Effective protection against email-transported threats requires an informed vision of the threat landscape. That means bringing to bear a global threat perspective and an email protection infrastructure that responds rapidly. Cloud-based intelligence, combined with real-time analytics, is essential to generating zero-day responses.
Email Security delivers inbound protection and outbound threat control through advanced threat intelligence and a layered approach to security. Features include URL categorization and reputation filtering, antispam and antivirus tools, outbreak filters, and Advanced Malware Protection.
Stay protected against the latest threats with Cisco Talos. With a 24-hour view into global traffic activity, Talos analyzes anomalies, uncovers new threats and monitors traffic trends to provide proven zero-day threat defense often well ahead of competitors. Cisco’s broad view of dynamic threats includes:
● Over 1.6 million global devices
● Historical library of 40,000 threats
● 35 percent of global email traffic seen per day
● Over 13 billion web requests seen per day
● Over 200 parameters tracked
● Multivector visibility
Talos consists of three pillars to provide proactive email protection: SenderBase, the Threat Operations Center, and dynamic updates.
Encounter fewer false positives with Cisco’s email reputation database. SenderBase, part of Talos, compiles data along more than 200 parameters, including email volume, domain blacklists and safe lists, domain registration dates, and the length of time that domains have been sending email. This information is gathered to create a composite IP reputation score to block email from suspicious senders.
Threat Operations Center
Stay ahead of evolving threats with around-the-clock global coverage that generates new rules using machine-based technology with human ideas behind them. Our Threat Operation Center runs in five centers worldwide, covering 95 percent of Internet languages. Data feeds from email security devices are compiled along with those from Intrusion Prevention System (IPS), firewall and web products. In addition, penetration testing, botnet infiltration, malware reverse engineering, and vulnerability research provide insight into current and future threat trends. Those insights are used to create updates that feed into Email Security.
Receive automatic updates to the antispam, antivirus, and outbreak filter engines of your Email Security solution every 3 to 5 minutes—over eight million rules each day. Reputation updates also provide real-time protection against known bad senders. Automated content updates reduce exposure windows, eliminate processing of most spam messages, and lower security management overhead.
Other solutions for threat defense include reputation filtering, category-based web filtering, and antivirus tools.
Block known bad email with reputation filtering, which is based on threat intelligence from Cisco Talos’s database. For each embedded hyperlink, a reputation check is performed to verify the integrity of the source. Websites with known bad reputations are automatically blocked. Reputation filtering stops 90 percent of spam before it even enters your network, allowing the solution to scale by analyzing a much smaller payload.
Category-Based Web Filtering
Administrators can filter specific categories such as gambling and adult sites. If the associated website violates a policy, the URL may be dropped, quarantined, or disarmed accordingly.
Forged Email Detection
Forged Email Detection protects against spoofing attacks, which focus on executives also known as high-value targets. Forged Email Detection helps you block these customized attacks and provides detailed logs on all attempts and actions taken.
For multilayer antivirus protection, you can deploy either the Sophos or McAfee antivirus engine, or both. Run both engines to dual-scan messages for the most comprehensive protection.
During an attack, use a multilayered antispam approach for comprehensive protection. Cisco combines the outer layer of filtering based on sender reputation and an inner layer of filtering that performs a deep analysis of each message to stop spam from reaching company inboxes.
The emails that pass through reputation filtering are scanned with an antispam engine for a greater than 99 percent catch rate and a less than one in one million false positive rate. You can decide to drop, quarantine, or deliver messages suspected of being spam. We also offer optional multiengine spam-scanning technology to catch corner-case spam.
Additionally, you can decide whether you want to deliver, quarantine, drop, or bounce marketing messages that typically come from an aggressive marketer: ones that stem from agreeing to the terms on a site that shares your data with affiliate companies.
Advanced Malware Protection
The Email Security Appliance now includes Advanced Malware Protection. It also features file reputation scoring and blocking, file sandboxing, and file retrospection for a continuous analysis of threats. Users can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate quickly. Advanced Malware Protection is available to all Email Security Appliance customers as an additionally licensed feature. Also available is Cisco AMP Threat Grid, which supports all the AMP capabilities through an on-premises appliance for organizations that have compliance or policy restrictions on submitting malware samples to the cloud.
Customers can also purchase an additional license to deploy their AMP system completely on premises with the AMP private cloud. This, along with the AMP Threat Grid appliance, brings the entire AMP offering completely on-premise.
Auto remediation of malware for Office 365 customers with AMP, retrospective security helps remediate breaches faster and with less effort. Customers simply set their email security solution to take automatic actions on those infected emails.
Graymail is categorized as marketing, social networking, and bulk messages. Using a unsubscribe mechanism, end users can indicate to the sender that they want to opt out of receiving such emails. Since mimicking a unsubscribe mechanism is a popular phishing technique, users are wary of clicking the unsubscribe links.
The graymail solution provides:
● Protection against malicious threats masquerading as unsubscribe links
● A uniform interface for managing subscriptions
● Better visibility for email administrators and end users into such emails
Outbreak filters defend against emerging threats and blended attacks. They can issue rules on any combination of six parameters, including file type, file name, file size, and URLs in a message. As Talos learns more about an outbreak, it can modify rules and release messages from quarantine accordingly. Outbreak filters can also rewrite URLs linked in suspicious messages. When clicked, the new URLs redirect the recipient through the Web Security proxy. The website content is then actively scanned, and outbreak filters will display a block screen to the user if the site contains malware.
Web Interaction Tracking
Administrators can track the users who click URLs that have been rewritten by the Email Security Appliance.
● Top users who clicked on malicious URLs
● The top malicious URLs clicked by end users
● Date and time, rewrite reason, and action taken on the URLs