Ability to deliver e-mails from CRES encrypted or dedicated TLS based on recipient?
We currently have 7500 internal users authorized to do e-mail encryption via our on-premise IronPort appliances and CRES. All is working great except for responses from external recipients. I have about 4000 users that do not want those e-mails encrypted, and want them delivered via a required TLS connection, mostly because they do not want to decrypt all of the e-mails. Well, I also have about 3500 users who want the e-mails encrypted for security reasons.
My understanding is I can either setup CRES to deliver all e-mails to my organization encrypted or all e-mails to my organization via required TLS connection. Still correct? If so, how do I resolve the above problem?
My work around is I could possibly encrypt the e-mails after they arrive at my organization for the 3500 users, but this doesn't make much sense to me as they have already traversed the internet (albeit via a TLS connection) to get to me.
Your analysis is correct, and I think your workaround (encrypting incoming replies) is the only option. Whether that is worth doing depends on why the 3500 users want the replies encrypting to their desktop. Is there some regulatory reason? Do the senders want to authenticate? Do they not trust the internal network? You will need to find the business reason behind this or convince them that is is secure enough with TLS to your gateway.
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.