Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1102
Views
0
Helpful
1
Replies

Best practice to secure CES against Ransomware

Ahmad Saad4
Level 1
Level 1

‎09-24-2019 06:06 AM

Hi there,

 

We have Office365 is configured to use Cisco Email Security (CES) for both Inbound and Outbound mail traffic. Recently a lot of users received a spam email from *.ru domain, so we've have blacklisted that domain. I'm just wondering what's the best practice to secure and harden the CES against ransomware attacks?

Labels:
0 Helpful
1 Reply 1

pchakra2
Cisco Employee
Cisco Employee

‎09-24-2019 05:10 PM - edited ‎09-24-2019 05:11 PM

Hello Ahmad,

 

For securing the internal network via CES, it is best to have all the security engines \ features enabled. Antispam, Antivirus, Advanced Malware Protection. These 3 play a key role in detection of a malicious threat attack via email or its attachments in the new variants.

 

The Outbreak Filters will help you prevent maximum of the zero-day attacks. 

 

If most of the SPAM emails are from a definite geographical region and if thats not business relevant, you can also create content filters in the CES on the basis of Geolocation and plan the action for Quarantine the emails or any other action you desire.

The same can be created from Mail Policies --> Incoming Content Filters --> Add Filter --> Add Condition --> Geolocation --> Select the country/region as per choice.

 

Best Regards,

 

0 Helpful
Customers Also Viewed These Support Documents