Cisco
About Cisco
Cisco is a worldwide technology leader powering an inclusive future for all. It specializes in developing and delivering innovative networking solutions, including AI-powered infrastructure, secure networking, and software solutions. Key products include Silicon One, Hybrid Mesh Firewall, and Smart Switches. Its target customers include enterprises, hyperscalers, service providers, and data centers. Founded in 1984, Cisco is headquartered in the United States.
Why Notable
Cisco Secure Firewall; market leader
Sector Coverage
Feature Coverage
API / Mailbox Layer
| Cisco Secure Cloud Mailbox Defense | full | Prior brand name for the cloud API mailbox-defense product. |
|---|---|---|
| Cisco Secure Email Cloud Mailbox | full | Intermediate brand name after Cloud Mailbox Defense renaming. |
| Cisco Cloud Mailbox / Cloud Mailbox Defense | full | Legacy mailbox-defense product name family preceding Email Threat Defense. |
API mailbox architecture
| ETD / Cloud Mailbox works directly with Microsoft 365 | full | Cloud Mailbox video describes an additional layer of email security that works directly with an O365 instance. |
|---|
Armorblox / Corporate
| Armorblox acquisition completed July 14, 2023 | full | Cisco completed the Armorblox acquisition in July 2023. |
|---|---|---|
| Armorblox joined Cisco Security Business Group | full | Cisco says the Armorblox team joined the Security Business Group. |
| Armorblox contributes AI/ML and language-model capabilities | full | Cisco says Armorblox expands Cisco's AI/ML capabilities and talent for the Security Cloud. |
| Armorblox helps address product gaps in attack prediction | full | Cisco acquisition FAQ cites enhanced attack prediction as a key reason for the deal. |
| Armorblox helps with rapid threat detection | full | Cisco acquisition FAQ cites rapid threat detection as a key gap addressed. |
| Armorblox helps with adaptive policy enforcement | full | Cisco acquisition FAQ cites adaptive policy enforcement as a gap the acquisition helps address. |
Armorblox / Current suite mapping
| Armorblox not sold as standalone on current Cisco Secure Email pages | full | Current Cisco secure email pages position Armorblox as part of Cisco rather than a separate sellable email-security product. |
|---|---|---|
| Armorblox-derived capabilities appear integrated into Cisco Security portfolio | full | Cisco says Armorblox capabilities will bring GenAI-powered experiences across the Security portfolio. |
| Armorblox future inside secure email = capability infusion, not separate SKU | full | Cisco public materials emphasize absorbed AI/ML capabilities and team, while ETD pages emphasize AI/ML/NLP detections without selling Armorblox separately. |
Armorblox / Portfolio integration
| Generative AI-powered experiences from Armorblox team | full | Cisco secure-email Armorblox page says the team will bring GenAI-powered experiences to Cisco Security. |
|---|
Armorblox / Support transition
| Existing Armorblox customers kept separate support path | full | Cisco states existing Armorblox customers should continue to use Armorblox support processes until notified otherwise. |
|---|
Broader security vision
| Cloud office security beyond email | full | Cisco blog describes cloud office security across email, messaging, file-sharing, and other collaboration channels. |
|---|
Cisco Secure Email Gateway
| Multilayered email security approach | full | SEG uses multiple layers to combat BEC, ransomware, advanced malware, phishing, spam, and data loss. |
|---|---|---|
| Global threat intelligence | full | Uses Cisco Talos global threat intelligence. |
| Anti-spam catch rate >99% | full | Cisco states spam catch rate greater than 99 percent with false positives less than one in one million. |
| Complete-context anti-spam inspection | full | Antispam examines content, message construction, sender, and call-to-action destination. |
| Virus defense | full | Uses a high-performance, multilayered, multivendor approach to virus filtering. |
| Malware Defense (formerly AMP and Threat Grid) | full | Checks file reputation by SHA256 and can sandbox suspicious files. |
| File reputation lookup | full | Checks known malicious files using SHA256 lookup. |
| Sandbox file analysis | full | Performs detailed file behavior analysis for new/suspicious files. |
| URL filtering | full | Applies URL filtering, scanning URLs in emails and attachments. |
| Short URL analysis | full | Supports analysis of short URLs. |
| Open redirect URL analysis | full | Supports analysis of open redirect URLs. |
| URL rewriting for click-time protection | full | Rewriting URLs provides click-time protection for URLs benign at initial scan. |
| External Threat Feeds | full | Can pull additional threat intelligence using STIX over TAXII. |
| File metadata analysis | full | Recognizes file types and embedded macro scripts. |
| Macro detection | full | Identifies Microsoft, Adobe, and OLE macros. |
| Safe Print | full | Can transform an attachment into PDF with original content as a screenshot. |
| Outbreak filters | full | Talos-managed outbreak rules defend against emerging and viral phishing/scam threats. |
| Data Loss Prevention (DLP) | full | Protects sensitive content in outgoing email. |
| End-to-end encryption integration | full | Secure important information in transit with encryption. |
| Threat Defense Connector integration | full | SEG can integrate with ETD for advanced threat detection and protection. |
Cisco Secure Email Gateway deployment
| Cloud deployment | full | SEG can be deployed in the cloud. |
|---|---|---|
| On-premises virtual deployment | full | SEG can be deployed on-premises as a virtual machine. |
| Hybrid deployment | full | Cisco supports hybrid deployment models mixing cloud and on-premises options. |
| Inbound in cloud / outbound on-prem hybrid pattern | full | Cisco explicitly describes splitting inbound cloud and outbound on-prem control. |
| Virtual appliance on VMware/Hyper-V/KVM | full | Virtual appliances supported with multiple hypervisors. |
| AWS deployment | full | SEG virtual gateway supported on Amazon AWS. |
| Azure deployment | full | SEG virtual gateway supported on Microsoft Azure. |
Cisco Secure Email and Web Manager
| Cisco Secure Email and Web Manager | full | Centralizes updates, settings, reporting, message tracking, and quarantine management for multiple gateways. |
|---|---|---|
| Centralized reporting | full | Fully integrates reporting from multiple Secure Email Gateways. |
| Message tracking aggregation | full | Aggregates data by sender, recipient, subject, and scanning verdicts. |
| Consolidated quarantines | full | Consolidates email security quarantines into a single repository. |
| Enforce consistent acceptable use policies | full | Centralized management helps standardize policies across appliances. |
Classic / Gateway Layer
| Cisco Secure Email Gateway | full | Current brand name for the former Cisco Email Security Appliance (ESA). |
|---|---|---|
| Cisco Email Security Appliance (ESA) | full | Legacy/product-family name for the appliance-based gateway line; rebranded to Cisco Secure Email Gateway. |
| IronPort heritage | full | Cisco support pages and older documentation still reference IronPort for legacy ESA context. |
Commercial / SKU mapping
| Email Threat Defense is orderable under ETD-SEC-SUB | full | EoL bulletin states Email Threat Defense is the new brand name/orderable replacement for Cloud Mailbox Defense SKUs. |
|---|
Commercial / legal mapping
| Offer description includes legacy names | full | Secure Email offer description lists Secure Email Threat Defense as formerly Cloud Mailbox Defense and APP as formerly Advanced Phishing Protection. |
|---|
Current Cloud-Scale Platform Layer
| Cisco Secure Email Threat Defense | full | Current product name for the cloud-scale advanced email security layer formerly known as Cisco Cloud Mailbox. |
|---|
Current ETD positioning
| Backed by two decades of gateway expertise | full | ETD at-a-glance says ETD is now a gateway solution backed by 20+ years of gateway expertise. |
|---|---|---|
| ETD now a gateway solution | full | Cisco explicitly says Email Threat Defense is now a gateway solution. |
| ETD unifies inline gateway and API deployment modes | full | Cisco says ETD Advantage unifies inline gateway and API deployment modes in one console. |
| Cloud-scale AI detections | full | Cisco positions ETD as a singular, continuously evolving platform driven by cloud-scale AI detections. |
Encryption Service
| Cisco Secure Email Encryption Service | full | Formerly Cisco Registered Envelope Service; provides enhanced security and reliable controls for email. |
|---|---|---|
| Policy-triggered encryption | full | Encryption can be triggered by policy or by DLP tools. |
| HTML-envelope wrapping | full | Cisco wraps encrypted email in an HTML envelope for delivery. |
| Envelope Storage | full | When enabled, the key and message are stored temporarily in the service. |
| Any-device secure-message access | full | Recipients can open the message on any device. |
| Two-step verification | full | Helps ensure the intended recipient is registered and authenticated. |
| No special software required for recipients | full | Encrypted payload can be decrypted by recipients without special software. |
| Easy Open | full | Provides a consistent user experience for opening secure messages on any device. |
| Read receipts | full | Delivers read receipts to senders when recipients open messages. |
| Recall / terminate emails | full | Senders can recall/terminate emails by expiring the decryption key. |
| Expiration dates on secure messages | full | Senders can set an expiration date after which content is inaccessible. |
| Forward / Reply / Reply All controls | full | Senders or policy can allow or disable forward and reply actions. |
| Outlook integration for encryption | full | Cisco offers Outlook plugin and add-in for secure email encryption. |
Gateway / API
| AsyncOS API | full | Secure Email supports API programming for Secure Email Gateway and Secure Email and Web Manager. |
|---|---|---|
| Gateway programming guides | full | AsyncOS 13.x and newer support Secure Email Gateway programming guides. |
Gateway / Anti-spam
| IronPort Anti-spam scanning profile | full | Legacy IronPort anti-spam scanning profile feature area remains in docs navigation. |
|---|
Gateway / AsyncOS
| Threat Scanner for HTML threats | full | Threat Scanner introduced threat detection for incoming HTML threats and spam positives. |
|---|---|---|
| ThreatScanner Spam Positive verdict | full | Mail logs include a ThreatScanner Spam Positive verdict. |
| Recommended quarantine for ThreatScanner Spam Positive | full | Recommended anti-spam policy action is Quarantine. |
| URL Retrospective Verdict and URL Remediation | full | URLs with unknown reputation can later turn malicious and trigger auto-remediation. |
Gateway / AsyncOS 15.5.1
| Per-policy Threat Defense Connector configuration | full | Newer AsyncOS allows configuring Threat Defense Connector for each incoming mail policy. |
|---|---|---|
| Large DKIM verification key support | full | Supports 3072-bit and 4096-bit DKIM verification keys. |
| TLS 1.3 support | full | AsyncOS 15.5.1 adds TLS 1.3 support for SSL services. |
Gateway / ETD integration
| Threat Defense Connector | full | Connector sends a copy of the message to ETD for advanced phishing and spoofing scans. |
|---|---|---|
| Threat Defense Connector via GUI | full | Can be enabled in the web UI under Security Services > Threat Defense Connector. |
| Threat Defense Connector via CLI | full | Can be enabled using the threatdefenseconfig CLI command. |
Gateway / Investigation
| Cisco Threat Response pivot menu / casebook | full | ESA and SMA allow pivoting observables to CTR for more risk context. |
|---|
Gateway / Operations
| Single Log Line (SLL) | full | AsyncOS feature area surfaced in docs for consolidated logging. |
|---|---|---|
| NGESA | full | Legacy/new-generation ESA feature area exposed in docs navigation. |
Gateway / Post-delivery response
| Mailbox Auto Remediation (MAR) | full | Uses AMP/File Reputation and File Analysis retrospective verdicts to auto-remediate mailbox messages when verdicts change. |
|---|---|---|
| Retrospective malware remediation | full | If a file turns malicious after delivery, the appliance can take auto-remedial action in the mailbox. |
Historic architecture distinction
| Hosted Cloud Email Security = ESA and SMA hosted by Cisco | full | Cisco community post describes Cloud Email Security as hosted ESAs and an SMA, with MX records pointed to Cisco. |
|---|
Historic rebrand
| Cloud Mailbox Defense renamed to Secure Email Cloud Mailbox | full | Earlier release notes announced the CMD-to-Cisco Secure Email Cloud Mailbox rename. |
|---|
Historic support taxonomy
| Cisco Cloud Email Security product series still exists in support taxonomy | full | Cisco support still has a Cloud Email Security series page while current branding uses Secure Email Cloud Gateway. |
|---|---|---|
| Cisco Secure Email Gateway support page still references IronPort | full | Cisco support page explicitly mentions Cisco IronPort Email Security Appliances. |
Hosted Gateway
| Cisco Secure Email Cloud Gateway | full | Hosted service solution formerly known as Cisco Cloud Email Security. |
|---|---|---|
| Cloud Gateway and on-prem Gateway run same AsyncOS versions | full | Cisco docs state both SEG and Cloud Gateway run the same AsyncOS release versions. |
| Cloud Gateway monitored by Cisco Operations | full | Cisco Operations team provides proactive monitoring of CES instances. |
| Cloud Gateway status page | full | Status of CES environment is available on a published status page. |
| Cloud Gateway signature/services updates status page | full | Status of email services such as signature updates is published separately. |
| Cloud Gateway quick-start administration | full | Quick-start guide leads through setup and administration of Secure Email Cloud Gateway. |
| Configure RELAYLIST at HAT | full | Outbound through Cloud Email Security requires adding sender IP/FQDN to RELAYLIST in Host Access Table. |
| Host Access Table (HAT) configuration | full | HAT configuration is used for outbound mail flow setup. |
| Microsoft 365 integration guide | full | Cloud Gateway docs include a guide for Microsoft 365-managed email. |
| Google Workspace integration guide | full | Cloud Gateway docs include a guide for Google Workspace/Gmail-managed email. |
| Cloud-only AsyncOS release model | full | AsyncOS 14.3 is described as a cloud-only release pushed to all Cloud Gateway customers. |
| Gold Config / best practices baseline | full | Cisco provisions new Cloud Gateway and Manager instances with Gold Config best practices. |
| Preconfigured mail policies, rules, dictionaries | full | Gold Config includes preconfigured mail policies, rules, dictionaries, and more. |
| On-prem to cloud migration guide | full | Cisco provides guidance for migrating on-prem gateways to Cloud Gateway. |
| Direct upgrade from older AsyncOS to cloud is possible | full | Migration FAQ says older on-prem AsyncOS versions can migrate directly to cloud, though upgrades may take longer. |
| Maximum two interfaces/listeners | full | Cloud Gateway supports a maximum of two interfaces/listeners. |
| Cloud and on-prem clustering constraints | full | AMI FAQ states Cloud ESA cannot be clustered with AMI deployment. |
Hosted Gateway / Operations
| CLI access for CES customers | full | CES docs include customer CLI access topics. |
|---|
Hosted Gateway Layer
| Cisco Secure Email Cloud Gateway | full | Current brand name for the formerly Cisco Cloud Email Security (CES) hosted gateway service. |
|---|---|---|
| Cisco Cloud Email Security (CES) | full | Previous name for Cisco Secure Email Cloud Gateway. |
Licensing
| Secure Email Essentials bundle | full | Includes anti-spam, sender domain reputation, URL filtering, outbreak filters, antivirus, and malware defense/analytics. |
|---|---|---|
| Secure Email Advantage bundle | full | Adds additional modern threat-defense capabilities on top of Essentials. |
Licensing / Base features
| Anti-spam, sender domain reputation, and URL filtering | full | Base software features in Cisco Secure Email licensing. |
|---|---|---|
| Outbreak filters | full | Base software feature for rapidly recognizing and quarantining threats. |
| Antivirus | full | Provides first-layer antivirus engine for email scanning. |
| Secure Email malware defense and analytics | full | Included in both Essentials and Advantage bundles. |
Management Layer
| Cisco Secure Email and Web Manager | full | Current brand name for the formerly Cisco Security Management Appliance (SMA). |
|---|---|---|
| Cisco Security Management Appliance (SMA) | full | Legacy name for the centralized management plane, now Secure Email and Web Manager. |
Manager / API
| Manager programming guides | full | AsyncOS 12.x and newer support Secure Email and Web Manager programming guides. |
|---|
Manager / Operations
| NGSMA | full | Legacy/new-generation SMA feature area exposed in docs navigation. |
|---|
Portfolio
| Cisco Secure Email | full | Cisco's broader secure email portfolio spanning gateway, threat defense, encryption, and related services. |
|---|
Rebrand / Migration
| Cloud Mailbox Defense renamed to Email Threat Defense | full | Cisco formally announced that Email Threat Defense is the new brand name for Cisco Secure Cloud Mailbox Defense. |
|---|
Secure Email Integrations
| Phishing submission add-in integration | full | Integrations Corner references Cisco Phishing Submission add-in as a required component in workflows. |
|---|---|---|
| Splunk Attack Analyzer integration | full | Security mailbox monitor flow uses Splunk Attack Analyzer. |
| Cisco XDR integration | full | Security mailbox monitor flow can open incidents in Cisco XDR. |
| Security Mailbox Monitor workflow | full | Integration allows reported messages to be analyzed and turned into incidents for analysts. |
| MS Graph API integration in workflows | full | Integrations Corner includes Microsoft Graph API as a required component. |
Secure Email Threat Defense
| Cloud-scale, AI-driven gateway capabilities | full | Harness cloud-scale AI in a unified platform and reduce traditional appliance limitations. |
|---|---|---|
| Comprehensive pre-delivery threat protection | full | Stops email threats before they reach the mailbox. |
| Unified and flexible platform | full | Unifies inline gateway and API deployment modes into a single console. |
| Simplified management and robust security | full | Streamlines maintenance and accelerates email security operations. |
| Cloud-focused email security platform | full | Cisco says ETD fortifies existing cloud email security investments. |
| Multiple detection engines across different portions of email | full | ETD uses multiple detection engines that simultaneously evaluate different parts of inbound email. |
| Natural language processing in threat detection | full | ETD uses AI/ML models including natural language processing. |
| Component of XDR strategy | full | Cisco positions ETD as a critical component of an extended detection and response strategy. |
| Part of User Protection Suite | full | Cisco says ETD is part of the User Protection Suite. |
| Part of Breach Protection Suite | full | Cisco says ETD is part of the Breach Protection Suite. |
| Integrated with Microsoft 365 for inbound/outbound/internal visibility | full | Docs say ETD is fully integrated into Microsoft 365 for complete visibility into inbound, outbound, and internal messages. |
| Built on modern, open APIs | full | Docs say ETD is built on open APIs for flexible integration. |
| Designed to augment Microsoft 365 with Talos | full | ETD augments native Microsoft 365 security with Cisco Talos intelligence. |
Secure Email Threat Defense / Microsoft 365 integration
| Microsoft Graph Mail.Read | full | Read-only access to view and download email and email read status. |
|---|---|---|
| Microsoft Graph Mail.ReadWrite | full | Read/write access used for view/download, on-demand remediation, and automated remediation. |
| Microsoft Graph Organization.Read.All | full | Used to acquire the list of domains to protect. |
| Microsoft Graph User.Read.All | full | Used to obtain organizational hierarchy and user properties for impersonation detections. |
| On-demand remediation | full | Enabled through Mail.ReadWrite permissions. |
| Automated remediation | full | Enabled through Mail.ReadWrite permissions. |
Secure Email Threat Defense API
| Searchable message data via ETD API | full | Message Search API helps users get message information available in the ETD UI and filter on parameters. |
|---|---|---|
| Programmatic report/dashboard access | full | ETD API enables partners and customers to programmatically access and consume data in a scalable manner. |
Secure Email Threat Defense Advantage
| Pre-delivery threat prevention | full | Advantage adds explicit pre-delivery protection. |
|---|---|---|
| Post-delivery remediation via APIs | full | Advantage unifies post-delivery remediation via APIs. |
| Full visibility of email in one console | full | Advantage includes full email visibility in a streamlined console. |
| Standalone gateway mode in ETD | full | ETD can operate as a standalone email security gateway. |
| Advanced phishing and spoofing improvements from gateway mode | full | Cisco says gateway enhancement improves protection against phishing and spoofing. |
Secure Email Threat Defense Essentials
| Identifies malicious techniques used in attacks targeting your organization | full | Core Essentials feature. |
|---|---|---|
| Derives context for specific business risks | full | Core Essentials feature. |
| Searchable threat telemetry | full | Core Essentials feature. |
| Threat categorization by organizational vulnerability | full | Categorizes threats to understand which parts of the organization are most vulnerable. |
| Talos threat intelligence integration | full | Integrates Cisco Talos threat intelligence for broader and deeper threat data. |