Email continues to be the number one threat vector. As the most widely used and relied upon application in almost every organization, it’s a top security challenge no matter the size of the company or in what manner their security platform is deployed.
In fact, the 2020 Cisco CISO Benchmark Study validates these concerns. Those from the highest levels of a wide range of organizations report that the most common causes of productivity downtime are ransomware, spyware, and phishing.1
The complexity of the security landscape provides challenges of its own. Managing a wide assortment of security tools is cumbersome, requires greater resources, and is often confusing. According to recent ESG research, 31% of organizations use more than 50 different security products while 60% use more than 25.1 And, it’s not just the number of tools that are making security harder, the threats are getting more sophisticated, too. Over 75% of organizations claim that threat detection and response is more difficult today than 2 years ago.2
So, how can organizations effectively protect themselves against security threats but also against the complexity of managing disparate security products? Utilizing numerous products can make it harder to establish and enforce integrated security workflows and limits progress on the path to higher levels of security maturity.
The most strategic and recommended action for protection against email threats is to use a solution that’s fully integrated into an existing architecture and operationally part of a larger platform. Stand-alone products, even best of breed products which are narrowly focused on a specific aspect of security, don’t provide enough breadth of visibility to fully enable an organization to see and react to security threats. And, that lack of integration across a portfolio leads to blind spots and points of failure.
Cisco’s recent introduction of Cisco SecureX aims to simplify the demands of threat protection by providing a platform that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. By connecting technology in an integrated platform, SecureX delivers measurable insights, desirable outcomes, and unparalleled cross-team collaboration. SecureX enables you to expand your capabilities by connecting your security infrastructure.
Look to SecureX to:
Gain actionable insights across your entire security infrastructure, including network, endpoints, cloud, and applications, to help accelerate threat responses and realize desired outcomes. Key metrics include Mean Time to Detection, Mean Time to Remediation, and Incident Burndown times. These valuable and actionable metrics are derived from full case management capabilities native to the SecureX platform.
Automate security workflows
Increase the efficiency and precision of your existing resources via automation to advance your security maturity and stay ahead of an ever-changing threat landscape. Automating phishing workflows save you time, money, and resources. SecureX delivers pre-built playbooks that can be customized to your own environment that includes Cisco and non-Cisco products.
Collaborate better than ever
Share context between SecOps, ITOps, and NetOps to harmonize security policies and drive stronger outcomes across workflows that turn security from an obstacle to an enabler. Case management enables you to assign cases, track them to closure, and add relevant artifacts captured during the investigation. Email policies can be proactively updated based on the learnings from investigations discovered within SecureX.
Email Security and SecureX
Cisco Email Security is a top-line defense against the most common cyber threats like phishing, spoofing, business email compromise, and malware. Its efficiency is bolstered by its inclusion in the SecureX platform. A simplified dashboard reduces the complexity involved with the planning and administration of email security, improves compliance monitoring, makes consistent enforcement of acceptable-use policies possible, and enhances threat protection. Advanced sandboxing combined with threat intelligence provide a unified solution to protect organizations from malware. And robust data loss prevention and content-encryption capabilities safeguard sensitive information.
Phishing, which routinely ranks as a top concern, is addressed with a phishing investigation workflow enabled by SecureX that allows your users to forward email messages from their inbox. In addition, a dedicated inspection mailbox will start an automated investigation and enrichment via SecureX. The email messages are scraped for various artifacts and inspected in Threat Grid. If malicious artifacts are identified, a coordinated response action, including approvals, is carried out in alignment with your regular operations process.
With Cisco’s SecureX phishing playbook, for example, end users can submit a suspicious email to SecureX to get a determination of whether it is malicious or not. If the submitted email is malicious, the end-user will be notified of the recommended next steps and an event will be generated in SecureX using an approval workflow that alerts the security team. To deliver this capability, the playbook pre-processes email to extract observables, determines the verdict for observables, hunts for targets involved, and takes mitigation and/or preventative actions. The casebook feature enables stronger collaboration among teams and updates policies to ensure best practices.
This provides the ability to:
- Automate phishing investigations and drive quicker response actions
- Provide visibility into key operational measures of your security portfolio
- Block compromised users or users violating outgoing email policies
- Use the convenient interface of threat response for investigations to visualize message, sender and target relationships, search for multiple email addresses and subject lines, and understand threat trajectory.
- Respond with confidence by blocking malicious domains, track suspicious observables, initiate an approval workflow, collaborate using a built-in casebook function or create an IT ticket to update email policy
SecureX: What’s Next
SecureX will be generally available in June.
To stay updated on the latest about SecureX