Cisco XDR is a security platform embedded with every Cisco security product. It is cloud-native with no new technology to deploy. Cisco XDR simplifies the demands of threat protection by providing a platform that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. By connecting technology in an integrated platform, Cisco XDR delivers measurable insights, desirable outcomes, and unparalleled cross-team collaboration. Cisco XDR enables you to expand your capabilities by connecting your security infrastructure.

Integrating the Email Gateway with Cisco XDR contains the following sections:

• How to Integrate your Email Gateway with Cisco XDR

• Performing Threat Analysis using Cisco XDR Ribbon Plugin

You can integrate your email gateway with Cisco XDR, and perform the following actions in Cisco XDR:

• View and send the email data from multiple email gateways in your organization.

• Identify, investigate and remediate threats observed in the email reports, sender and target relationships, search for multiple email addresses and subject lines and message tracking.

• Block compromised users or users violating outgoing email policies.

• Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.

• Document the threats to save the investigation and enable collaboration of information among other devices.

• Block malicious domains, track suspicious observances, initiate an approval workflow or to create an IT ticket to update email policy.

You can access Cisco XDR using the following URL:

https://xdr.us.security.cisco.com/login

Cisco Secure Email Gateway provides advanced threat protection capabilities to detect, block, and remediate threats faster, prevent data loss, and secure important information in transit with end-to-end encryption. For more information on observables that can be enriched by the ESA module, go to https://xdr.us.security.cisco.com/administration/integrations, navigate to the module to integrate with Cisco XDR and click Get Started.

Cisco XDR supports a distributed set of capabilities that unify visibility, enable automation, accelerate incident response workflows, and improve threat hunting. These distributed capabilities are available in the Cisco XDR Ribbon Plugin.

For information on Installing Cisco XDR Ribbon Plugin, see https://docs.xdr.security.cisco.com/Content/Ribbon/install-ribbon-extension.htm.

For information on investigating using Cisco XDR Ribbon plugin, see https://docs.xdr.security.cisco.com/Content/Ribbon/investigate-using-ribbon-extension.htm.

Overview

You can use the Cisco Success Network (CSN) feature to send your email gateway and feature usage details to Cisco. These details are used by Cisco to identify the email gateway version and the features activated but not enabled on your email gateway.

The ability to send your email gateway and feature usage details to Cisco helps an organization to:

• Improve the effectiveness of the product in user networks by performing analytics on collected telemetry data and suggesting users with recommendations using a digital campaign.

• Improve user experience with email gateway.

The following table shows a sample data of email gateway and feature usage details sent to Cisco: