This event is a chance to review how customers of all sizes face the same daunting challenge: email is simultaneously the most important business communication tool and the leading attack vector for security breaches. Cisco Secure Email enables users to communicate securely and helps organizations combat Business Email Compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multilayered approach to security.
To participate in this event, please use the button below to ask your questions
Ask questions from Monday, February 1 to Friday, February 12, 2021
In Exchange, you will need to configure Send/Receive connectors based on the flow of traffic that you require. As an example, a Receive connector to accept mail being sent in from external > ESA > Exchange, and a send connector for outbound traffic going from Exchange > ESA > External.
For HA, it would depend on what you're referring to. The ESAs do not have any form of HA functionality builtin; however, you can configure them into a cluster to share configuration across devices. More information on that can be found here.
For actual high availability as far as mail traffic is concerned, you will want to configure DNS round-robin and/or have some form of load balancer in place within your network. Then, traffic can move between ESAs automatically if for some reason one is unreachable.
We do have AWS deployment on the roadmap; however, there is nothing available at this moment as far as a supported implementation. I believe this is currently tracking for AsyncOS 14.0 which is tentative for this/next month. However, that of course may be subject to change depending on how the Beta progresses.
You can always contact TAC for updates moving forward. It may also be helpful to keep an eye on the following links:
Best Practices? Sure we can help!
Apologies if this has been addressed in previous threads.
I have scenario whereby a partner org sends inbound mail including time based passcodes utilising a mail hosting platform (e.g amazones, mailgun, etc. Message trace shows that a number of other orgs utilise the same mail hosting platform and the sending IP's are the same. The partner org has configured SPF, DKIM and DMARC and from the mail items I have reviewed all of these mail items pass these checks where as the mail items from the other orgs do not. Currently all mail from this hosting platform are subject to SBRS (values range from 2.8 to 3.5 hourly) and as such the appropriate mail flow policy and throttling are applied.
I am looking for advice/ best practice for a way that will allow the DKIM/DMARC passed mail items to bypass the throttling and keep the others subject to policies based on SBRS value. What I don't want to happen is create a new flow policy that is applicable to all inbound mail enforcing DKIM/ DMARC check so that every mail item that fails these checks ends up in the Quarantine pool.
Best Practice for allowing DMARC passed mail items from mail hosting platform and restricting other mails based on SBRS.
I should say that our mail flow policies are as currently as out of the box and we have been using up to now the HAT exemptions to by-pass throttling so certain IP's.
Thanks in advance,
If you have a specific MTA (hostname/IP/CIDR/Etc) that you're looking to bypass throttling for, then the recommendation would be to create a custom Sender Group and Mail Flow Policy and add that host to the list of senders. Then, only that MTA will be tied to that Sender Group and Mail Flow Policy with the lesser throttling restrictions. However, if you're asking to only bypass throttling if a sender passes DMARC verification, then, that functionality is not available at this time.
Hope you can point me in the right direction, we recently selected cisco email security cloud version for our company.
We got everything installed and working, but noticed that the plugin that cisco suggested only helps cisco more then the our employees or end user. I would like to know were I can submit an enchantment suggestion for this plugin.
Cisco is so big just trying to find out were I should could start.I tried TAC but I don't think this is the right place?
Hope you're doing well. You were actually headed in the right direction - you can have TAC file an enhancement request for whichever plugin you're looking to provide enhancement recommendations for. When you open the ticket, just make sure to mention that it's an enhancement request that you're looking to file and provide the limitations of the plugin, the features that would be changed or added, and any particular visions you have for how the enhancement(s) could be added. This will help the TAC engineer file your enhancement. There's also a chance that your enhancement request already exists, but the TAC engineer working on your case will be able to let you know if it does.
I hope that helps!
I can definitely understand with there being so many paths and not knowing which to take. For your question, the best path forward will be as you had initially thought, to reach out to Cisco TAC and let them know that you wish to file an enhancement for the plugin.
Though once the enhancement is filed, TAC is out of the picture and it becomes up to our Product Management (PM) team for how any/all enhancements will be prioritized. If the enhancement is important to you and your company, then the next steps would be to reach out to your Account/Sales team and let them know that you have an enhancement you wish to prioritize, and they will then work with PM to identify the next steps.
I hope that helps.
To generate a certificate signing request from the Email Security Appliance, you'll want to pull up the GUI of the appliance and navigate to Network > Certificates. Here, create a new self-signed certificate and save the changes. From here, you'll have the option to download a Certificate Signing Request from the appliance.
I hope that helps answer your question.
Hello, thanks for this space!
quick question from an CES Customer regarding Talos email status portal.
the customer has a CES Solution with 100 domains sending all the mails from incoming and outgoing perspective through CES (tough Project I know...).
finnaly after the integration, he wants deliver to all end-users of every domain (100 separately) the Outlook plugin in order to submit any phising, Spam, graymail and so on...
The Cisco Talos Portal has change in order to receive and show this info, and right now he has no clue (neither do I) on what are the steps in order to accomplish this.
he is the IT Ciber-security manager for all this 100 domains (this kind of companies who are holded by a big one firm) and he wants to understand better how to manage this:
thanks a lot!
Thank you for reaching out. I'll do my best to provide some detailed responses to your questions below. Happy to provide any additional clarity if you need further information.