22 Apr CISCO EMAIL SECURITY APPLIANCE (ESA)
Posted at 11:53h in IT Security Solutions
Cisco Email Security Appliance (ESA) – is solution that allows you to provide full control of email and protect corporate users from attacks distributed through electronic communications.
Standard connection scheme for Cisco ESA in the local network are as follows:
ESA acts as an email security gateway that provides the following functions:
- Checks the reputation of the sender-lets you check real-time sender reputation using SBRS (Sender Base Reputation Score). Letters from potentially harmful senders can be blocked or subjected to additional scrutiny. Using this function over 80% of unwanted letters are eliminated. Only title of the message is checked, it helps to reduce the load on the Internet access channel.
- Antispam-produces a context analysis, which examines content of a message, build order, availability and check Web links in a message (using the SBRS). Verified spam letter is blocked or delivered to the user with the appropriate prefix.
- Outbreak filters – help to protect from zero-day attacks, due possibility of Cisco Talos analysis of more than 25% of the world’s Internet traffic. This analysis allows you to scan email traffic anomalies (e.g., mass mailing of messages with suspicious content or attachments) and automatically create and send to ESA rules that redirect abnormal messages to quarantine.
- Classic antivirus protects – massage content signature scanning. Antivirus signature databases provided by partners Sophos and McAfee.
- Malware protection (AMP) – conducts constant static or dynamic analysis, passed through ESA. Allows you to track the path of spreading malicious files online with integration with other Cisco products support AMP (WSA, NG Firewall, AMP for Endpoints).
- Data leakage prevention (DLP) – checks for the presence in outgoing content confidential personal (passport number, credit card number, etc..) and/or corporate information (internal documents).
- Encryption – provides encrypt message transfer using SSL/TLS, between e-mail security gateways, that makes impossible to read the message, even if it was intercepted on the way to the recipient.
Cisco Email Security Appliance presented as a hardware or software solutions. Licensing is done according to the number of users required functionality and the duration of the subscription.
- Cisco Email Security Inbound (ESI) – protects inbound messages by using the functions of anti-virus, antispam and Outbreak filters.
- Cisco Email Security Outbound (ESO) – protect outgoing mail using functional data leakage prevention, and encryption.
- Cisco Email Security Premium (ESP) – combines the license of ESI and ESO.
- Cisco Email Security AMP – provides the functionality of the AMP and is in addition to ESI, ESO licenses or ESP.