User Guide for AsyncOS 11.1 for Cisco Email Security Appliances - GD (General Deployment)

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

User Guide for AsyncOS 11.1 for Cisco Email Security Appliances - GD (General Deployment)

Chapter Title

Getting Started with Cisco Email Security

Results

Updated:
March 25, 2021

Chapter: Getting Started with Cisco Email Security

Getting Started with Cisco Email Security

This chapter contains the following sections:

What's New in AsyncOS 11.1

Table 1. Whats New in AsyncOS 11.1

Feature

Description

AMP for Endpoints Console Integration

You can now integrate your appliance with AMP for Endpoints console, and add your own blacklisted or whitelisted file SHAs.

After the integration, when a file SHA is sent to the File Reputation server, the verdict obtained for the file SHA from the File Reputation Server is overridden by the verdict already available for the same file SHA in the AMP for Endpoints console.

To integrate your appliance with AMP for Endpoints console, see File Reputation Filtering and File Analysis.

The Advanced Malware Report page now includes a new section - Incoming Malware Files by Category to view the percentage of blacklisted file SHAs received from the AMP for Endpoints console. The threat name of a blacklisted file SHA is displayed as Simple Custom Detection in the Incoming Malware Threat Files section of the report.

See File Reputation Filtering and File Analysis.

URL Filtering Support for Shortened URLs

You can now configure your appliance to perform URL filtering on shortened URLs, and retrieve the actual URL from the shortened URL. Based on the URL reputation score of the original URL, a configured action is taken on the shortened URL.

To enable URL filtering for shortened URLs in your appliance, see Protecting Against Malicious or Undesirable URLs or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance.

Support for URL Scanning in Attachments

You can now configure your appliance to scan for URLs in message attachments, and perform configured actions on such messages.

You can use the URL Reputation and URL Category content and message filters to scan for URLs in message attachments. For more details, see Using Message Filters to Enforce Email Policies, Content Filters and Protecting Against Malicious or Undesirable URLs.

Handling Unscannable Messages

You can now configure your appliance to handle messages that are not scanned by the following engines:

  • Content Scanner

  • File Reputation and File Analysis services

  • URL Filtering

To configure appropriate actions on such messages, see Using Message Filters to Enforce Email Policies, File Reputation Filtering and File Analysis, Protecting Against Malicious or Undesirable URLs and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.

Improved Pre-classification Efficacy (Reducing File Uploads to Cisco AMP Threat Grid)

The File Analysis service in your appliance now supports all the file types supported by Cisco AMP Threat Grid.

You can use this feature to:

  • Upload files that only contain dynamic content for file analysis. This helps administrators to track the daily file upload limit.

  • Reduce file uploads for file analysis.

To configure this feature, see File Reputation Filtering and File Analysis and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.

Note 
If you are using the private cloud file analysis server version 2.4 or an earlier version, it is recommended that you do not enable the new file types for file analysis.

A new verdict – Low Risk is introduced when no dynamic content is found in a file after file analysis. You can view the verdict details in the Incoming Files Handed by AMP section of the Advanced Malware Protection report and in Message Tracking. For more details, see Tracking Messages.

Improving File Retrospective Verdict Alerts

You can now configure your appliance to suppress the verdict update alerts for all messages that are not delivered to the message recipient.

To enable this feature, see File Reputation Filtering and File Analysis or the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.

Restarting and Viewing the Status of Service Engines enabled on the appliance.

You can use the diagnostic > services sub command in the CLI to:

  • Restart the service engines enabled on your appliance without having to reboot your appliance.

  • View the status of the service engines enabled on your appliance.

To use this feature, see System Administration or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance.

Setting the Priority for Message Headers

You can set the priority for a message header to match the incoming and outgoing messages in your appliance.

To enable this feature, see Mail Policies or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance.

Where to Find More Information

Cisco offers the following resources to learn more about your appliance :

Documentation

You can access the online help version of this user guide directly from the appliance GUI by clicking Help and Support in the upper-right corner.

The documentation set for the Cisco Email Security appliances includes the following documents and books:

  • Release Notes
  • Quick Start Guide for your Cisco Email Security Appliance model
  • Hardware Installation or Hardware installation and maintenance guide for your model or series
  • Cisco Content Security Virtual Appliance Installation Guide
  • User Guide for AsyncOS for Cisco Email Security Appliances (this book)
  • CLI Reference Guide for AsyncOS for Cisco Email Security Appliances
  • AsyncOS API for Cisco Email Security Appliances - Getting Started Guide

Documentation for all Cisco Content Security products is available from:

Documentation For Cisco Content Security Products

Location

Hardware and virtual appliances

See the applicable product in this table.

Cisco Email Security

http://www.cisco.com/c/en/us/support/security/ email-security-appliance/tsd- products-support-series-home.html

Cisco Web Security

http://www.cisco.com/c/en/us/support/security/ web-security-appliance/tsd-products- support-series-home.html

Cisco Content Security Management

http://www.cisco.com/c/en/us/support/ security/content-security-management- appliance/tsd- products-support-series-home.html

CLI reference guide for Cisco Content Security appliances

http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html

Cisco IronPort Encryption

http://www.cisco.com/c/en/us/support/security/ email-security-appliance/products-command-reference-list.html

Cisco Notification Service

Sign up to receive notifications relevant to your Cisco Content Security Appliances, such as Security Advisories, Field Notices, End of Sale and End of Support statements, and information about software updates and known issues.

You can specify options such as notification frequency and types of information to receive. You should sign up separately for notifications for each product that you use.

To sign up, visit http://www.cisco.com/cisco/support/notifications.html

A Cisco.com account is required. If you do not have one, see Registering for a Cisco Account.

Cisco Support Community

The Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides a place to discuss general email and web security issues, as well as technical information about specific Cisco products. You can post topics to the forum to ask questions and share information with other Cisco users.

Access the Cisco Support Community on the Customer Support Portal at the following URLs:

Third Party Contributors

See Open Source licensing information for your release on this page: http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html .

Some software included within Cisco AsyncOS is distributed under the terms, notices, and conditions of software license agreements of FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National Research Initiatives, Inc., and other third party contributors, and all such terms and conditions are incorporated in Cisco license agreements.

The full text of these agreements can be found here:

https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html.

Portions of the software within Cisco AsyncOS is based upon the RRDtool with the express written consent of Tobi Oetiker.

Portions of this document are reproduced with permission of Dell Computer Corporation. Portions of this document are reproduced with permission of McAfee, Inc. Portions of this document are reproduced with permission of Sophos Plc.

Cisco Welcomes Your Comments

The Cisco Technical Publications team is interested in improving the product documentation. Your comments and suggestions are always welcome. You can send comments to the following email address:

contentsecuritydocs@cisco.com

Please include the product name, release number, and document publication date in the subject of your message.

Cisco Email Security Appliance Overview

The AsyncOS™ operating system includes the following features:

  • Anti-Spam at the gateway, through the unique, multi-layer approach of SenderBase Reputation Filters and Cisco Anti-Spam integration.
  • Anti-Virus at the gateway with the Sophos and McAfee Anti-Virus scanning engines.
  • Outbreak Filters™, Cisco’s unique, preventive protection against new virus, scam, and phishing outbreaks that can quarantine dangerous messages until new updates are applied, reducing the window of vulnerability to new message threats.
  • Policy, Virus, and Outbreak Quarantines provide a safe place to store suspect messages for evaluation by an administrator.
  • Spam Quarantine either on-box or off, providing end user access to quarantined spam and suspected spam.
  • Email Authentication. Cisco AsyncOS supports various forms of email authentication, including Sender Policy Framework (SPF), Sender ID Framework (SIDF), and DomainKeys Identified Mail (DKIM) verification of incoming mail, as well as DomainKeys and DKIM signing of outgoing mail.
  • Cisco Email Encryption. You can encrypt outgoing mail to address HIPAA, GLBA and similar regulatory mandates. To do this, you configure an encryption policy on the appliance and use a local key server or hosted key service to encrypt the message.
  • Email Security Manager, a single, comprehensive dashboard to manage all email security services and applications on the appliance. Email Security Manager can enforce email security based on user groups, allowing you to manage Cisco Reputation Filters, Outbreak Filters, Anti-Spam, Anti-Virus, and email content policies through distinct inbound and outbound policies.
  • On-box message tracking. AsyncOS for Email includes an on-box message tracking feature that makes it easy to find the status of messages that the Eappliance processes.
  • Mail Flow Monitoring of all inbound and outbound email that provides complete visibility into all email traffic for your enterprise.
  • Access control for inbound senders, based upon the sender’s IP address, IP address range, or domain.
  • Extensive message and content filtering technology allows you to enforce corporate policy and act on specific messages as they enter or leave your corporate infrastructure. Filter rules identify messages based on message or attachment content, information about the network, message envelope, message headers, or message body. Filter actions allow messages to be dropped, bounced, archived, blind carbon copied, or altered, or to generate notifications.
  • Message encryption via secure SMTP over Transport Layer Security ensures messages traveling between your corporate infrastructure and other trusted hosts are encrypted.
  • Virtual Gateway™ technology allows the appliance to function as several email gateways within a single server, which allows you to partition email from different sources or campaigns to be sent over separate IP addresses. This ensures that deliverability issues affecting one IP address do not impact others.
  • Protection against malicious attachments and links in email messages, provided by multiple services.
  • Use Data Loss Prevention to control and monitor the information that leaves your organization.

AsyncOS supports RFC 2821-compliant Simple Mail Transfer Protocol (SMTP) to accept and deliver messages.

Most reporting, monitoring, and configuration commands are available through both the web-based GUI via HTTP or HTTPS. In addition, an interactive Command Line Interface (CLI) which you access from a Secure Shell (SSH) or direct serial connection is provided for the system.

You can also set up a Security Management appliance to consolidate reporting, tracking, and quarantine management for multiple Eappliances .

Related Topics

Supported Languages

AsyncOS can display its GUI and CLI in any of the following languages:

  • English
  • French
  • Spanish
  • German
  • Italian
  • Korean
  • Japanese
  • Portuguese (Brazil)
  • Chinese (traditional and simplified)
  • Russian

Was this Document Helpful?

FeedbackFeedback

Contact Cisco