Cisco Email Security


• Faster, more comprehensive email protection, often hours or days ahead of the competition

• The largest network of threat intelligence with Cisco Talos, built on unmatched collective security analytics

• Outbound message protection through on-device Data Loss Prevention (DLP), email encryption, and optional integration with RSA’s Enterprise DLP solution

• Lower total cost of ownership with a small footprint, easy implementation, and automated administration that yield savings for the long term

Cisco Secure Email

Email is the number one threat vector for cyberattacks, according to the 2015 Cisco Annual Security Report. The Cisco® Email Security Appliance keeps your critical business email safe and helps eliminate data leakage. The Cisco Email Security portfolio―including the Cisco Email Security Appliance (ESA; see Figure 1), Cisco Email Security Virtual Appliance (ESAV), and Cisco Cloud Email Security (CES) solutions―delivers inbound protection and outbound data control through advanced threat intelligence and a layered approach to security. This approach comprises URL categorization and reputation filtering, antispam and antivirus filters, Outbreak Filters, and Advanced Malware Protection (AMP).

Figure 1. Cisco Email Security Appliance

Cisco Email Security Appliance


Advanced Threat Defense

Cisco Email Security is powered by Cisco Talos Security Intelligence and Research Group (Talos), the industry’s largest collection of real-time threat intelligence, with the broadest visibility and largest footprint. Talos discovers where threats are hiding by pulling massive amounts of global information across multiple attack vectors (see Figure 2). This information gathering encompasses:

• 100 TB of security intelligence daily
• 1.6 million deployed security devices including firewall, intrusion prevention system (IPS), web, and email appliances
• 150 million endpoints
• 13 billion web requests per day
• Hundreds of applications and 150,000 microapplications
• 35 percent of the world’s enterprise email traffic

Talos delivers early-warning intelligence, threat and vulnerability analysis to help protect organizations against zero-day advanced threats. It continually generates new rules that feed updates every three to five minutes, so that Cisco Email Security can deliver industry-leading threat defense hours and even days ahead of competitors.

Figure 2. Cisco Talos Security Intelligence and Research Group

Cisco Web Security

A Multilayered Defense to Tackle Multiple Threats

Integrated into the Cisco ESA is our Cisco Talos service, which provides a 24-hour view into global traffic activity (see Figure 4). You can analyze anomalies, uncover new threats, and monitor traffic trends. Automatic policy updates are pushed to network devices every three to five minutes.

With Cisco ESA you can also:

• Stop phishing attempts and blended threats
• Satisfy requirements for highly secure messaging with dependable encryption
• Comply with industry and government data loss prevention regulations
• Defend against advanced threats and targeted attacks
• Set and enforce detailed email policies

Advanced Spam Defense

We make it easy to stop spam from reaching your inbox. A multilayered defense combines an outer layer of filtering based on the reputation and validity of the sender and an inner layer of filtering that performs a deep analysis of the message. We have 3 engine choices, one of which is IMS that uses multiple anti-spam engines for the best possible catch rate. And recent enhancements help defend against snowshoe campaigns using contextual analysis, enhanced automation, and autoclassification (see Figure 3).

Figure 3. Cisco ESA’s SPAM Protection

Anti Spam Defense


For multi-layer anti-virus protection, choose to deploy either Sophos or McAfee anti-virus engines—or both. Run both antivirus engines in tandem to dual-scan messages for the most comprehensive protection. Use the same license for inbound anti-spam and anti-virus scanning to check your outbound messages, with intelligent multi-scanning providing the best possible catch rate. Use all of these features for the visibility to identify needed remediation and keep your company off of blacklists. Combine this with Outbreak Filters to help stop the threats before they manifest themselves as an outbound flood of messages (i.e. zero-day outbreaks).

Figure 4. Cisco ESA’s Threat Protection

Antivirus Defense

Sandboxing and Continuous Analysis

Advanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco ESA customers. AMP is a comprehensive malware-defeating solution that provides malware detection and blocking, continuous analysis, and retrospective alerting (see Figure 5). It takes advantage of the vast cloud security intelligence networks of both Cisco and Sourcefire (now part of Cisco). AMP augments the malware detection and blocking capabilities already offered in the Cisco ESA with enhanced file reputation capabilities, detailed file-behavior reporting, continuous file analysis, and retrospective verdict alerting. New: Customers now have the ability to sandbox PDF and Microsoft Office files, and archive/compressed files in addition to EXE files supported in the first AMP release.

Figure 5. Cisco Zero-Hour Virus and Malware Protection

Cisco Zero Hour Virus and Malware Protector

Best Performance DLP and Compliance

Data loss prevention and compliance are a key part of the Cisco Email Security technology. In fact, your outbound data loss prevention filters are already onboard your Cisco Email Security solution.

We partner with RSA, the leader in DLP technology, to provide integrated DLP functionality to help ensure compliance with industry and government regulations worldwide and help prevent confidential data from leaving your network.

Instead of Cisco reinventing all of these DLP libraries, we partner with a proven vendor and build its compliance libraries and lexicons into all of our email security solutions (see Figure 6).

If you are looking to expand beyond email to protect sensitive data in other threat vectors such as web, endpoints, data center, and so on, we offer direct integration with DLP Enterprise Manager, the overarching management console for the RSA DLP Suite. With this integration, RSA Enterprise Manager is your single pane of glass for setting common rules, policies, and remediation measures across your organization, not just your email.

Figure 6. Cisco ESA’s DLP Model

DLP and Compliance


Satisfy compliance requirements with secure messaging. Meet encryption requirements for regulatory requirements such as PCI, HIPAA, SOX, and GLBA— as well as state privacy regulations and European directives—without burdening the senders, recipients, or email administrators. Offer encryption not as a mandate, but as a service that’s easy to use. Give the sender complete control of their content, even after it’s been sent. With Cisco’s email encryption, senders don’t fear mistyped recipient addresses, mistakes in content, or time sensitive emails because the sender always has the option to lock the message.

Take advantage of the most advanced cloud-based encryption key service available today. Manage recipient registration, authentication, and per-message/per-recipient encryption keys with Cisco Registered Envelope Service. Cisco Registered Envelope Service provides all user registration and authentication as a highly available managed service. There’s no additional infrastructure to deploy. For enhanced security and reduced risk, message content goes straight from your gateway to the recipient.

Figure 7. Cisco Registered Envelope Service

Encryption Key Is Stored In The Cloud

Continuous Innovation

Lower Total Cost of Ownership

The Cisco ESA delivers a consolidated solution in a single appliance, unlike other solutions that often require additional devices for new features and functions. You spend less time troubleshooting. You save time with automatic updates from Talos and stay tuned against the latest threats without intervention. Lastly, you can use your existing VMware infrastructure in an unlimited number of deployments of the Cisco Email Security Virtual Appliance (ESAV). Flexible Deployments: On Premises, in the Cloud, Hybrid, and Virtual The Cisco ESA has a flexible set of deployment options (see Figure 8). You can deploy it on premises with an appliance or a clustered group of appliances, either hardware or virtual. You can do multiple clusters if needed. You can have some in certain data centers and others in other data centers for redundancy or for hot or cold standby.

And then we have a cloud approach and a hybrid approach. You can handle all your inbound and outbound security in the cloud if you don’t want the appliance on premises or if you simply want someone else to handle it. In the cloud you can have us make changes to policies. Or you can have full access to the cloud to create the policy changes.

The hybrid approach has a similar co-management situation. You can clean the messages coming into the cloud but do the control outbound on premises to stop those messages before they leave your gateway or network border.

We offer these options with support across multiple devices, including desktops, mobile phones, laptops, and tablets, and for Android, iOS, Mac, PC, and Linux.

Figure 8. Cisco ESA Deployment Options

Flexible Deployment Options