Each day more than 100 billion corporate email messages are exchanged1. Who doesn’t need to do a little housekeeping and eliminate unwanted emails? But you need to think twice before you click on “unsubscribe.”

As you likely read in the 2015 Cisco Annual Security Report, attackers are using applications users inherently trust or view as benign, like web browser add-ons, to distribute malware. One of the latest phishing techniques is graymail – directing the “unsubscribe” link at the bottom of a seemingly innocuous marketing email to a malware infested website. Many of us click on these links without a second thought. But instead of ridding ourselves of unwanted emails, we’re actually opening ourselves up to an attack.

This is just one example of how attackers continue to innovate, and Cisco does as well. Our new AsyncOS release for Cisco Email Security Appliance (Cisco ESA) demonstrates how Cisco empowers you with a threat-centric approach to security and more comprehensive management control.

Threat-Centric Security

Strong Defense against Graymail

Graymail is a growing problem, as attackers use “unsubscribe” links to harvest addresses or install drive-by download malware on the target website. These aggressive marketing email messages are not spam but viewed as such since the recipient didn’t intentionally “opt-in” to receive them. AsyncOS 9.5 for Cisco ESA includes a new graymail engine to detect, classify, and automatically present recipients with a safe way to unsubscribe. Email administrators gain better visibility into graymail activity reflected in reporting and message tracking tools.

Visibility into Malicious Links with Web Interaction Tracking

Administrators and management need more visibility to track malicious links, including who clicked on the links and their actions. Cisco ESA now includes the ability to track users clicking on rewritten URLs so that email administrators can educate those users and blacklist the malicious URLs to thwart future attacks.

On-Premise Malware Sandboxing for Privacy Requirements

For customers in industries, markets or regions with strict privacy mandates, Cisco ESA now supports an on-premise sandbox for malware analysis as an alternative to the public cloud sandboxing option. This local option uses big data analytics, policies, detection and protections stored on-site. If an unknown, suspicious file is discovered, only anonymized SHA256 information is sent to the cloud for file disposition lookup. All sandboxing results remain private.

Additional Encryption Support

With AsyncOS 9.5, the Email Security Appliance now supports Transport Layer Security (TLS) 1.2. This encryption protocol is especially important in industries such as healthcare, where compliance with regulations require data transmission over the internet with TLS 1.2. Meeting these compliance requirements reduces the risk of vulnerability of data in motion with encryption best practices.

Complete Control

Performance Management

Administrators need better, faster visibility into the health of their systems to ensure systems continue to support business requirements for bandwidth, processing, and memory capacity and to more effectively plan for upgrades. Cisco ESA includes enhanced performance monitoring so that administrators can continuously check the health of systems to more quickly and easily determine utilization spikes, understand how often systems enter Resource Conservation mode, and to ensure they have the memory capacity to upgrade to the next release. Through alerts, new graphs, and automated analysis, IT administrators are armed with timely information to maintain system performance and avoid business disruption.

Find out more at www.cisco.com/go/emailsecurity.

1 Email Statistics Report, The Radicati Group, Inc.: 2012 – 2016


Dan Stotts

Product Marketing Manager

Security Product Marketing organization