Cisco heeft firmware-updates uitgebracht voor zijn Email Security Appliances, die afgekort worden tot ESA. De techniek stamt af van IronPort Systems, dat in 2007 door Cisco werd gekocht. Hoewel dat dus al meer dan een decennium geleden is, hoor je ook nog steeds de naam IronPort terugkomen voor deze appliances. Voor de ondersteunde upgrade paths is het raadzaam om de documentatie door te nemen of om contact op te nemen met Cisco's TAC. De firmwares heten 12.0 en 11.1.2 HP4 en hebben 12.0.0-419 en 11.1.2-802 als exacte versienummers. De lijst met veranderingen ziet er als volgt uit:
Release Notes for AsyncOS 12.0 for Cisco Email Security Appliances
What’s New In This Release
Changes in Behavior
- Ability to consume External Threat Feeds - You can now configure your Cisco Email Security appliance to consume external threat information in STIX format communicated over TAXII protocol.
- Filtering Messages using Sender's Domain Reputation - Cisco Sender Domain Reputation (SDR) is a cloud service that provides a reputation verdict for email messages based on a sender's domain and other attributes. This domain-based reputation analysis enables a higher spam catch rate by looking beyond the reputation of shared IP addresses, hosting or infrastructure providers, and derives verdicts based on features associated with fully qualified domain names (FQDNs) and other sender information in the SMTP conversation and message headers.
- Support for Cisco AMP Threat Grid Clustering for File Analysis
- Configuring Threshold Settings for File Analysis - You can now set the upper threshold limit for the acceptable file analysis score. The files that are blocked based on the Threshold Settings are displayed as Custom Threshold in the Incoming Malware Threat Files section of the Advanced Malware Protection report.
- Enhanced User Experience using How-Tos Widget - The How-Tos is a contextual widget that provides in-app assistance to users in the form of walkthroughs to accomplish complex tasks on your appliance. The following are the walkthroughs that are supported for this release:
- Verifying Incoming Messages using DMARC
- Verifying Incoming Messages using SPF/SIDF
- Verifying Incoming Messages using DKIM
- Enabling and Configuring Graymail Engine on the Email Security Gateway
- Enabling and Configuring Outbreak Filters on the Email Security Gateway
- Detecting macro-enabled attachments in messages
- Viewing malicious messages based on the threat name - In Message Tracking, you can now search for incoming or outgoing messages detected as malicious by the AMP engine based on the threat name.
- DNS-based Authentication of Named Entities (DANE) support for Outgoing TLS Connections - You can now securely send messages to a valid recipient domain by enabling DNS-based Authentication of Named Entities (DANE) for outgoing TLS connections on your appliance. The ability to securely send messages to a valid recipient domain helps an organization to ensure that business critical and confidential information is delivered to the intended recipient, provided the destination domain supports DANE.
- Support for Smart Software Licensing - Smart Software Licensing enables you to manage and monitor Cisco Email Security appliance licenses seamlessly. To activate Smart Software licensing, you must register your appliance with Cisco Smart Software Manager (CSSM), which is the centralized database that maintains the licensing details of all the Cisco products that you purchase and use.
- Forged Email Detection Enhancement - You can now create an exception list consisting of only full email addresses to bypass the Forged Email Detection content filter in MailPolicies > AddressLists. You can use this exception list in the Forged Email Detection rule if you want the appliance to skip email addresses from the configured content filter.
- Log Subscription enhancement - You can use the Rate Limit option to configure the maximum number of logged events in the log file, within the specified time range (in seconds). The default time range value is 10 seconds. Use the System Administration > Log Subscriptions page in the web interface or the logconfig command in CLI to set the rate limit.
- Configuring content and message filters to handle messages that skipped DMARC verification
- Ability to view or delete Cisco Content Security Management appliance connection parameters and host keys - You can now view or delete the Cisco Content Security Management appliance connection parameters and host keys in your appliance by using the smaconfig CLI command
Release Notes for AsyncOS 11.1.2 Hot Patch 4 for Cisco Email Security Appliances
- Changes in bypassing DMARC verification of messages
- Changes in using default passphrase for first login
- Changes in configuring Domain Keys/DKIM Verification
- Changes to the SMTP route configuration with the USEDNS keyword
- Handling Unscannable Messages due to decoding errors found during URL Filtering actions
- Changes in Demo Certificates
- Changes in Threshold Value for Memory Page Swapping
- Changes in Envelope Settings for Encrypted Messages
Use the Cisco Bug Search Tool to find information about known and fixed defects in this release.