Overview of Cisco Advanced Phishing Protection
Cisco Advanced Phishing Protection provides Business Email Compromise (BEC) and phishing detection capabilities. It detects identity deception-based threats by performing reputation checks on sender address by using advanced machine learning techniques and added intelligence. This intelligence continuously adapts to drive a real-time understanding of senders and provides enhanced protection.
The Advanced Phishing Protection engine on the email gateway checks the unique behavior of all legitimate senders, based on the historic email traffic to your organization. The cloud service interface of the Cisco Advanced Phishing Protection provides risk analysis to distinguish good messages from potentially malicious messages.
The Cisco Advanced Phishing Protection cloud service relies on the email gateway as a sensor engine to receive a copy of the message metadata sent inbound into your organization. This sensor engine collects metadata such as message headers from the email gateway and relay them to the Cisco Advanced Phishing Protection cloud service for analysis. After the analysis, potentially malicious messages are remediated from the recipient mailbox automatically, based on the pre-configured policies on the Advanced Phishing Protection cloud service.
The ability to use the email gateway as a sensor engine helps an organization to:
-
Identify, investigate, and remediate threats observed on the message headers, from the recipient mailbox.
-
View the reporting data of the metadata of the message from multiple email gateways in your organization.
Benefits of Cisco Advanced Phishing Protection
The following are the benefits of deploying Cisco Advanced Phishing Protection on the email gateway:
-
The Sensor-based solution can be rapidly deployed to ensure that your users are fully protected from damaging breaches.
-
Provides another layer of defense to more effectively secure your email environment.
-
Gain a real-time understanding of senders, learn, and authenticate email identities and behavioral relationships to protect against BEC attacks.
-
Automatically remove malicious emails from the recipient’s inbox and calls out identity deception techniques to prevent wire fraud or other advanced attacks.
-
Get detailed visibility into email attack activity, including total messages secured and attacks prevented.
-
Prevents the following:
-
Attacks that use compromised accounts and social engineering.
-
Phishing, ransomware, zero-day attacks and spoofing.
-
BEC with no malicious payload or URL.
-
Workflow
-
Activate the license to access the Cisco Advanced Phishing Protection cloud service.
-
Set up the email gateway as a sensor engine on the Cisco Advanced Phishing Protection cloud service. This deploys the email gateway as a lightweight sensor via the cloud or on-premise.
-
Register the sensor engine on the email gateway with the Cisco Advanced Phishing Protection cloud service.
-
The sensor engine on the email gateway forwards the metadata of messages considered clean, to the Cisco Advanced Phishing Protection cloud service.
-
The Cisco Advanced Phishing Protection cloud service determines if the message metadata is malicious.
-
Pre-configured policies on the Cisco Advanced Phishing Protection cloud service, when configured with an 'Enforcement' sensor, blocks or redirects the message for further incident investigation.