What’s New in AsyncOS 11.0
Feature |
Description |
||
---|---|---|---|
FIPS Certification |
Cisco Email Security Appliance will be FIPS certified and has integrated the following FIPS 140-2 approved cryptographic module: Cisco Common Crypto Module (FIPS 140-2 Cert. #1643). See FIPS Management. |
||
New Data Loss Prevention (DLP) solution |
RSA has announced End of Life (EOL) for RSA Data Loss Prevention Suite. For more information, see https://community.rsa.com/docs/DOC-59316. Cisco now provides an alternative DLP solution that allows seamless migration of all the existing DLP policies created in RSA DLP to the new DLP engine. After the upgrade, you can view or modify the migrated DLP policies in Mail Policies > DLP Policy Manager page in the web interface. For more information, see the “Data Loss Prevention” chapter in the user guide.
|
||
Support for Two-Factor Authentication |
Cisco Email Security appliance now supports two-factor authentication that ensures secure access when you log into your appliance. You can configure two-factor authentication for your appliance through any standard RADIUS server that complies with a standard RFC. You can enable two-factor authentication in one of the following ways:
If you have enabled two-factor authentication on your appliance, you can join it to a cluster machine using pre-shared keys.
Use the |
||
Handling incoming mail connections and incoming messages from different geographic locations |
Cisco Email Security appliance can now handle incoming mail connections and incoming messages from specific geolocations and perform appropriate actions on them, for example:
You can use this feature in the following ways:
You can use Message Tracking to search for incoming messages from specific geolocations detected by the content or message filter. Use the Geolocation filter for the Message Event option in the Advanced section of Message Tracking. The geolocation list of countries is cloud updateable. |
||
Scanning Outgoing Messages using the AMP engine |
You can now configure the appliance to scan outgoing messages using the AMP engine. You can use this feature to:
You can configure the outgoing mail policy of your appliance to allow scanning of messages by the AMP engine in one of the following ways:
The following reports have been enhanced to show details of outgoing messages scanned by the AMP engine:
See Using Email Security Monitor You can use the Mail Flow Direction filter in the Message Tracking > Message Event > Advanced Malware Protection option to search for incoming and outgoing messages that are scanned by the AMP engine. |
||
Manually Rollback to a Previous Version of the Service Engine |
You can now manually roll back to a previous version of the current engine when:
Currently, you can perform an engine rollback for the following engines:
You can perform an engine rollback only at the machine level and not at the cluster level. You can use the Security Services > Services Overview page in the web interface to perform:
For more information, see System Administration |
||
Enable or Disable Automatic Updates |
You can now enable or disable automatic updates in the Global Settings page of the following service engines:
You can now receive periodic alerts when automatic updates are disabled for a specific service engine. You can change the existing alert interval in one of the following ways:
|
||
Performing additional actions on attachments detected by Advanced Malware Protection in Mail Policy |
You can perform the following additional actions, if an attachment is considered ‘malicious’, ‘unscannable’, or ‘sent for file analysis’ in the Advanced Malware Protection section for Incoming or Outgoing Mail Policies:
For more information see, File Reputation Filtering and File Analysis. |
||
Improved AMP Engine Logs |
Information about the following scenarios are now logged in the AMP engine logs:
|
||
Supported Archive File Formats for Content Scanning |
The Content Scanner in your appliance can perform content scanning on the following archive file formats:
|
||
Macro Detection Enhancement |
You can now detect macros in the following files:
For more information, see Content Filters or Using Message Filters to Enforce Email Policies. |
||
CRL check for web interface login |
You can configure CRL check for web interface login using one of the following ways:
If you enable this option and the certificate is revoked:
You must import and configure a valid certificate through the CLI to be able to access the web interface of your appliance. See CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. |
||
Configuring cache expiry period for File Reputation disposition values. |
You can configure the cache expiry period for File Reputation disposition values in one of the following ways:
|
||
New datacenter added in European region for File Reputation and File Analysis services |
Cisco has added a new datacenter in the European region for the File Reputation and File Analysis services:
You can configure your Email Security appliance to use the new File Reputation and File Analysis services. For more information, see File Reputation Filtering and File Analysis. |
||
Minimum Scores for Entity-based Rules of Custom Classifiers for Custom DLP Policies |
You can now use the recommended minimum scores or choose to override the minimum score for entity-based rules, when you create custom classifiers for custom DLP policies. You can use the minimum score for an entity-based rule instead of the configured weight of the rule. The minimum score differentiates the partial and the full matches, and calculates the score accordingly. This helps in reducing the number of false positives and false negatives. To configure the minimum score:
For more information, see the "Data Loss Prevention" chapter in the user guide. |