Introduction

This chapter contains the following sections:

What's New in this Release

This section describes the new features and enhancements in this release of AsyncOS for Content Security Management .

Table 1. What's New in AsyncOS 13.8.1

Feature

Description

Retrieving log information using AsyncOS APIs

You can now retrieve the following log details from your appliance using AsyncOS APIs:

  • Log subscription details.

  • All log files for a specific log subscription.

  • Log files using a filename or an URL.

For more information, see the “Logging APIs” section in the AsyncOS 13.8.1 API for Cisco Content Security Management Appliances - Getting Started Guide.

Recording AAA (Authentication, Authorization, and Accounting) events using Audit Logs

The Cisco Content Security Management Appliance supports a new type of log subscription–‘Audit Logs’ that records AAA (Authentication, Authorization, and Accounting) events.

Some of the audit log details are as follows:

  • User–Logon

  • User–Logon failed incorrect password

  • User–Logon failed unknown user name

  • User– Logon failed account expired

  • User–Logoff

  • User–Lockout

  • User–Activated

  • User–Password change

  • User–Password reset

  • User–Security settings/profile change

  • User–Created

  • User–Deleted or modified

  • User Configuration–Configuration changes made by the user.

  • Group/Role–Deletion or modified

  • Group /Role–Permissions change

  • Quarantine–Actions performed on messages in the quarantine.

For more information, see Using Audit Logs.

Configuring OpenID Connect 1.0 on Content Security Management Appliance for AsyncOS APIs

The Cisco Content Security Management Appliance supports integration with applications or clients that use Identity Providers (IDPs) with OpenID Connect 1.0 authentication to connect seamlessly with AsyncOS APIs available in your appliance. Currently, your appliance has been certified with OpenID Connect using Microsoft AD FS only.

For more information, see Common Administrative Tasks

New Access Privilege – Log Subscription for Delegated Administrators

A new access privilege option - Log Subscription is added in the System Administration > User Role page in the web interface of your appliance. Use the Log Subscription option to define whether delegated administrators assigned to the custom user role can access log subscriptions or Logging APIs to view or download log files.

For more information, see Distributing Administrative Tasks

Table 2. What's New in AsyncOS 13.8.0

Feature

Description

Message Tracking Enhancements

The new web interface includes the following user experience enhancements:

  • The Message Tracking Search Results page is now enhanced to display more search results per page view.

  • The Message Tracking Search Details page layout is now enhanced to display the Envelope Header and Summary and Sending Host Summary panes alongside the Processing Details pane. This new layout allows you to view all the important information in the same page view without scrolling.

Reporting Enhancements

You can now schedule and archive My Favorite Reports. You can also export My Favorite Reports data in CSV or PDF format.

Spam Notification Enhancements

  • You can now set an expiration period for the links in the Spam notification. These links will expire automatically after the specified period.

  • You can now show or hide the links to view all the quarantined messages in a Spam notification. Also, if you are showing the links in the spam notification, you can now force the end-user to authenticate before accessing the Spam quarantine.

For more information, see the Notifying End Users About Quarantined Messages topic in the User Guide.

Security Enhancements

AsyncOS 13.8.0 includes the following security enhancements:

  • The appliance will no longer support SSLv2 and SSLv3 methods. When you upgrade from a lower AsyncOS version, the appliance will automatically use TLS 1.1 and TLS 1.2. For more information, see SSL Configuration Changes topic in the Release Notes.

  • The appliance will now send the Cisco Technical Support requests over TLS. If your SMTP server is not using TLS, the requests are sent as plaintext.

  • You can now configure your appliance to send alerts over TLS. Use the following subcommand in the CLI to configure this functionality: alertconfig > SETUP > Do you want to enable TLS support to send alert messages?.

Cisco SecureX and Cisco Threat Response Enhancement

You can now configure your appliance to connect to Cisco SecureX and Cisco Threat Response via a proxy. Check the Use Proxy check box in the Network > Cloud Service Settings page to connect via a proxy.

YouTube Report (Web)

In the new web interface (URL Categories report page), you can now view the following information related to the YouTube categorization feature:

  • Top Youtube Categories: Total Transactions

You can view the top Youtube Categories that are being visited on the site in a graphical format.

  • Top Youtube Categories: Blocked and Warned Transactions

You can view the top Youtube URL that triggered a block or warning action to occur per transaction in a graphical format. For example, a user went to a certain Youtube URL and because of a specific policy that is in place, this triggered a block action or a warning. This Youtube URL then gets listed in this graph as a transaction blocked or warning.

To view the URL Categories report page, select Web from the Product drop-down and choose Monitoring > URL Categories from the Reports drop-down.

  • Youtube Categories Matched

The Youtube Categories Matched interactive table shows the disposition of transactions by Youtube category during the specified time range, plus bandwidth used and time spent in each category.

To view the Youtube Categories Matched interactive table, choose Web > Reporting > URL Categories.

  • Youtube (YT) Category

A new filter YT Category has been added under Web > Tracking. To filter by a specific Youtube category, expand the Youtube Category section and select the Youtube categories that you want to view.

IP Spoofing Profiles

You can now configure Web Proxy IP Spoofing by creating an IP spoofing profile and adding it to the routing policies. When IP spoofing profile is used in a routing policy, the web proxy changes the source IP address to custom IP address defined in the IP spoofing profile.

To create a new IP spoofing profile or modify and existing IP spoofing profile, choose Web > IP Spoofing Profiles.

To add IP spoofing profile in a routing policy, choose Web > Routing Policies.

Note 

If you do not want to publish the Security Management Appliance IP Spoofing profiles to Web Security Appliance and overwrite the existing IP Spoofing profiles in the Web Security Appliance, follow the below steps:

  1. Log into Security Management Appliance.

  2. Go to Configuration Master > IP Spoofing Profile.

  3. Click Edit Settings.

  4. Set Publish IP Spoofing Profiles to WSA as No.

The default option selected is Yes.

For more information, see User Guide for AsyncOS 12.5 for Cisco Web Security Appliances.

Cisco Content Security Management Overview

AsyncOS for Cisco Content Security Management incorporates the following features:

  • External Spam Quarantine:Hold spam and suspected spam messages for end users, and allow end users and administrators to review messages that are flagged as spam before making a final determination.

  • Centralized Policy, Virus, and Outbreak Quarantines: Provide a single interface for managing these quarantines and the messages quarantined in them from multiple Email Security appliance . Allows you to store quarantined messages behind the firewall.

  • Centralized reporting: Run reports on aggregated data from multiple Email and Web Security appliances. The same reporting features available on individual appliances are available on Content Security Management appliances.

  • Centralized tracking: Use a single interface to track email messages and web transactions that were processed by multiple Email and Web Security appliances.

  • Centralized Configuration Management for Web Security appliances: For simplicity and consistency, manage policy definition and policy deployment for multiple Web Security appliances.


    Note
    The Security Management appliance is not involved in centralized email management, or ‘clustering’ of Email Security appliance .

  • Centralized Upgrade Management: You can simultaneously upgrade multiple Web Security appliances (WSAs) using a single Security Management Appliance (SMA).

  • Backup of data: Back up the data on your Content Security Management appliance, including reporting and tracking data, quarantined messages, and lists of safe and blocked senders.

  • Support for Internationalized Domain Name (IDN): AsyncOS 14.0 can now receive and deliver messages with email addresses that contain IDN domains. Currently, your content security gateway provides support of IDN domains for the following languages only:

    • Indian Regional Languages: Hindi, Tamil, Telugu, Kannada, Marati, Punjabi, Malayalam, Bengali, Gujarati, Urdu, Assamese, Nepali, Bangla, Bodo, Dogri, Kashmiri, Konkani, Maithili, Manipuri, Oriya, Sanskrit, Santali, Sindhi, and Tulu.

    • European and Asian Languages: French, Russian, Japanese, German, Ukrainian, Korean, Spanish, Italian, Chinese, Dutch, Thai, Arabic, and Kazakh.

For this release, you can only configure few features using IDN domains in your content security gateway.

  • SMTP Routes Configuration Settings- Add or edit IDN domains, Export or import SMTP routes using IDN domains.

  • Reporting Configuration Settings: View IDN data - usernames, email addresses, and domains) in the reports.

  • Message Tracking Configuration Settings: View IDN data- usernames, email addresses, and domains) in message tracking.

  • Policy, Virus, and Outbreak Quarantine Configuration Settings: View messages with IDN domains that may be transmitting malware, as determined by the anti-virus engine, View messages with IDN domains caught by Outbreak Filters as potentially being spam or malware, View messages with IDN domains caught by message filters, content filters, and DLP message actions.

  • Spam Quarantine Configuration Settings- View messages with IDN domains detected as spam or suspected spam, Add email addresses with IDN domains to the safelist and blocklist categories.

You can coordinate your security operations from a single Content Security Management appliance or spread the load across multiple appliances.