Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
5
Helpful
3
Replies

Cisco Email Security Concerns

jinakolis
Level 1
Level 1

‎12-06-2021 03:38 AM

Hello, we're looking to enhance our email security. Management is suggesting we look into Cisco CES since we're run basically everything else Cisco here (except NetApp). We desperately need some sort of next generation threat detection that can sandbox and detect dynamic content. I've used Proofpoint in the past, but figure I should check out Cisco since that's coming from above my head.

In my own research I've read up on AMP, but it doesn't seem like it's nothing more than a reputation service and I don't like there're limits to how many messages are uploaded to ThreatGrid. Similarly, it seems like the URL protection is weak at best. Fundamentally, it seems strange URL protect is enforced only when the TOC determines the URL seems strange. The permutations and swift changing of URL based threats is something we struggle with all the time.

We have a scheduled meeting with an SME next week, but I'd figure I'd reach out to the community in hopes of finding answers to my questions.

https://19216811.cam/ https://1921681001.id/
Labels:
3 Replies 3

Ken Stieers
VIP
VIP

‎12-06-2021 04:22 AM

Regarding upload limits, what is your mail flow like?

We get about 5k messages a day and upload less than 100 a day. The ESA does a pretty good job of only uploading files with executable content.

0 Helpful

marc.luescherFRE
Spotlight
Spotlight

‎12-06-2021 09:32 AM

Look at AMP like this :

 

ESA does a very good job with pre-classification of active content, you only want active content to be sandboxed, non active content does not make sense.

 

URL protection works the same it does for Proofpoint its a reputation based service at ingest, with a proxy extension at execution.

 

Cisco is currently reworking the way the handle URL's, will be interesting to see how that impacts future Releases.

 

 

-Marc

0 Helpful

MuZeeshan28731
Level 1
Level 1

‎12-09-2021 04:12 AM

Cisco CES is good solution but heavy to manage. A lot of time required to find gaps and improve polices.  It protect well if you have Intelligent Multi-scan and advance phishing protection licenses enabled on top of basic inbound bundle. If company size is more than 3500 inbox i think then you need 500 files sandbox per day licenses. And when you calculate all above licenses, CES is going to be expensive than Mimecast. 

0 Helpful
Customers Also Viewed These Support Documents