The Cisco ASI comes in different models I’m listing here the ones that are available at the time of recording but I invite you to follow the link in the bottom of the screen to become familiar with any other models that Cisco may have introduced since the time of recording since Cisco is always adding new models to their products.
Especially through security products here as you can see there’s several models that are designed for service providers and large enterprises such as the x10 7e and the c6 ATS that’s six.
70s that 380 s and the c3 70s are designed.
For medium-sized enterprises the 170 or the c1 70 is.
Designed for small businesses or branch offices now one thing to highlight is that the Cisco ESA and also the WUSA they both run the Cisco async OS so again the operating system is not Cisco IOS but instead of Cisco async OS the following are some examples of the IESA features the first one is actually access.
Control so controlling access for inbound senders according to the sender’s IP address the IP address range or domain names based on reputation they also anti-spam so this.
Is actually a multi-layer filter based on Cisco standard based reputation and a Cisco anti-spam integration information actually coming from the Talos group that I mentioned before another feature is the anti-spam feature which is a multi-layer filter based on Cisco’s underbase reputation and also Cisco anti-spam integration the anti-spam reputation and 0 they threat intelligence is actually fueled by Cisco threat intelligence coming from the research group named Talos like I mentioned before cisco partner with antivirus.
Software vendors such as sophist and McAfee to support and network antivirus.
Scanning engine and this is integrated within the ESA functionality itself also another feature is the advanced malware protection or amp which is an integration from technology that actually came from the acquisition of Sourcefire and this allows security administrators to.
Malware and perform continuous monitoring or analysis and retrospective alerting of any threats in the network another example.
Of ESA feature is the DLP or derelict prevention this is the ability.
To detect any sensitive emails or documents that are leaving the corporation whenever they’re like not supposed to leave the corporation.
The cisco ESA integrates this functionality using the RSA email DLP capabilities for outbound traffic another feature of the ESA is the ability to encrypt outgoing email the Minister can configure an encryption policy on the cisco ESA and then use a.
Local key server or a host the key service to encrypt the message a few email authentication mechanisms are also supported including the SPF for the sender policy framework.
The sender ID framework or s IDF and domainkeys identified mail or DKIM this actually of course is actually used for verification of incoming mail as well as the domain keys and DKIM of signing up going emails our break filters are also another capability of the ESA which is a preventive protection against new security outbreaks and email based scams using Cisco tells threat intelligence information the group that I mentioned before the Cisco email reputation database includes you know millions of global devices you know across the world.
And basically what they actually do is they archive a historical library of the time of recording 40,000 threats but of course these numbers are always increasing basically the benefits are that.
They provided 360-degree dynamic threat visibility across this footprint understanding vulnerabilities and exploit echnology.
Is that are used by bad actors nowadays and of course providing visibility to the highest level of threats vehicles that are actually use and the latest attack trends and techniques used by these bad actors another capability of the esa infrastructure or the esa solution is the amp on prem sandboxing capability this actually integrates.
Both the source fire technology and through grid solutions architectures to be able to do pretty.
Classification and sandbox ins of new or unknown security threats or malware in the network here we see the esa.
Architecture and specifically the actual mail flow the internal.
Engine identifies what we call grey mail and they also this engine also extracts unsubscribe links from the actual messages and pass that verdict to the iPass and what we call the I.
Pass for improve spam efficacy basically they email at me the administrator sits the following send their base reputation filters after that you know anti-spam scanning antivirus scanning then they are advanced malware protection capabilities you know take place then we actually do the.
Gray mail detection capabilities that I mentioned before and content filters and of course virus outbreak filters coming from threat intelligence from Cisco the cisco esa also integrates with the RSA DLP functionality or the DLP.
Products DLP of course like i mentioned before it stands for derelict prevention and in our SAS enterprise DLP solutions basically the.
Esa replaces three things the smtp interceptor they encrypt the server and the SMTP smart host and basically what.
The ESA provides is uninterrupted minimal flow full visibility into the actual mails that are incoming are going in in the network an integrated detection and remediation.
Capabilities and of course at the end of the day the administrator has fewer systems to maintain and troubleshoot the ESA also enforce encryption policies based on TLS forcing things like contractual obligations preventing sensitive information from being sent in the clear and of course misko figure business partners from sending your sensitive information in the.
Clear as well the Cisco envelope encryption is a functionality that makes it easier for the sender and that’s because provides an automated key management the other thing is that you don’t need any desktop software or an additional desktop software installed in the machine and then it also sends the emails transparently to any email address on the Internet and of course encryption is triggered by key words policies senders.
Recipients and many other things that can provide contextual information to the esa and it also makes it easier for the recipient right so whenever a person actually opens an attachment it actually confirms that entity and then after that you know you seen things like corporate credentials which are optional of course it actually can view the message itself making it easier for.
The sender and also for their recipient DKIM an SPF are things that are applied on top of messages in other words if the recipient system wants.
To look the DKIM and SPF and use this data it’s definitely available if not it just passes it look like a regular message so in.
This case actually you know an email is actually sent from the corporate network out to the Internet and the ESA signs.
That email and it verifies you know goes through the the process to actually verifies the email avoiding spoofing of your messages increasing your reputation and of course avoid getting blacklisted on the Internet you can publish a.
Key in DNS which is a list of you’re sending systems so.
That whenever a recipient received this email.
The systems can look and see if the message itself is actually sign coming from your company and that the sender you know is the one that is supposed to be this helps protect your identity from phishing improves the sender reputation and the delivery of the message and also allows you to maintain visibility and control of all sent email messages and of course who is actually sending them on your behalf this Corie sa uses.
Listeners to handle incoming email messages or email smtp connection requests and listener defines an email processing service that is configured on a given interface in the cisco USA this listeners apply to email entering the appliance from either the internet or.
Following listeners can be configured in the cisco esa public listeners for email coming from the internet and private listeners for email coming from hosts in the corporate or the inside network typically.
These emails are from internal exchange server or pop or IMAP email servers.