If you read the recently released Cisco Annual Security Report, you will have learned how spammers have adopted a “Snowshoe” strategy, using a large number of IP addresses with a low message volume per IP address, to send spam, preventing some spam systems from sinking the spam. This yielded a 250 percent increase in spam from January 2014 to November 2014. Or, perhaps the fact that malicious actors are using malvertising (malicious advertising) from web browser add-ons as a medium for distributing malware and unwanted applications caught your eye in the report. In order to protect against these types of emerging threats, Cisco showcases its continued thought leadership in email security to offer even greater protection and control across the attack continuum, while also providing additional flexibility for centralized management.
Extending Advanced Malware Protection (AMP)
Cisco Email Security Appliance is the only email security solution that offers retrospective security to identify and stop threats across the attack continuum. AMP on the ESA uses a combination of file reputation, file sandboxing, and retrospective file analysis to deliver effective protection against advanced and targeted attacks. Customers who have AMP deployed on the WSA can conduct file sandboxing on file types ranging from PDF and EXE to Microsoft Office files. File retrospection in ESA provides a continuous analysis of files that have traversed the security gateway, using real-time updates from AMP’s cloud-based intelligence to stay abreast of changing threat levels. Once a malicious file is identified as a threat, the administrator is alerted and given visibility into who on the network may have been infected and when to address an attack quickly, before it has a chance to spread.
Strong Defense against Snowshoe Campaigns and Phishing Attacks
Snowshoe spam, as mentioned above, is a growing concern as spammers distribute spam attack origination across a broad range of IP addresses in order to evade IP reputation checks. The newest AsyncOS 9 for ESA enables enhanced anti-spam scanning through contextual analysis and enhanced automation, as well as automatic classification, to provide a stronger defense against snowshoe campaigns and phishing attacks.
Programmable Interface to support easy Management and Automation
This exciting new capability allows customers to develop custom applications that interact with the Cisco ESA. For example, a customer could develop an application to fetch reporting counters from the ESA and create a custom report to meet specific corporate requirements. Future versions of this API will include WSA and SMA and enable configuration management in addition to reporting.
S/MIME Encryption and Signing
S/MIME gives customers another way to exchange emails in an encrypted and secure manner, in addition to Transport Layer Security (TLS). With AsyncOS 9.0, the Cisco ESA now supports gateway encryption and signing using S/MIME.
Virtual Security Management Appliance (SMAV)
This platform virtualization has the same look and feel as the Cisco Web Security Virtual Appliance (WSAV) and Cisco Email Security Virtual Appliance (ESAV). Packaging, deployment, and licensing is the same as ESAV and WSAV. Customers have an easy way to evaluate the Cisco Security Management Appliance (SMA) if you don’t have one. Just download, apply the trial license, and run your virtual SMA. SMAV can manage both hardware and virtual appliances.
Customers can now use complex conditions in mail flow policies that make it much easier to setup rules that comply with specific corporate needs. This is supported for both inbound and outbound emails. AsyncOS 9.0 for ESA also supports user-specific access to the spam quarantine. Customers can now enable access to the spam quarantine for an LDAP group or for specific users. For more information how Cisco Email Security protects against the constant, dynamic, rapidly changing threats affecting email today, visit www.cisco.com/go/emailsecurity.