Showing posts with label Email Security. Show all posts
Showing posts with label Email Security. Show all posts

Monday, 29 June 2026

The Untold Truth About Your Cisco Email Security Appliance

A futuristic Cisco Email Security Appliance (ESA) with a glowing digital shield actively deflecting a swarm of abstract cyber threats like phishing hooks and malware, set in a high-tech cybersecurity center. The image conveys advanced protection and the hidden dangers of email attacks.

In the relentless digital landscape, where every inbox is a potential gateway for sophisticated cyber threats, securing email communication isn't merely a best practice—it's a non-negotiable imperative. Organizations globally face an unprecedented barrage of phishing attempts, malware, spam, and business email compromise (BEC) attacks, making email a primary attack vector. The conventional perimeter defenses, while crucial, often fall short in safeguarding the dynamic and highly personalized nature of email traffic. This is where a dedicated solution, specifically the Cisco Email Security Appliance (ESA), steps in as a critical line of defense.

The Cisco Email Security Appliance is more than just a spam filter; it's a comprehensive platform engineered to protect organizations from the evolving spectrum of email-borne threats. It combines advanced threat intelligence, robust policy enforcement, and proactive defense mechanisms to ensure the integrity, confidentiality, and availability of your email infrastructure. Understanding its intricate functionalities, deployment strategies, and ongoing management is vital for any IT professional tasked with maintaining a secure digital environment.

This deep dive article will unravel the complexities of the Cisco Email Security Appliance, exploring its core capabilities, configuration best practices, and its pivotal role in a holistic security posture. Furthermore, we will illuminate the path to becoming a certified expert in this domain by focusing on the Cisco 300-720 SESA exam, officially known as Securing Email with Cisco Email Security Appliance. Earning the Cisco Certified Specialist Email Content Security certification validates your expertise in implementing, managing, and troubleshooting Cisco ESA solutions, marking you as an invaluable asset in the cybersecurity field.

The Unseen Battlefield: Why Email Security is Paramount

Email remains the cornerstone of business communication, facilitating countless daily interactions, transactions, and data exchanges. However, this ubiquity makes it an irresistible target for cybercriminals. The threat landscape is continuously evolving, with attackers employing increasingly sophisticated techniques to bypass security controls.

Evolving Email Threats and Their Impact

Consider the sheer volume and diversity of threats:

  • Phishing and Spear Phishing: Deceptive emails designed to trick recipients into revealing sensitive information or clicking malicious links. Spear phishing targets specific individuals, making them harder to detect.
  • Malware and Ransomware Distribution: Email attachments are a common vector for delivering viruses, worms, and ransomware, which can cripple entire networks and extort significant payments.
  • Business Email Compromise (BEC): Highly targeted scams that impersonate executives or trusted partners to trick employees into making unauthorized financial transfers or divulging confidential data.
  • Spam and Unsolicited Content: While often seen as an annoyance, spam can also carry malicious payloads or serve as a precursor to more targeted attacks, consuming valuable bandwidth and user productivity.
  • Data Exfiltration: Malicious actors can use email to exfiltrate sensitive data from an organization, leading to regulatory penalties, reputational damage, and financial losses.

The consequences of a successful email attack can be catastrophic, ranging from financial loss and intellectual property theft to severe reputational damage and legal repercussions. Traditional network firewalls, while essential for perimeter defense, lack the granular visibility and specialized intelligence required to dissect and neutralize threats embedded within email content and attachments.

This inherent vulnerability underscores the critical need for a specialized solution like the Cisco Email Security Appliance. It provides a dedicated layer of defense, focusing solely on the unique challenges posed by email-borne threats, acting as a sophisticated sentinel at your organization's digital doorstep.

Diving Deep into the Cisco Email Security Appliance

The Cisco Email Security Appliance (ESA) is a purpose-built solution designed to provide multi-layered protection against a wide array of email threats. Leveraging Cisco's industry-leading Talos threat intelligence, the ESA offers unparalleled visibility and control over inbound and outbound email traffic.

Core Features and Benefits of Cisco ESA

The ESA integrates several powerful components to deliver comprehensive email security:

  • Talos Threat Intelligence Integration: Cisco Talos, one of the largest commercial threat intelligence teams in the world, provides real-time updates on emerging threats, ensuring the ESA is always equipped with the latest defense mechanisms against spam, malware, and phishing.
  • Advanced Malware Protection (AMP): AMP for Email performs continuous analysis of attachments and URLs, detecting, containing, and remediating advanced malware. It can identify evasive threats and provide retrospective alerts if a file's disposition changes after delivery.
  • Spam Control with Talos SenderBase and Antispam: The ESA employs sophisticated antispam technologies, including reputation filtering via SenderBase, pattern matching, and heuristics, to accurately identify and block unwanted messages before they reach user inboxes.
  • Data Loss Prevention (DLP): Integrated DLP capabilities help organizations prevent sensitive information (e.g., PII, PCI, HIPAA data) from leaving the network via email, ensuring compliance with regulatory requirements.
  • Email Encryption: The appliance supports various encryption methods, including transport layer security (TLS) and content encryption, to protect sensitive communications in transit and at rest.
  • Email Authentication (SPF, DKIM, DMARC): ESA can enforce and validate email authentication protocols, helping to combat email spoofing and phishing by verifying sender legitimacy.
  • Content and Message Filters: These powerful policy engines allow administrators to create granular rules based on sender, recipient, subject, content, attachment type, and more. This enables highly customized control over email flow, quarantining, and routing.
  • Reputation Filtering: By analyzing the reputation of sending IP addresses, the ESA can block known malicious senders at the connection level, reducing the load on downstream systems.
  • System Quarantines and Delivery Methods: Flexible quarantine options allow suspicious emails to be held for review, while various delivery methods ensure business continuity and compliance.

These features collectively provide a robust defense against sophisticated attacks, reducing the risk of data breaches, enhancing productivity by minimizing spam, and ensuring regulatory compliance. The ESA can be deployed as a physical appliance, a virtual appliance, or a cloud-based service, offering flexibility to suit diverse organizational needs.

Cisco Email Security Appliance Administration Tasks

Effective administration of the Cisco ESA involves a range of tasks to ensure optimal performance and security:

  1. Initial Setup and Configuration: This includes network settings, clustering, and integration with directory services like LDAP.
  2. Policy Management: Defining and refining antispam, antivirus, content, and message filters. This is where administrators tailor the ESA's behavior to meet specific organizational requirements.
  3. Reporting and Logging: Monitoring logs for threat detection, delivery status, and policy enforcement. Comprehensive reports provide insights into email traffic patterns and security posture.
  4. System Maintenance: Regular updates, backups, and monitoring system health to ensure continuous operation.
  5. User Management: Configuring user access, quarantine management, and end-user self-service options for managing their quarantined messages.
  6. Troubleshooting: Diagnosing and resolving issues related to email flow, filtering, and performance.

For those looking to deepen their understanding of these administration tasks and the broader syllabus, a comprehensive syllabus details can be found on the Cisco 300-720 certification exam syllabus page.

Mastering Implementation: Cisco Email Security Appliance Configuration Best Practices

Implementing and configuring a Cisco Email Security Appliance effectively requires more than just enabling features; it demands a strategic approach to ensure maximum protection and seamless operation within your existing infrastructure. Adhering to best practices can significantly enhance your email security posture.

Strategic Deployment and Initial Setup

The journey begins with careful planning. Before deployment, assess your network topology, email volume, and specific security requirements. The Cisco Email Security Appliance deployment guide emphasizes understanding your mail flow, DNS records (MX records), and integration points.

  • Gateway Mode Deployment: Most organizations deploy ESA in gateway mode, where all incoming and outgoing email traffic flows through the appliance. Proper MX record configuration is crucial here.
  • High Availability (HA): For mission-critical environments, configuring two ESAs in a clustered, active/passive configuration ensures continuous email service even if one appliance fails.
  • Integration with Directory Services: Leverage LDAP to synchronize user information, groups, and attributes, which can be used for policy enforcement, recipient validation, and user authentication for end-user quarantines.

Optimizing Spam Control and Antivirus

Spam and malware are primary threats, and the ESA offers robust tools to combat them:

  • SenderBase Reputation Service: Ensure this is enabled and configured to block known malicious senders at the connection level. Adjust sensitivity based on your organization's tolerance for false positives.
  • Antispam Engine: Fine-tune the antispam engine settings. Cisco provides various categories (e.g., Marketing, Bulk, Suspect Spam) that can be individually quarantined, dropped, or tagged.
  • Advanced Malware Protection (AMP) for Email: Activate AMP for all inbound and outbound email traffic. Regularly review AMP reports and disposition changes. Configure retrospective alerts to be notified if a previously delivered file is later deemed malicious.

Granular Control with Content and Message Filters

Content and message filters are the workhorses of the ESA, allowing for highly specific policy enforcement:

  • Inbound Filters: Create filters to block specific attachment types (e.g., executables), scan for sensitive keywords, or quarantine messages from untrusted sources.
  • Outbound Filters: Implement filters to prevent data loss, enforce acceptable use policies, and ensure compliance. For example, block emails containing credit card numbers or enforce encryption for emails to specific domains.
  • Order of Operations: Understand that filters are processed in a specific order. Prioritize your most critical filters (e.g., malware blocking) to execute before less critical ones.

Best Practices for Email Authentication and Encryption

Protecting email integrity and confidentiality is paramount:

  • Implement SPF, DKIM, and DMARC: Configure the ESA to both validate inbound messages against these standards and sign outbound messages. DMARC, in particular, helps prevent email spoofing and provides reporting on authentication failures.
  • Enforce TLS: Mandate TLS for connections with known trusted partners and configure the ESA to opportunistic TLS for other connections, encrypting email in transit whenever possible.
  • Content Encryption: For highly sensitive data, leverage content encryption services offered by Cisco ESA, ensuring that only authorized recipients can view the message content.

Integrating with LDAP and SMTP Sessions

Proper integration streamlines user management and enhances security:

  • LDAP Integration: Configure LDAP queries for recipient validation to prevent directory harvest attacks and to enable user-specific policies.
  • SMTP Session Controls: Implement controls such as maximum message size, recipient rate limits, and concurrent connection limits to protect against denial-of-service attacks and manage resource utilization.

By diligently applying these best practices for implementing Cisco Email Security Appliance, organizations can build a resilient email security infrastructure that is both effective and efficient in combating the dynamic threat landscape.

The Path to Expertise: Cisco 300-720 SESA Exam Demystified

For cybersecurity professionals looking to validate and advance their skills in email security, the Cisco 300-720 SESA exam offers a clear pathway. Achieving the Cisco Certified Specialist Email Content Security certification demonstrates a deep understanding of securing email using Cisco ESA, positioning you as an expert in a critical and highly demanded field.

Why Pursue Cisco Certified Specialist Email Content Security?

In today's threat-rich environment, organizations actively seek individuals who can not only manage but optimize their email security solutions. This certification:

  • Validates your ability to implement, configure, and troubleshoot Cisco Email Security Appliance solutions.
  • Showcases your expertise in combating spam, malware, phishing, and data loss via email.
  • Enhances your career prospects and earning potential in cybersecurity roles.
  • Contributes towards the prestigious Cisco CCNP Security certification if paired with the core exam.

Cisco 300-720 SESA Exam Details

Understanding the specifics of the exam is the first step toward successful preparation. The Cisco 300-720 SESA exam details are as follows:

  • Exam Code: 300-720 SESA
  • Exam Name: Securing Email with Cisco Email Security Appliance
  • Exam Price: $300 USD
  • Duration: 90 minutes
  • Number of Questions: 55-65 questions
  • Passing Score: Variable (approximately 750-850 out of 1000)

Information on the Cisco SESA exam cost and passing score, along with other administrative details, is crucial for planning. You can schedule your Cisco 300-720 SESA exam through Pearson VUE.

Cisco 300-720 SESA Exam Topics: A Syllabus Breakdown

The exam blueprint, which details the Cisco 300-720 SESA exam topics, is your primary guide for study. It outlines the specific areas of knowledge and skill required. Here's a breakdown of the Securing Email with Cisco Email Security Appliance syllabus:

  • Administration (15%): Covering initial setup, configuration management, licensing, reporting, and basic troubleshooting of the ESA.
  • Spam Control with Talos SenderBase and Antispam (15%): Focuses on configuring and managing antispam features, including the use of SenderBase, message filtering rules for spam, and managing spam quarantines.
  • Content and Message Filters (20%): This section delves into creating, applying, and troubleshooting content filters, message filters, and DLP (Data Loss Prevention) policies.
  • LDAP and SMTP Sessions (15%): Explores integration with LDAP for recipient validation and user authentication, as well as managing SMTP session controls, listeners, and host access tables.
  • Email Authentication and Encryption (20%): Covers the configuration of email authentication protocols (SPF, DKIM, DMARC) and various email encryption methods (TLS, content encryption).
  • System Quarantines and Delivery Methods (15%): Examines the different types of quarantines, managing quarantined messages, and configuring delivery methods and destinations for email.

A thorough understanding of each of these areas, including their practical application, is essential. For comprehensive details on the exam objectives, refer to the official Cisco SESA exam page.

Official Training and Study Resources

Cisco provides excellent resources to help you prepare for the 300-720 SESA exam:

  • Official Cisco Training Courses: The recommended training course is 'Securing Email with Cisco Email Security Appliance'. You can find the Cisco Learning Network training path and specific detailed course information for version 3.2. These courses are invaluable for hands-on experience and in-depth conceptual understanding, aligning perfectly with the Cisco CCNP Security SESA training course objectives.
  • Documentation: Cisco's official documentation for the Email Security Appliance provides extensive technical details and configuration guides that complement the course material.
  • Practice Labs: Gaining practical experience with a Cisco Email Security Appliance, either through virtual labs or a sandbox environment, is critical for understanding configuration best practices and troubleshooting scenarios.

By leveraging these resources, you can build a strong foundation and gain the practical skills necessary for not just passing the exam, but for truly mastering CCNP Security exams related to email content security.

Your Study Roadmap: How to Pass Cisco 300-720 SESA Exam

Passing the Cisco 300-720 SESA exam requires a structured and disciplined approach. Here's a roadmap to guide your preparation, ensuring you cover all the Cisco Certified Specialist Email Content Security objectives and build confidence for the exam day.

Phase 1: Foundation Building (Conceptual Understanding)

Begin by solidifying your foundational knowledge:

  • Master the Syllabus: Go through each topic in the Cisco 300-720 exam blueprint. Understand the 'what' and 'why' behind each feature and concept. Don't just memorize; internalize the underlying principles of securing email with Cisco ESA certification.
  • Official Training Course: Enroll in the official Cisco training course, 'Securing Email with Cisco Email Security Appliance'. This structured learning environment provides expert-led instruction and covers all necessary concepts.
  • Cisco Documentation: Supplement your learning with official Cisco ESA documentation. Pay close attention to configuration guides, command references, and best practices. This serves as an excellent Cisco 300-720 study guide in itself.

Phase 2: Hands-On Experience (Practical Application)

Theory alone is insufficient. Practical experience is key to understanding implementing Cisco Email Security Appliance effectively:

  • Lab Practice: Set up a virtual lab environment with a Cisco ESA (virtual appliance). Practice configuring all the features covered in the syllabus: antispam, antivirus, content filters, message filters, LDAP integration, email authentication, and encryption.
  • Troubleshooting Scenarios: Simulate common issues and practice troubleshooting. This will prepare you for the real-world challenges and exam questions that often test your diagnostic skills.
  • Explore CLI: While the GUI is powerful, familiarize yourself with the command-line interface (CLI) for specific tasks and advanced troubleshooting.

Phase 3: Assessment and Refinement (Exam Readiness)

Once you feel confident with the material, it's time to assess your readiness:

  • Cisco 300-720 Practice Exam Questions: Utilize practice exams from reputable sources. These will help you understand the exam format, identify your weak areas, and improve your time management. Analyze incorrect answers to understand the concepts better.
  • Review Weak Areas: Based on practice exam results, revisit the specific syllabus topics where you performed poorly. Dedicate extra study time to these areas until you feel proficient.
  • Time Management: Practice answering questions within the 90-minute time limit. This is crucial for managing the 55-65 questions effectively during the actual exam.
  • Study Groups/Forums: Engage with other candidates in study groups or online forums. Discussing concepts and challenging each other can provide new perspectives and reinforce learning.

Remember, consistency is key. Allocate dedicated study time each day, track your progress, and stay motivated. This comprehensive approach will not only help you pass the Cisco 300-720 SESA exam but also build a solid foundation for your career in email security.

Career Impact: The Value of Cisco Certified Specialist Email Content Security

Earning the Cisco Certified Specialist Email Content Security certification is more than just adding a credential to your resume; it's an investment in your professional future and a clear signal of your specialized expertise in a critical cybersecurity domain. This certification holds significant weight in the industry, opening doors to advanced opportunities and validating your skills in protecting an organization's most vulnerable communication channel.

Enhanced Job Opportunities and Career Progression

With the pervasive threat of email-borne attacks, there's a growing demand for cybersecurity professionals who possess specialized skills in email content security. This certification positions you as an expert in securing email with Cisco ESA certification, making you highly attractive to employers. Roles such as Security Engineer, Email Security Administrator, Network Security Analyst, and even Security Architect often require or highly value this specific expertise. The growing demand for cybersecurity professionals underscores the value of specialized certifications like the SESA.

Higher Earning Potential

Specialized skills often translate into higher compensation. Professionals certified in Cisco Email Security Appliance solutions are recognized for their ability to protect organizations from significant financial and reputational damage. This makes them valuable assets, commanding competitive salaries in the cybersecurity job market.

Validation of Advanced Skills

The Cisco 300-720 SESA exam rigorously tests your knowledge and practical application skills in implementing Cisco Email Security Appliance solutions. Passing this exam officially validates your advanced capabilities in configuring, managing, and troubleshooting one of the industry's leading email security platforms. This official recognition from a global leader like Cisco's role in the networking industry distinguishes you from peers and builds trust with employers and clients.

Contribution to Organizational Security Posture

As a Cisco Certified Specialist Email Content Security, you play a direct and crucial role in safeguarding your organization. Your expertise in configuring and optimizing the Cisco Email Security Appliance directly contributes to preventing breaches, maintaining compliance, and protecting sensitive data. You become a frontline defender against advanced persistent threats, ensuring business continuity and trust in digital communications.

Pathway to Further Cisco Certifications

The SESA certification is an integral part of the Cisco Certified Network Professional (CCNP) Security track. Achieving it can be a stepping stone towards earning the full CCNP Security certification, further broadening your expertise across various security domains and enhancing your overall career trajectory. This makes it a strategic choice for long-term career growth in cybersecurity.

Conclusion

The Cisco Email Security Appliance stands as a vital defense in the ongoing battle against sophisticated cyber threats. Its comprehensive suite of features, powered by Cisco Talos intelligence, offers unparalleled protection against spam, malware, phishing, and data loss, making it an indispensable tool for any organization's security architecture. Mastering this appliance is not just about technical proficiency; it's about becoming a critical asset in the defense of digital communications.

The Cisco 300-720 SESA exam, leading to the Cisco Certified Specialist Email Content Security certification, provides a structured and recognized path to validate this expertise. By diligently preparing for the exam, leveraging official training, and gaining hands-on experience, you can demonstrate your capability to implement, manage, and troubleshoot Cisco ESA solutions effectively. This certification not only elevates your technical skills but also significantly boosts your career prospects in the ever-expanding field of cybersecurity. Ready to elevate your email security expertise and solidify your position as a cybersecurity specialist? Don't hesitate to explore other Cisco certification paths and begin your journey today.

Frequently Asked Questions About Cisco Email Security Appliance and SESA Certification

1. What is the primary purpose of a Cisco Email Security Appliance (ESA)?

The Cisco Email Security Appliance (ESA) is a comprehensive security solution designed to protect organizations from a wide array of email-borne threats, including spam, phishing, malware, and data loss. It filters incoming and outgoing email traffic, enforcing policies and leveraging real-time threat intelligence from Cisco Talos to ensure secure communication.

2. How does the Cisco 300-720 SESA exam relate to other Cisco certifications?

The Cisco 300-720 SESA exam is one of the concentration exams for the Cisco Certified Network Professional (CCNP) Security certification. Passing it, along with the core 350-701 SCOR exam, leads to the CCNP Security certification. It also grants the Cisco Certified Specialist Email Content Security certification on its own, validating specialized expertise in ESA.

3. What are the key features of the Cisco Email Security Appliance?

Key features of the Cisco ESA include Talos-driven threat intelligence, advanced malware protection (AMP), robust antispam and antivirus engines, data loss prevention (DLP), email encryption, sender and recipient authentication (SPF, DKIM, DMARC), and highly granular content and message filtering capabilities. These work together to provide multi-layered defense.

4. Is hands-on experience with the Cisco ESA necessary to pass the 300-720 SESA exam?

Yes, hands-on experience is highly recommended and often crucial for success. The exam covers practical configuration, troubleshooting, and management tasks. While theoretical knowledge is important, practical application in a lab environment (virtual or physical) will solidify your understanding of how to implement and operate the Cisco Email Security Appliance effectively.

5. What kind of career opportunities can the Cisco Certified Specialist Email Content Security certification unlock?

This certification can unlock various career opportunities in cybersecurity, including roles such as Email Security Engineer, Network Security Administrator, Security Operations Center (SOC) Analyst, and Security Consultant. It demonstrates specialized skills highly valued by organizations seeking to fortify their email defenses against evolving cyber threats.

Thursday, 22 June 2023

The Value of SOC2 and ISO27001 in Enhancing Customer Trust

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Learning, Cisco Tutorial and Materials, Cisco Guides, Cisco Preparation

In an era of ever-evolving cybersecurity threats, a strong security posture for your cloud-based applications is paramount. Certifications such as SOC2 and ISO27001 represent an international benchmark that demonstrate a product’s robustness in security, service resiliency, and sound data management practices. Recently, our product, Secure Email Threat Defense, successfully completed the SOC2 certification process, and I’d like to share our experience to highlight the importance of these certifications for security-conscious buyers.

To gain certification, our team had to show an accredited external auditor that Secure Email Threat Defense met or exceeded the requirements of SOC2 and ISO27001. In obtaining SOC2 Type 2 certification, we validated our adherence to the Trust Services Criteria: security, availability, and confidentiality. ISO27001 further demanded effective processes and controls to protect information systems and contained data.

These combined certifications assure our customers that Email Threat Defense:

◉ Operates in a secure, reliable, and responsible manner.
◉ Protects our customers’ information.
◉ Provides transparency in system development, deployment, and maintenance as evidenced in our SOC2 Type 2 report.
◉ Commits to independent audits that will validate the effectiveness of our controls, both procedurally and from an implementation perspective.

As part of the audit process, Email Threat Defense had to prove its commitment to internal processes and provide evidence of ongoing adherence to internal controls. Our efforts in access management, change management, business continuity, incident response, and vulnerability management were scrutinized.

In the area of access management, we showcased our commitment to best practices and granular access permissions, ensuring that customer data is protected at all times. When it comes to change management, we follow strict policies and require approval for all system changes, enabling us to deliver quality features quickly.

Our business continuity and incident response capabilities were also thoroughly reviewed. We demonstrated our service’s resiliency to upstream service failures within AWS and Azure, as well as our team’s robust incident response capabilities. In a disaster recovery scenario, we showed our ability to restore critical customer data, including Search and Reporting data.

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Learning, Cisco Tutorial and Materials, Cisco Guides, Cisco Preparation

Finally, in the realm of vulnerability management, we proved our ability to remediate vulnerabilities within industry-standard SLAs, thereby mitigating the risk of known and emerging threats.

By obtaining SOC2 and ISO27001 certifications, we have displayed our unwavering commitment to information security and to our customers, providing an additional layer of trust for our users. For security-conscious buyers, these certifications represent a reliable method for evaluating the security posture of cloud-based applications such as Email Threat Defense. These certifications are not merely symbolic badges; they indicate a level of trust that our customers can rely on  in an uncertain cybersecurity landscape. We’re proud of the work we’ve done to achieve this significant milestone and we will continue to prioritize security as we further develop, innovate, and optimize Email Threat Defense.

Source: cisco.com

Wednesday, 13 May 2020

Real Users Speak: Cisco and the Elements of Robust Email Security

Cisco Tutorial and Material, Cisco Guides, Cisco Certification, Cisco Exam Prep

What does it take to implement robust email security? According to users of Cisco Email Security (ESA) on IT Central Station, it takes a combination of distinctive elements in an email security solution to attain this goal. These include sophisticated filtering, built-in intelligence and policy definition and enforcement capabilities. The system should also be easy to use.

Real users share their unbiased opinions on what makes Cisco Email Security the #1 ranked product in IT Central Station’s Messaging Security category.

Filtering out spam and phishing messages


Companies worry about employees clicking on malicious links in phishing emails or getting deluged with bogus spam messages. Indeed, the attack chain for a great many data breaches and ransomware attacks starts with an email to an unsuspecting person.  Effective email filtering is thus a compelling feature for an email security solution. IT Central Station members expressed this opinion.

For example, Michael L., a Network Security Engineer at Konga Online Shopping Ltd., a retailer with over 1,000 employees, acknowledged that Cisco Email Security Appliance (ESA) “helped with mail filtering and load balancing between Exchange servers.” In particular, he singled out Cisco Email Security because, as he said, “Cisco Email Security enabled us to blockade domains that send these emails. Cisco Email Security gave us fantastic service. The filtering is something I found very valuable.”

“Initially, the most valuable feature for us was the SenderBase Reputation,” said a Regional ICT Security Officer at an energy/utilities company with over 10,000 employees. He added that it “reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. Since then, customized filtering has been very effective and useful for us.”

A Security Engineer at an energy/utilities company similarly remarked, “We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company. The most valuable features are Advanced Malware Protection, URL filtering, and of course Reputation Filtering.”

Built-in intelligence


The volume and variety of email translates into a need for security that’s augmented by machine intelligence. Cisco ESA users spoke to this ability, with John A., a Network Security Engineer at a small tech services company, noting that, “Cisco was scanning our emails with their own intelligence. I liked that.” An Information Security Analyst at a healthcare company also commented on Cisco ESA’s Intelligent Multi-Scan (IMS) engine, saying “it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked.”

Cisco Tutorial and Material, Cisco Guides, Cisco Certification, Cisco Exam Prep

For the energy company Regional ICT Security Officer, built-in email security intelligence came in the form of Talos. As he put it, “Instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they’re now providing has a lot of attraction because it helps to prevent phishing emails.”

Policy enforcement


IT Central Station members addressed the issue of security policy definition and enforcement as an element of strong email security. As Keith K., a Senior Email Engineer at a legal firm with over 1,000 employees explained, “We use it [Cisco ESA] for different policies or as another scanning engine, e.g., on the desktop or for data coming through another email gateway.” He added, “The most valuable feature is the policies or rules that you can put on it. This definitely helps with routing specific things to different destinations within our organization, or even potentially blocking when something is coming in and out.”

Setu S., a System Administrator at a financial services firm with over 1,000 employees echoed this sentiment, sharing that his team uses Cisco Email Security for “customized policies based on our security measures using this tool to scan the emails in our inboxes.” He noted, “We also check all incoming emails. Because we can customize policies with it, we have good documentation.”

Ease of use


Email security is challenging enough that security professionals prefer solutions that are easy to use. In this context, Mir A., a Network Engineer at a hospitality company with over 10,000 employees, observed that Cisco ESA “was really easy to implement.” As he said, “Even a newcomer joining the company could easily implement it.” John A found that “anybody could use it. You don’t have to be familiar with IT to be able to handle navigating it. The deployment was quite easy.”

Cisco Tutorial and Material, Cisco Guides, Cisco Certification, Cisco Exam Prep

This user also noted, “GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is.” The healthcare Information Security Analyst said, “Black-listing and white-listing are highly intuitive and easy to do.”

Thursday, 4 January 2018

Defending Against The $5B Cybersecurity Threat – Business Email Compromise

If an average employee at your company got an email from an executive with an urgent request, would they question whether the email was coming from the actual sender? They probably wouldn’t. The reality is that most people would act on the request because of its time-sensitive nature. They assume that the IT team has the right technology in place to validate email senders so they can focus on doing their work. But this is why attackers succeed. Their target thinks the email is coming from someone they trust and consequently, their organization gets breached. This type of attack is called Business Email Compromise (BEC), email spoofing or spoof abuse. The FBI estimates it has cost companies $5.3B globally – far more than the $1B in 2016 for ransomware.

Friday, 17 November 2017

Cisco Email Security is Top Solution

Billions of corporate messages flow back and forth on a daily basis. And with over 90% of breaches starting with an email, organizations today face a daunting challenge when choosing the best email security solution to stop emails with phishing links or malicious attachments that unleash ransomware, phishing or business email compromise attacks. Securing the most important business communication tool is a tall order indeed. This is why we’re proud to share that Cisco Email Security has been named Top Player on Radicati’s Market Quadrant for Secure Email Gateways 2017 for the second consecutive year.

Thursday, 10 August 2017

Deep Dive into AMP and Threat Grid integration with Cisco Email Security

In this blog post, we are going to dive deeper and explain the workflows of AMP and Threat Grid integration with Cisco Email Security (applies to both Cloud Email Security and on premise Email Security Appliance), as well as help administrators refine security posture in their organizations. Let’s start with a quick recap of how file reputation, file analysis and file retrospection work together in general.