yes

No

Yes

Malicious URLs Sandboxing

Yes

No

No

Anti-Phishing Policies

Yes

No

Yes

Phishing Detection

Yes

No

Yes

Advanced Threats

Advanced Threat Analytics

Yes

No

Yes

Obfuscated URLs, QR Codes and File Detection

Yes

No

Yes

Scam Detection

Yes

No

Yes

Business Email Compromise Detection

Yes

No

Yes

User Impersonation Detection

Yes

No

Yes

AI and Machine Learning

ML Models for Advanced Detections

Natural Language Processing (NLP)

Yes

No

Yes

Behavioral Analysis Models

Yes

No

Yes

Phishing Detection Models

Yes

No

Yes

Impersonation Detection Models

Yes

No

Yes

Relationship Graphs

Yes

No

Yes

Threat Response

Manual Message Remediation

Yes

No

No

Automated Investigation and Response

Yes (Cisco XDR)

No

Yes

Ease of deployment to quickly elevate your email security

      Leveraging Microsoft Graph API to effectively enforce your mail policy and protect your users from threats

      Deploying quickly and simply without altering MX records

      Demonstrating quick and impactful time to value

Analyst accolades

Frost Radar: Email Security Recognition

In July 2024 Frost & Sullivan published The Frost Radar™: Email Security, 2024. It recognizes Secure Email Threat Defense as the Growth leader for its incredible market growth, significant advances in AI, and global expansion efforts.

“Cisco is the Growth leader on this Frost Radar. Cisco’s Email Threat Defense solution has had remarkable growth with an astonishing 182.6% CAGR for 2020–2023. Cisco has made significant advancements in AI, global expansion efforts, and innovating its cloud email platform over the past three years. These aspects have all contributed significantly to its growth achievements.”

Enhanced protection across the full Microsoft suite

Our integration with Microsoft Sentinel and the use of the Security Graph API enables Secure Email Threat Defense to identify unique Incidents of Compromise (IoCs) that can be used to enhance protection across the full Microsoft suite.

Secure Email Threat Defense is constantly learning and evolving to adopt new detection techniques that add increased value to Microsoft environments. Start a free trial today to quickly see why it is a natural complement to your existing infrastructure and investment.

 

 

 

Learn more