Cisco heeft een firmware-update uitgebracht voor haar Email Security Appliances, die afgekort worden tot ESA. De techniek stamt af van IronPort Systems, dat in 2007 door Cisco werd gekocht. Hoewel dat dus al meer dan een decennium geleden is, hoor je ook nog steeds de naam IronPort terugkomen voor deze appliances. Voor de ondersteunde upgrade paths is het raadzaam om de documentatie door te nemen of om contact op te nemen met Cisco's TAC. Deze firmware heet 14.0 en kent 14.0.0-692 als exact versienummer; hiermee worden ook de recente Lasso SAML SSO-problemen mee aangepakt. De lijst met vernieuwingen ziet er als volgt uit:
What’s New In This Release
Integrating Email Gateway with Cisco Secure Awareness Cloud Service The Cisco Secure Awareness cloud service allows you to effectively deploy phishing simulations, awareness training, or both to measure and report results. It empowers the security operations team to focus on real-time threats and not end-user mitigation. The Cisco Secure Awareness cloud service provides reports of repeat clickers - users who repeatedly click on any URL or attachment in messages. These users are identified via a phishing simulation campaign defined by the Cisco Secure Awareness cloud service. You can integrate your email gateway with the Cisco Secure Awareness cloud service to:
Simple Network Management Protocol (SNMP) Enhancements The following are the enhancements made to the SNMP configuration settings:
- Improve end-user awareness towards real-world phishing attacks.
- Allow email administrators to configure stringent policies for end users identified as repeat clickers.
Improved Phishing Detection in Email Gateway
- Added new SNMP MIBs for additional CES monitoring.
- Support for SNMPv3 traps:
- SNMPv3 supports all the three security levels – noAuthNoPriv, authNoPriv, and authPriv.
- When both SNMPv3 and SNMPv2 are enabled, you need to select the required version for traps.
- A new option is added under snmpconfig CLI command to select the trap version when both SNMPv2 and SNMPv3 are enabled.
Scanning Password-protected Attachments in Messages You can configure the Content Scanner in your email gateway to scan the contents of password-protected attachments in incoming or outgoing messages. The ability to scan password-protected message attachments in the email gateway helps an organization to:
- Sender Domain Reputation Filtering Enhancement: You can configure your email gateway to block messages based on the Sender Domain Reputation (SDR) verdict at the SMTP conversation level. You can enable or disable SDR verification using the Mail Flow Policy configuration settings.
- Default Scanning of URLs in Message Attachments: By default, the email gateway scans URLs in message attachments for any malicious content early in the email pipeline (before the Anti-Spam engine.) The ability to block messages based on the SDR verdict at the SMTP conversation level and default scanning of URLs in message attachments helps an organization to:
- Improve efficacy detection in phishing and domain spoofing.
- Detect phishing attacks early in the email pipeline based on the default action taken on the SDR reputation verdict.
The following languages are supported for this feature - English, Italian, Portuguese, Spanish, German, and French. You can create user-defined passphrases to open password-protected attachments in incoming or outgoing messages in any one of the following ways:
- Detect phishing campaigns that use malware as attachments in messages with password-protection to target limited cyber-attacks.
- Analyze messages that contain password-protected attachments for malicious activity and data privacy.
In this release, the Content Scanner can scan the contents of password-protected attachments for the following file types only:
- Security Services > Scan Behavior page in the web interface.
- protectedattachmentconfig command in the CLI.
New report for mail policy details A new report – Mail Policy Details is added in the new web interface of your email gateway. Use this report to view the number of messages that match a configured mail policy.
- Adobe Portable Document Format (PDF) files.
- MS Office file types:
- Word - .doc file format that supports 2002 to 2004 version and .docx file format that supports 2007 to 2016 version.
- Excel - .xls and .xlsx file formats that support 2007 to 2016 version.
- PowerPoint - .ppt or .pptx file formats that support 2007 to 2016 version.
- Archive file types - .zip format.
New Message Tracking Filter for mail policy details A new message tracking filter - Mail Policy is added in the Message Tracking > Advanced Search > Message Event option in the new web interface of your email gateway. Use this option to search for incoming or outgoing messages that match the configured mail policy name entered in the ‘Mail Policy Name’ field.
Enhanced Overview and Incoming Mail reporting pages
Enhanced Mail Flow Summary and Mail Flow Details reporting pages
Support for New Content Matching Classifiers - National Identification Numbers for Southeast Asian countries You can create a DLP policy using any one of the following new content matching classifiers - National Identification Numbers for Southeast Asian countries:
New Remediation Report Status Widget A new widget - ’Remediation Report Status’ is added when you search and remediate messages in the Message Tracking page of the new web interface of your email gateway. Use this widget to check the status of the Remediation Report generation.
- Indonesia KTP
- Malaysia MyKad
- Thailand ID
- Philippines UMID
- Singapore NRIC
Performing Remedial Actions on Messages in Cisco SecureX Threat Response In Cisco SecureX Threat Response, you can now investigate and apply the following remedial actions on messages processed by your email gateway:
Content Filter - Attachment File Info condition and Strip by Attachment File Info action Enhancements A new option - File Hash List is added in the Content Filters - “Attachment File Info” condition and “Strip by Attachment File Info” action. Use this option to configure a content filter to take action on message attachments that match a specific file SHA-256 value in the selected file hash list.
- Forward and Delete
Smart Software Licensing Enhancements AsyncOS 14.0 includes the following smart software licensing enhancements:
Security Enhancements AsyncOS 14.0 includes the following security enhancements:
- In a clustered configuration, you can now enable smart software licensing and register all the machines simultaneously with the Cisco Smart Software Manager.
- After you enabled smart software licensing and registered your email gateway with the Cisco Smart Software Manager, the Cisco Cloud Services portal is automatically enabled and registered on your email gateway.
- You can view details of the smart account created in the Cisco Smart Software Manager portal using the smartaccountinfo command in the CLI.
- If the Cisco Cloud Services certificate is expired, you can now download a new certificate from the Cisco Talos Intelligence Services portal using the cloudserviceconfig > fetchcertificate sub command in the CLI.
Support for Internationalized Domain Name (IDN) Cisco Secure Email Gateway can now receive and deliver messages with email addresses that contain IDN domains. Currently, your email gateway provides support of IDN domains for the following languages only:
- The email gateway now sends the Cisco Technical Support requests over TLS. If your SMTP server is not using TLS, the requests are sent as plain text.
- You can now configure your email gateway to send alerts over TLS. Use the following subcommand in the CLI to configure this functionality: alertconfig > SETUP > Do you want to enable TLS support to send alert messages?.
No Support for Sender Domain Age functionality post AsyncOS 14.0 Release There will be no support for the Sender Domain Age functionality post the AsyncOS 14.0 release. The Sender Domain Age functionality will be replaced with the Sender Maturity feature. Sender Maturity represents the Cisco Talos view of how mature a domain is as an email sender. The maturity value is tuned to enable threat detection regarding emails and generally does not reflect the domain age represented in “Whois-based domain age.” Sender Maturity is set to a limit of 90 days, and beyond this limit, a domain is considered mature as an email sender, and no further details is provided. Sender Maturity is used to calculate the sender reputation. Immature domains are assigned lower reputation. Cisco Talos recommends you rely on sender reputation only for determining policy actions. Sender Maturity is exposed to fine-tune filters for specific, non-standard scenarios.
- Indian Regional Languages: Hindi, Tamil, Telugu, Kannada, Marati, Punjabi, Malayalam, Bengali, Gujarati, Urdu, Assamese, Nepali, Bangla, Bodo, Dogri, Kashmiri, Konkani, Maithili, Manipuri, Oriya, Sanskrit, Santali, Sindhi, and Tulu.
- European and Asian Languages: French, Russian, Japanese, German, Ukrainian, Korean, Spanish, Italian, Chinese, Dutch, Thai, Arabic, and Kazakh.
Alert or Notification Banner for End-of-Life (EOL) or End-of-Service (EOS) AsyncOS Version or Hardware Model You will now receive an alert or notification banner message on your email gateway web interface or CLI, if your email gateway is running on an End-of-Life (EOL) or End-of-Service (EOS) AsyncOS version or hardware model.
Virtual Email Gateway Support for Amazon Web Services (AWS) You can deploy Cisco Secure Email Virtual Gateway on Amazon Elastic Compute Cloud (EC2) on Amazon Web Services (AWS). Contact your Cisco sales representative with your AWS account details (username and region) to provision an AMI image.
Support for Cloud Connector Logging The email gateway now supports a new type of log subscription - Cloud Connector Logs. Use thislog subscription to view information about Web Interaction Tracking data from Cisco Aggregator Server. Most of the information is present at the Info or Warning Level.
Enhancement for Request Retry Method of File Reputation Service You can now set the reputation query timeout value within the range of 20–30 seconds while configuring the file reputation and analysis services (Security Services > File Reputation and Analysis). The default value is 20, which is the minimum value. During the configured query timeout, the email gateway sends the file reputation queries to the AMP server. If the email gateway fails to receive response from the AMP server, it retries by sending the query again to the AMP server. The query timeout includes the time taken for the first query request and the retry request. The retry method enables the email gateway to receive responses when there are network latencies, issues related to the AMP server, and so on.
New Cisco Talos Email Status Portal The Cisco Talos Email Status Portal replaces the legacy Cisco Email Submission and Tracking Portal. The Cisco Talos Email Status Portal is a web-based tool for monitoring the status of email submissions from end-users.
Authentication Logs Enhancement You can now view the user privilege role details (for example, ‘admin,’, ‘operator,’ and so on) of the logged-in user in the authentication logs.
Office 365 or Hybrid (Graph API) Remediation Account Profile Configuration Enhancement You can now validate the client credentials for the Office 365 or Hybrid (Graph API) remediation account profile using the Client Secret value of the application generated on the Azure Management Portal. For more information, see the “Remediating Messages in Mailboxes” chapter in the user guide or online help.
New Passphrase Rule for defining login passphrases A new passphrase rule is added in your email gateway to define your login passphrase: Avoid usage of passphrases that contain three or more repetitive or sequential characters, (for example, ‘AAA@124,’ ‘Abc@123,’ and so on.)