Cisco Email Security Appliance (ESA) – is solution that allows you to provide full control of email and protect corporate users from attacks distributed through electronic communications.
Standard connection scheme for Cisco ESA in the local network are as follows:
ESA acts as an email security gateway that provides the following functions:
- Checks the reputation of the sender-lets you check real-time sender reputation using SBRS (Sender Base Reputation Score). Letters from potentially harmful senders can be blocked or subjected to additional scrutiny. Using this function over 80% of unwanted letters are eliminated. Only title of the message is checked, it helps to reduce the load on the Internet access channel.
- Antispam-produces a context analysis, which examines content of a message, build order, availability and check Web links in a message (using the SBRS). Verified spam letter is blocked or delivered to the user with the appropriate prefix.
- Outbreak filters – help to protect from zero-day attacks, due possibility of Cisco Talos analysis of more than 25% of the world’s Internet traffic. This analysis allows you to scan email traffic anomalies (e.g., mass mailing of messages with suspicious content or attachments) and automatically create and send to ESA rules that redirect abnormal messages to quarantine.
- Classic antivirus protects – massage content signature scanning. Antivirus signature databases provided by partners Sophos and McAfee.
- Malware protection (AMP) – conducts constant static or dynamic analysis, passed through ESA. Allows you to track the path of spreading malicious files online with integration with other Cisco products support AMP (WSA, NG Firewall, AMP for Endpoints).
- Data leakage prevention (DLP) – checks for the presence in outgoing content confidential personal (passport number, credit card number, etc..) and/or corporate information (internal documents).
- Encryption – provides encrypt message transfer using SSL/TLS, between e-mail security gateways, that makes impossible to read the message, even if it was intercepted on the way to the recipient.
Cisco Email Security Appliance presented as a hardware or software solutions. Licensing is done according to the number of users required functionality and the duration of the subscription.
- Cisco Email Security Inbound (ESI) – protects inbound messages by using the functions of anti-virus, antispam and Outbreak filters.
- Cisco Email Security Outbound (ESO) – protect outgoing mail using functional data leakage prevention, and encryption.
- Cisco Email Security Premium (ESP) – combines the license of ESI and ESO.
- Cisco Email Security AMP – provides the functionality of the AMP and is in addition to ESI, ESO licenses or ESP.
Cisco Identity Service Engine (ISE) – is a high-performance and flexible solution for access control with context, which brings together authentication, authorization, and accounting (AAA) services, assessing the status of endpoint, profiling and access control within a single platform.
ISE has such functions like:
- Holding corporate user’s and endpoint devices authentication -provides the ability to determine what enterprise users and/or devices are allowed access to the network.
- Providing authorization to enterprise users and endpoints – determines which network resources successfully authenticated user and/or device is permitted to get Guest access– creating a temporary guest account for customers, visitors and definition of corporate network resources available to them.
- Use of personal devices by corporate users – allows users to register personal devices from which limited access to company resources will be allowed.
- Device profiling – support for built-in device profiles, as well as their creation for more flexible configuration of access policies.State Assessment of the connected devices – allows to check devices that are connected to the network to meet the requirements (for example, to the installed OS, antivirus, antivirus updates, anti-spyware, etc.) and in case of non-compliance, notify the user about it and propose necessary actions to fulfill these requirements.
- Providing AAA for network devices– providing a single place for authentication, authorization and accounting for administrators access to network equipment, without creating many local accounts and access rules on these devices.
- Platform Exchange Grid(pxGrid) – using to exchange contextual information between Cisco platforms and partners, to increase the speed of response to threats.
Cisco ISE can be represent as a hardware (as Secure Network Server ) or virtual solution. Licensing is carried out by the number of devices and functionality.
Types of licenses:
- Base – permanent license that allows authentication and authorization functionality of corporate users and devices, guest access and use of corporate users their personal devices.
- Plus – is a subscription and addition to the Base license, adds the functionality of device profiling and platform Exchange Grid (pxGrid).
- Appex – is a subscription and addition to the Base license, adds a state assessment functionality of the connected devices.
- Device Administration – a permanent license includes the ability to provide AAA for network equipment ( you need Base license for a minimum of 100 devices).