cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

755
Views
0
Helpful
1
Replies
sengjiunn
Beginner

Cisco ESA Questions

Hi Experts,

Need some help on following questions:

a) Can Cisco AMP Threat Grid solution install on the virtual machine and hosted on the customer premise?

b) Can Cisco ESA integrate with third party sandboxing solution beside from AMP Threat Grid?

c) How Cisco AMP cloud handle the file disposition or SHA-256 sent from the customer premise? Will it be keep in the AMP cloud for some time? And will Cisco have full visibility on the file sent from the customer premise?

d) Are Cisco ESA store all inbound and outbound messages including clean messages, spam messages, quarantined messages, suspicious messages etc? And for how long it will store both of them?

e) For encryption feature on Cisco ESA. What if the customer's digital certificate already expired, will it affect the mail flow for the customer? For example, sender unable to send out email and recipient unable to receive and open email as the digital certificate already expired.

f) For Cisco ESA with AMP. Will customer receive non disclosure agreement (NDA) from Cisco saying Cisco will not view or distribute customer information or data after they have purchase AMP feature?

Thanks & Regards,

Steven

1 REPLY 1
Mathew Huynh
Cisco Employee

Hello,

a) Can Cisco AMP Threat Grid solution install on the virtual machine and hosted on the customer premise? Are you possibly talking about the On-Premise AMP ThreatGRID appliance ? If so i think they only come as a racked appliance.

AMP ThreatGrid Appliance

b) Can Cisco ESA integrate with third party sandboxing solution beside from AMP Threat Grid?

From my knowledge, we support sandboxing with AMP ThreatGrid on the cloud, else on-premise threatgrid appliance only.

c) How Cisco AMP cloud handle the file disposition or SHA-256 sent from the customer premise? Will it be keep in the AMP cloud for some time? And will Cisco have full visibility on the file sent from the customer premise?

The file will be uploaded to the ThreatGRID servers for sandboxing, the full attachment in question for analysis will be known and seen on the ThreatGRID servers. Further reading on AMP ThreatGRID cloud Here

d) Are Cisco ESA store all inbound and outbound messages including clean messages, spam messages, quarantined messages, suspicious messages etc? And for how long it will store both of them?

All your quarantines configured on the ESA for usage for inbound and outbound (Spam and Policy quarantines) have a retention timing that is customizable for you, so there is no fixed answers. The Virus Outbreak filters Quarantine however will have a variable time of retention based on which rules it matched on outbreak filters. But you can configure a maximum retention time.

e) For encryption feature on Cisco ESA. What if the customer's digital certificate already expired, will it affect the mail flow for the customer? For example, sender unable to send out email and recipient unable to receive and open email as the digital certificate already expired.

If you're looking at the CRES Encryption which requires the purchase of a feature key. You will need to ensure a valid certificate (CA Signed) is available on the ESA otherwise it will not be able to encrypt, this is a requirement on the feature. 

f) For Cisco ESA with AMP. Will customer receive non disclosure agreement (NDA) from Cisco saying Cisco will not view or distribute customer information or data after they have purchase AMP feature?

Unfortunately I cannot answer this query, you may need to speak to your Cisco Sales Engineer to discuss this.

Regards,

Matthew