Cisco heeft een firmware-update uitgebracht voor haar Email Security Appliances, die afgekort worden tot ESA. De techniek stamt af van IronPort Systems, dat in 2007 door Cisco werd gekocht. Hoewel dat dus al meer dan een anderhalf decennium geleden is, hoor je ook nog steeds de naam IronPort terugkomen voor deze appliances. Voor de ondersteunde upgrade paths is het raadzaam om de documentatie door te nemen of om contact op te nemen met Cisco's TAC. Deze firmware heet 15.5.2 en kent 15.5.2-018 als exact versienummer. De lijst met vernieuwingen ziet er als volgt uit:
What’s New in AsyncOS 15.5.2-018
Transitioning from SecureX to XDR
Cisco SecureX is transitioning to an enhanced and more robust platform, Cisco XDR (Extended Detection and Response). As part of this transition, it is essential to integrate your Secure Email Gateway with the new XDR platform.What’s New In AsyncOS 15.5.1-055
Identifying Messages that Violate End-Of-Message RFC Standard
Your email gateway now identifies and filters the messages that violate the end-of-message RFC standard (that is, <CRLF.CRLF>) to detect threats. When email gateway receives a message with an invalid end-of-message sequence, it adds an X-Ironport-Invalid-End-Of-Message Extension Header (X-Header) to all message IDs (MIDs) within that connection until a message that complies with the end-of-message RFC standard is received. You can configure policies in content filters to perform necessary actions on these messages.
Restarting API Server through CLI
You can now restart the API server using a new CLI subcommand - API_SERVER. You can use the API_SERVER subcommand to restart and view the status of the API server. The API_SERVER subcommand is added under the diagnostic > SERVICES subcommand.
Monitoring Vault Service and Sending Alerts
Your email gateway now monitors the Vault service and keeps track of its status, whether it is initialized or not. It also sends appropriate alert messages and logs status information into error_logs.
Configuring Threat Scanner for Threat Detection
In the AsyncOS 15.0 release, the Threat Scanner feature was introduced to detect threats on incoming messages. In this release, you could not directly configure Threat Scanner to detect threats and it was configured in the back end. From this release onwards, you can configure Threat Scanner to detect incoming threats on your email gateway. You can enable or disable Threat Scanner for each incoming mail policy. When you enable Threat Scanner, it scans the incoming messages and influences the Anti-Spam verdict.
Including Additional Attributes for Improved Efficacy of SDR Service
Your email gateway now includes the Additional Attributes (Display name and the complete email address - Username, and Domain) by default as part of telemetry data sent to Cisco TAC for reputation analysis to enhance the efficacy of the Sender Domain Reputation (SDR) service. When the administrator logs into the email gateway, you will receive a warning message informing that the Include Additional Attributes option in SDR is enabled by default so that telemetry data includes the processing of personal data.
C5 Nitro-Instance Support for AWS
From the AsyncOS 15.5.1 release onwards, your email gateway supports c5.4xlarge EC2 instance type for the C600V model deployed through AWS.
Mandatory Usage of Cisco Smart Software Licensing for On-Premises Users
The Cisco Smart Software Licensing usage is mandatory from this release (all releases post AsyncOS 15.0 release) for Cisco Secure Email Gateway.
Configure Threat Defense Connector for individual incoming mail policies
You can now configure Threat Defense Connector for each incoming mail policy. To use this feature, you must have configured and enabled the Threat Defense Connector in your Secure Email Gateway. Go to Mail Policies > Incoming Mail Policies to enable or disable Threat Defense Connector for individual mail policies.
Support of Large Key Size Values for DKIM Verification
You can use the following large key size values for DKIM verification in your email gateway:
• 3072 key bits size
• 4096 key bits size
No Support for 512 and 768 Key Size Values in New DKIM Verification profile
From this release onwards, the 512 and 768 key bits size values are no longer supported when you create a new DKIM verification profile.
TLS 1.3 Support for SSL Services
You can now configure TLS 1.3 for the following TLS services in your email gateway:
• GUI HTTPS
• Inbound SMTP
• Outbound SMTP
The email gateway only supports the following TLS ciphers when you configure TLS 1.3 for the “GUI HTTPS,” “Inbound SMTP,” and “Outbound SMTP” TLS services:
• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
Note The email gateway does not allow you to modify the ciphers used for TLS 1.3.
After you configure TLS 1.3, you can use it for TLS communication across the legacy or new web interfaces of your email gateway and the API services.
Obtaining File Hash Lists, RAT, SMTP Routes, Save and Load Configuration, Address List, and Incoming Mail Policy Users Information using AsyncOS APIs
You can now obtain information about File Hash Lists, Recipient Access Table (RAT) entries, SMTP Routes, Save and Load Configuration, Address List, and Incoming Mail Policy Users information in your email gateway using AsyncOS APIs.
Enforcing TLS for Outgoing Messages at Sender or Recipient Level
The existing Destination Controls configuration allows you to override the TLS modes (such as TLS Mandatory, TLS Preferred, and so on) on a per-domain basis. If you need to enforce TLS for outgoing messages based on additional conditions such as – senders, recipients, and so on, you can now use the X-ESA-CF-TLS-Mandatory header. You can configure the “Content Filter – Add/Edit Header” action to add the X-ESA-CF-TLS-Mandatory header in the “Header Name:” field based on any content filter conditions and attach the content filter to an outgoing mail policy.
Scanning Password-Protected Attachments in Messages
You can configure the Content Scanner in your email gateway to scan the contents of password-protected attachments in incoming or outgoing messages. The ability to scan password-protected message attachments in the email gateway helps an organization to:
• Detect phishing campaigns that use malware as attachments in messages with password-protection to target limited cyber-attacks.
• Analyze messages that contain password-protected attachments for malicious activity and data privacy.
The following languages are supported for this feature - English, Italian, Portuguese, Spanish, German, French, Japanese, and Korean.
Region-based Polling for URL Retrospective Service
You can configure the URL Retrospective Service region to which the Secure Email Gateway connects for verdict updates. The Secure Email Gateway ESA can update the Retrospective Service regions and associated end-point URLs.
File Analysis Server Region Enhancement
From this release onwards, the File Analysis Server region supports two new regions - Australia and Canada.
