Today, an email administrator needs to get the most out of their data and reporting when it comes to the daily management of Business Email Compromise, Ransomware, Malware, and Phishing. The email administrator also has to share the data, reporting and actual emails allowing their SOC and other teams in order to perform X, Y, Z.
In my video, I have provided the steps to configure the Cisco Secure Email module in SecureX. This allows you to take the everyday mail summaries and threat reporting and make those available in the SecureX Dashboard:
With Cisco SecureX integration, the ribbon provides access to Casebook, Orbital, any configured Cisco Security portfolio module. The email administrator has taken their data and reporting and made it readily available to their organization.
Ready to level up?
Cisco SecureX Orchestration now includes the capability of automating Phishing investigations and remediation. As we have already read in previous blog posts, the Phishing Investigation Workflow available in Orchestration is a game changer for today’s email administrator.
The Phishing Investigation workflow monitors a mailbox for incoming phishing reports. When an email is received, the workflow investigates its attachments and attempts to determine if anything in the email (or its attachments) was suspicious or malicious. If anything suspicious or malicious is found, the user is told to delete the email, a casebook and incident are created in Threat Response, a Webex Teams message is posted, and an email is sent to a SOC email address.
The new email event in SecureX Orchestration allows you to trigger a workflow when an email arrives in an inbox. In this video, we show how our phishing investigation workflow can take an email submission and conduct an automated investigation.
Now, in addition to the data and reporting shared to their organization, the email administrator has securely provided the email and automation capability with their security teams!
Phishing automation is not the only thing the email administrator can do with Orchestration. Take a look at this example, Monitoring and Controlling and Email DLP Breach on Cisco SecureX, from my good friend Alexandre Argeris, Cisco Cyber Security TSA:
Orchestration takes what was once considered to be a mail flow policy or content filter driven action from with-in Cisco Secure Email to unlocking a whole new level of administration.
Not using Cisco Secure Email?
If you are new to Cisco Secure Email, be sure to review our full portfolio, or sign-up for a 45-day trial of our Cisco Secure Email Cloud Gateway.
Cisco Live! 2021 is coming up:
Americas: March 30-31
APJC: March 31 – April 1
EMEAR: March 31 – April 1
Two hands-on-labs that you may be interested in:
- SecureX Orchestration Hands-on Crash Course – HOLPRG-2007
- Building 3rd Party Integrations with Cisco SecureX – HOLSEC-3003
- Orchestration links
- SecureX webpage
- SecureX orchestration documentation
- SecureX orchestration GitHub link
- SolarWinds workflow docs
- Phishing workflow docs