What's New in AsyncOS 12.5
Feature |
Description |
||
---|---|---|---|
New Hardware Support |
The AsyncOS 12.5 release for Cisco Email Security appliances supports the following hardware models:
For more information, see https://www.cisco.com/c/en/us/products/collateral/security/cloud-email-security/datasheet_c22-739910.html. |
||
Improved Advanced Malware Protection (AMP) Quarantine Management |
During the AMP engine scanning process, an attachment that receives an unknown verdict from the File Reputation service is sent for a pre-classification check and file analysis. During the pre-classification check phase, the message is now stored locally in your Email Security appliance and then sent to the Centralized Quarantine only when the attachment is sent for a complete file analysis. This improves the performance and reduces the overall load on the centralized quarantine. |
||
Ability to consume External Threat Feeds |
You can now configure your Cisco Email Security appliance to consume external threat information in STIX format communicated over TAXII protocol. The ability to consume external threat information in the Cisco Email Security appliance, helps an organization to:
If you are using the Classic licensing mode and you do not have an External Threat Feeds feature key, you must contact the Cisco Global Licensing Operations (GLO) team to obtain the feature key as follows:
For more information, see Configuring Email Gateway to Consume External Threat Feeds and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. |
||
Filtering Messages using Sender’s Domain Reputation |
Cisco Sender Domain Reputation (SDR) is a cloud service that provides a reputation verdict for email messages based on a sender’s domain and other attributes The domain-based reputation analysis enables a higher spam catch rate by looking beyond the reputation of shared IP addresses, hosting or infrastructure providers, and derives verdicts based on features associated with fully qualified domain names (FQDNs) and other sender information in the SMTP conversation and message headers. For more information about SDR, contact Cisco Talos Security Intelligence and Research Group (Talos) at https://www.talosintelligence.com. For more information, see Sender Domain Reputation Filtering and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.. |
||
Viewing malicious messages based on the threat name |
In Message Tracking, you can now search for incoming or outgoing messages detected as malicious by the AMP engine based on the threat name. For more information, see Tracking Messages. |
||
Enhancing User Experience using How-Tos Widget |
The How-Tos is a contextual widget that provides in-app assistance to user in the form of walkthroughs to accomplish complex tasks on your appliance.
For more information, see the Accessing the Appliance and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. |
||
Support for Cisco AMP Threat Grid Clustering for File Analysis |
You can now add standalone or clustered Cisco AMP Threat Grid appliances for file analysis in any one of the following ways:
|
||
Configuring Threshold Settings for File Analysis |
You can now set the upper threshold limit for the acceptable file analysis score. The files that are blocked based on the Threshold Settings are displayed as Custom Threshold in the Incoming Malware Threat Files section of the Advanced Malware Protection report. For more information, see File Reputation Filtering and File Analysis. |
||
Viewing malicious messages based on the threat name |
In Message Tracking, you can now search for incoming or outgoing messages detected as malicious by the AMP engine based on the threat name. For more information, see Tracking Messages. |
||
DNS-based Authentication of Named Entities (DANE) support for Outgoing TLS Connections |
You can now securely send messages to a valid recipient domain by enabling DNS-based Authentication of Named Entities (DANE) for your outgoing TLS connections on your appliance. The ability to securely send messages to the valid recipient domain helps an organization to ensure that business critical and confidential information is delivered to the intended recipient, provided the destination domain supports DANE. For more information, see Encrypting Communication with Other MTAs. |
||
Support for Smart Software Licensing |
Smart Software Licensing enables you to manage and monitor Cisco Email Security appliance licenses seamlessly. To activate Smart Software licensing, you must register your appliance with Cisco Smart Software Manager (CSSM), which is the centralized database that maintains the licensing details of all the Cisco products that you purchase and use. The following are the advantages when you switch from the Classic Licensing mode to the Smart Licensing mode on your appliance:
For more information, see System Administration and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. |
||
Forged Email Detection |
You can now create an exception list consisting of only full email addresses to bypass the Forged Email Detection content filter in Mail Policies > Address List. You can use this exception list in the Forged Email Detection rule if you want the appliance to skip email addresses from the configured content filter. For more information, see the “Content Filters” chapter in the user guide. |
||
Log Subscription Enhancement |
You can use the Rate Limit option to configure the maximum number of logged events in the log file, within the specified time range (in seconds). The default time range value is 10 seconds. Use the System Administration > Log Subscriptions page in the web interface or the logconfig command in CLI to set the rate limit. For more information, see the “Logging” chapter in the user guide. |
||
Configuring content and message filters to handle messages that skipped DMARC verification |
You can configure your appliance to take actions on the messages that skipped the DMARC verification. Use the following settings in the Other Header content filter to categorize the messages that skipped the DMARC verification:
The following is an example of a message filter rule syntax that is used to categorize a message that skipped the DMARC verification: Quarantine_messages_DMARC_skip: if(header("X-Ironport-Dmarc-Check-Result") == "^validskip$") { quarantine("Policy"); } For more information on the header values used in the content and message filters, contact Cisco TAC. |
||
Ability to view or delete Cisco Content Security Management appliance connection parameters and host keys |
You can now view or delete the Cisco Content Security Management appliance connection parameters and host keys in your appliance
by using the |
||
Intelligent Multi-Scan Enhancement |
Intelligent Multi-Scan (IMS) is a high performant multi-layer anti-spam solution. Email Security appliance provides an updated IMS engine with this release. This engine has a different combination of anti-spam engines that can increase the spam catch rates. To use the updated IMS engine, you must add the IMS feature key and accept the license in your appliance. For the existing IMS users, all the mail policies for IMS are migrated to work seamlessly with the updated IMS engine. For more information, see Managing Spam and Graymail. |
||
Minimum Scores for Entity-based Rules of Custom Classifiers for Custom DLP Policies |
You can now use the recommended minimum scores or choose to override the minimum score for entity-based rules, when you create custom classifiers for custom DLP policies. You can use the minimum score for an entity-based rule instead of the configured weight of the rule. The minimum score differentiates the partial and the full matches, and calculates the score accordingly. This helps in reducing the number of false positives and false negatives. To configure the minimum score:
For more information, see Data Loss Prevention. |