Loading...
Cisco logo

Cisco

cisco.com ↗ Enterprise 2 sectors

About Cisco

Cisco is a worldwide technology leader powering an inclusive future for all. It specializes in developing and delivering innovative networking solutions, including AI-powered infrastructure, secure networking, and software solutions. Key products include Silicon One, Hybrid Mesh Firewall, and Smart Switches. Its target customers include enterprises, hyperscalers, service providers, and data centers. Founded in 1984, Cisco is headquartered in the United States.

Why Notable

Cisco Secure Firewall; market leader

Sector Coverage

Feature Coverage

API / Mailbox Layer

Cisco Secure Cloud Mailbox Defense full Prior brand name for the cloud API mailbox-defense product.
Cisco Secure Email Cloud Mailbox full Intermediate brand name after Cloud Mailbox Defense renaming.
Cisco Cloud Mailbox / Cloud Mailbox Defense full Legacy mailbox-defense product name family preceding Email Threat Defense.

API mailbox architecture

ETD / Cloud Mailbox works directly with Microsoft 365 full Cloud Mailbox video describes an additional layer of email security that works directly with an O365 instance.

Armorblox / Corporate

Armorblox acquisition completed July 14, 2023 full Cisco completed the Armorblox acquisition in July 2023.
Armorblox joined Cisco Security Business Group full Cisco says the Armorblox team joined the Security Business Group.
Armorblox contributes AI/ML and language-model capabilities full Cisco says Armorblox expands Cisco's AI/ML capabilities and talent for the Security Cloud.
Armorblox helps address product gaps in attack prediction full Cisco acquisition FAQ cites enhanced attack prediction as a key reason for the deal.
Armorblox helps with rapid threat detection full Cisco acquisition FAQ cites rapid threat detection as a key gap addressed.
Armorblox helps with adaptive policy enforcement full Cisco acquisition FAQ cites adaptive policy enforcement as a gap the acquisition helps address.

Armorblox / Current suite mapping

Armorblox not sold as standalone on current Cisco Secure Email pages full Current Cisco secure email pages position Armorblox as part of Cisco rather than a separate sellable email-security product.
Armorblox-derived capabilities appear integrated into Cisco Security portfolio full Cisco says Armorblox capabilities will bring GenAI-powered experiences across the Security portfolio.
Armorblox future inside secure email = capability infusion, not separate SKU full Cisco public materials emphasize absorbed AI/ML capabilities and team, while ETD pages emphasize AI/ML/NLP detections without selling Armorblox separately.

Armorblox / Portfolio integration

Generative AI-powered experiences from Armorblox team full Cisco secure-email Armorblox page says the team will bring GenAI-powered experiences to Cisco Security.

Armorblox / Support transition

Existing Armorblox customers kept separate support path full Cisco states existing Armorblox customers should continue to use Armorblox support processes until notified otherwise.

Broader security vision

Cloud office security beyond email full Cisco blog describes cloud office security across email, messaging, file-sharing, and other collaboration channels.

Cisco Secure Email Gateway

Multilayered email security approach full SEG uses multiple layers to combat BEC, ransomware, advanced malware, phishing, spam, and data loss.
Global threat intelligence full Uses Cisco Talos global threat intelligence.
Anti-spam catch rate >99% full Cisco states spam catch rate greater than 99 percent with false positives less than one in one million.
Complete-context anti-spam inspection full Antispam examines content, message construction, sender, and call-to-action destination.
Virus defense full Uses a high-performance, multilayered, multivendor approach to virus filtering.
Malware Defense (formerly AMP and Threat Grid) full Checks file reputation by SHA256 and can sandbox suspicious files.
File reputation lookup full Checks known malicious files using SHA256 lookup.
Sandbox file analysis full Performs detailed file behavior analysis for new/suspicious files.
URL filtering full Applies URL filtering, scanning URLs in emails and attachments.
Short URL analysis full Supports analysis of short URLs.
Open redirect URL analysis full Supports analysis of open redirect URLs.
URL rewriting for click-time protection full Rewriting URLs provides click-time protection for URLs benign at initial scan.
External Threat Feeds full Can pull additional threat intelligence using STIX over TAXII.
File metadata analysis full Recognizes file types and embedded macro scripts.
Macro detection full Identifies Microsoft, Adobe, and OLE macros.
Safe Print full Can transform an attachment into PDF with original content as a screenshot.
Outbreak filters full Talos-managed outbreak rules defend against emerging and viral phishing/scam threats.
Data Loss Prevention (DLP) full Protects sensitive content in outgoing email.
End-to-end encryption integration full Secure important information in transit with encryption.
Threat Defense Connector integration full SEG can integrate with ETD for advanced threat detection and protection.

Cisco Secure Email Gateway deployment

Cloud deployment full SEG can be deployed in the cloud.
On-premises virtual deployment full SEG can be deployed on-premises as a virtual machine.
Hybrid deployment full Cisco supports hybrid deployment models mixing cloud and on-premises options.
Inbound in cloud / outbound on-prem hybrid pattern full Cisco explicitly describes splitting inbound cloud and outbound on-prem control.
Virtual appliance on VMware/Hyper-V/KVM full Virtual appliances supported with multiple hypervisors.
AWS deployment full SEG virtual gateway supported on Amazon AWS.
Azure deployment full SEG virtual gateway supported on Microsoft Azure.

Cisco Secure Email and Web Manager

Cisco Secure Email and Web Manager full Centralizes updates, settings, reporting, message tracking, and quarantine management for multiple gateways.
Centralized reporting full Fully integrates reporting from multiple Secure Email Gateways.
Message tracking aggregation full Aggregates data by sender, recipient, subject, and scanning verdicts.
Consolidated quarantines full Consolidates email security quarantines into a single repository.
Enforce consistent acceptable use policies full Centralized management helps standardize policies across appliances.

Classic / Gateway Layer

Cisco Secure Email Gateway full Current brand name for the former Cisco Email Security Appliance (ESA).
Cisco Email Security Appliance (ESA) full Legacy/product-family name for the appliance-based gateway line; rebranded to Cisco Secure Email Gateway.
IronPort heritage full Cisco support pages and older documentation still reference IronPort for legacy ESA context.

Commercial / SKU mapping

Email Threat Defense is orderable under ETD-SEC-SUB full EoL bulletin states Email Threat Defense is the new brand name/orderable replacement for Cloud Mailbox Defense SKUs.

Commercial / legal mapping

Offer description includes legacy names full Secure Email offer description lists Secure Email Threat Defense as formerly Cloud Mailbox Defense and APP as formerly Advanced Phishing Protection.

Current Cloud-Scale Platform Layer

Cisco Secure Email Threat Defense full Current product name for the cloud-scale advanced email security layer formerly known as Cisco Cloud Mailbox.

Current ETD positioning

Backed by two decades of gateway expertise full ETD at-a-glance says ETD is now a gateway solution backed by 20+ years of gateway expertise.
ETD now a gateway solution full Cisco explicitly says Email Threat Defense is now a gateway solution.
ETD unifies inline gateway and API deployment modes full Cisco says ETD Advantage unifies inline gateway and API deployment modes in one console.
Cloud-scale AI detections full Cisco positions ETD as a singular, continuously evolving platform driven by cloud-scale AI detections.

Encryption Service

Cisco Secure Email Encryption Service full Formerly Cisco Registered Envelope Service; provides enhanced security and reliable controls for email.
Policy-triggered encryption full Encryption can be triggered by policy or by DLP tools.
HTML-envelope wrapping full Cisco wraps encrypted email in an HTML envelope for delivery.
Envelope Storage full When enabled, the key and message are stored temporarily in the service.
Any-device secure-message access full Recipients can open the message on any device.
Two-step verification full Helps ensure the intended recipient is registered and authenticated.
No special software required for recipients full Encrypted payload can be decrypted by recipients without special software.
Easy Open full Provides a consistent user experience for opening secure messages on any device.
Read receipts full Delivers read receipts to senders when recipients open messages.
Recall / terminate emails full Senders can recall/terminate emails by expiring the decryption key.
Expiration dates on secure messages full Senders can set an expiration date after which content is inaccessible.
Forward / Reply / Reply All controls full Senders or policy can allow or disable forward and reply actions.
Outlook integration for encryption full Cisco offers Outlook plugin and add-in for secure email encryption.

Gateway / API

AsyncOS API full Secure Email supports API programming for Secure Email Gateway and Secure Email and Web Manager.
Gateway programming guides full AsyncOS 13.x and newer support Secure Email Gateway programming guides.

Gateway / Anti-spam

IronPort Anti-spam scanning profile full Legacy IronPort anti-spam scanning profile feature area remains in docs navigation.

Gateway / AsyncOS

Threat Scanner for HTML threats full Threat Scanner introduced threat detection for incoming HTML threats and spam positives.
ThreatScanner Spam Positive verdict full Mail logs include a ThreatScanner Spam Positive verdict.
Recommended quarantine for ThreatScanner Spam Positive full Recommended anti-spam policy action is Quarantine.
URL Retrospective Verdict and URL Remediation full URLs with unknown reputation can later turn malicious and trigger auto-remediation.

Gateway / AsyncOS 15.5.1

Per-policy Threat Defense Connector configuration full Newer AsyncOS allows configuring Threat Defense Connector for each incoming mail policy.
Large DKIM verification key support full Supports 3072-bit and 4096-bit DKIM verification keys.
TLS 1.3 support full AsyncOS 15.5.1 adds TLS 1.3 support for SSL services.

Gateway / ETD integration

Threat Defense Connector full Connector sends a copy of the message to ETD for advanced phishing and spoofing scans.
Threat Defense Connector via GUI full Can be enabled in the web UI under Security Services > Threat Defense Connector.
Threat Defense Connector via CLI full Can be enabled using the threatdefenseconfig CLI command.

Gateway / Investigation

Cisco Threat Response pivot menu / casebook full ESA and SMA allow pivoting observables to CTR for more risk context.

Gateway / Operations

Single Log Line (SLL) full AsyncOS feature area surfaced in docs for consolidated logging.
NGESA full Legacy/new-generation ESA feature area exposed in docs navigation.

Gateway / Post-delivery response

Mailbox Auto Remediation (MAR) full Uses AMP/File Reputation and File Analysis retrospective verdicts to auto-remediate mailbox messages when verdicts change.
Retrospective malware remediation full If a file turns malicious after delivery, the appliance can take auto-remedial action in the mailbox.

Historic architecture distinction

Hosted Cloud Email Security = ESA and SMA hosted by Cisco full Cisco community post describes Cloud Email Security as hosted ESAs and an SMA, with MX records pointed to Cisco.

Historic rebrand

Cloud Mailbox Defense renamed to Secure Email Cloud Mailbox full Earlier release notes announced the CMD-to-Cisco Secure Email Cloud Mailbox rename.

Historic support taxonomy

Cisco Cloud Email Security product series still exists in support taxonomy full Cisco support still has a Cloud Email Security series page while current branding uses Secure Email Cloud Gateway.
Cisco Secure Email Gateway support page still references IronPort full Cisco support page explicitly mentions Cisco IronPort Email Security Appliances.

Hosted Gateway

Cisco Secure Email Cloud Gateway full Hosted service solution formerly known as Cisco Cloud Email Security.
Cloud Gateway and on-prem Gateway run same AsyncOS versions full Cisco docs state both SEG and Cloud Gateway run the same AsyncOS release versions.
Cloud Gateway monitored by Cisco Operations full Cisco Operations team provides proactive monitoring of CES instances.
Cloud Gateway status page full Status of CES environment is available on a published status page.
Cloud Gateway signature/services updates status page full Status of email services such as signature updates is published separately.
Cloud Gateway quick-start administration full Quick-start guide leads through setup and administration of Secure Email Cloud Gateway.
Configure RELAYLIST at HAT full Outbound through Cloud Email Security requires adding sender IP/FQDN to RELAYLIST in Host Access Table.
Host Access Table (HAT) configuration full HAT configuration is used for outbound mail flow setup.
Microsoft 365 integration guide full Cloud Gateway docs include a guide for Microsoft 365-managed email.
Google Workspace integration guide full Cloud Gateway docs include a guide for Google Workspace/Gmail-managed email.
Cloud-only AsyncOS release model full AsyncOS 14.3 is described as a cloud-only release pushed to all Cloud Gateway customers.
Gold Config / best practices baseline full Cisco provisions new Cloud Gateway and Manager instances with Gold Config best practices.
Preconfigured mail policies, rules, dictionaries full Gold Config includes preconfigured mail policies, rules, dictionaries, and more.
On-prem to cloud migration guide full Cisco provides guidance for migrating on-prem gateways to Cloud Gateway.
Direct upgrade from older AsyncOS to cloud is possible full Migration FAQ says older on-prem AsyncOS versions can migrate directly to cloud, though upgrades may take longer.
Maximum two interfaces/listeners full Cloud Gateway supports a maximum of two interfaces/listeners.
Cloud and on-prem clustering constraints full AMI FAQ states Cloud ESA cannot be clustered with AMI deployment.

Hosted Gateway / Operations

CLI access for CES customers full CES docs include customer CLI access topics.

Hosted Gateway Layer

Cisco Secure Email Cloud Gateway full Current brand name for the formerly Cisco Cloud Email Security (CES) hosted gateway service.
Cisco Cloud Email Security (CES) full Previous name for Cisco Secure Email Cloud Gateway.

Licensing

Secure Email Essentials bundle full Includes anti-spam, sender domain reputation, URL filtering, outbreak filters, antivirus, and malware defense/analytics.
Secure Email Advantage bundle full Adds additional modern threat-defense capabilities on top of Essentials.

Licensing / Base features

Anti-spam, sender domain reputation, and URL filtering full Base software features in Cisco Secure Email licensing.
Outbreak filters full Base software feature for rapidly recognizing and quarantining threats.
Antivirus full Provides first-layer antivirus engine for email scanning.
Secure Email malware defense and analytics full Included in both Essentials and Advantage bundles.

Management Layer

Cisco Secure Email and Web Manager full Current brand name for the formerly Cisco Security Management Appliance (SMA).
Cisco Security Management Appliance (SMA) full Legacy name for the centralized management plane, now Secure Email and Web Manager.

Manager / API

Manager programming guides full AsyncOS 12.x and newer support Secure Email and Web Manager programming guides.

Manager / Operations

NGSMA full Legacy/new-generation SMA feature area exposed in docs navigation.

Portfolio

Cisco Secure Email full Cisco's broader secure email portfolio spanning gateway, threat defense, encryption, and related services.

Rebrand / Migration

Cloud Mailbox Defense renamed to Email Threat Defense full Cisco formally announced that Email Threat Defense is the new brand name for Cisco Secure Cloud Mailbox Defense.

Secure Email Integrations

Phishing submission add-in integration full Integrations Corner references Cisco Phishing Submission add-in as a required component in workflows.
Splunk Attack Analyzer integration full Security mailbox monitor flow uses Splunk Attack Analyzer.
Cisco XDR integration full Security mailbox monitor flow can open incidents in Cisco XDR.
Security Mailbox Monitor workflow full Integration allows reported messages to be analyzed and turned into incidents for analysts.
MS Graph API integration in workflows full Integrations Corner includes Microsoft Graph API as a required component.

Secure Email Threat Defense

Cloud-scale, AI-driven gateway capabilities full Harness cloud-scale AI in a unified platform and reduce traditional appliance limitations.
Comprehensive pre-delivery threat protection full Stops email threats before they reach the mailbox.
Unified and flexible platform full Unifies inline gateway and API deployment modes into a single console.
Simplified management and robust security full Streamlines maintenance and accelerates email security operations.
Cloud-focused email security platform full Cisco says ETD fortifies existing cloud email security investments.
Multiple detection engines across different portions of email full ETD uses multiple detection engines that simultaneously evaluate different parts of inbound email.
Natural language processing in threat detection full ETD uses AI/ML models including natural language processing.
Component of XDR strategy full Cisco positions ETD as a critical component of an extended detection and response strategy.
Part of User Protection Suite full Cisco says ETD is part of the User Protection Suite.
Part of Breach Protection Suite full Cisco says ETD is part of the Breach Protection Suite.
Integrated with Microsoft 365 for inbound/outbound/internal visibility full Docs say ETD is fully integrated into Microsoft 365 for complete visibility into inbound, outbound, and internal messages.
Built on modern, open APIs full Docs say ETD is built on open APIs for flexible integration.
Designed to augment Microsoft 365 with Talos full ETD augments native Microsoft 365 security with Cisco Talos intelligence.

Secure Email Threat Defense / Microsoft 365 integration

Microsoft Graph Mail.Read full Read-only access to view and download email and email read status.
Microsoft Graph Mail.ReadWrite full Read/write access used for view/download, on-demand remediation, and automated remediation.
Microsoft Graph Organization.Read.All full Used to acquire the list of domains to protect.
Microsoft Graph User.Read.All full Used to obtain organizational hierarchy and user properties for impersonation detections.
On-demand remediation full Enabled through Mail.ReadWrite permissions.
Automated remediation full Enabled through Mail.ReadWrite permissions.

Secure Email Threat Defense API

Searchable message data via ETD API full Message Search API helps users get message information available in the ETD UI and filter on parameters.
Programmatic report/dashboard access full ETD API enables partners and customers to programmatically access and consume data in a scalable manner.

Secure Email Threat Defense Advantage

Pre-delivery threat prevention full Advantage adds explicit pre-delivery protection.
Post-delivery remediation via APIs full Advantage unifies post-delivery remediation via APIs.
Full visibility of email in one console full Advantage includes full email visibility in a streamlined console.
Standalone gateway mode in ETD full ETD can operate as a standalone email security gateway.
Advanced phishing and spoofing improvements from gateway mode full Cisco says gateway enhancement improves protection against phishing and spoofing.

Secure Email Threat Defense Essentials

Identifies malicious techniques used in attacks targeting your organization full Core Essentials feature.
Derives context for specific business risks full Core Essentials feature.
Searchable threat telemetry full Core Essentials feature.
Threat categorization by organizational vulnerability full Categorizes threats to understand which parts of the organization are most vulnerable.
Talos threat intelligence integration full Integrates Cisco Talos threat intelligence for broader and deeper threat data.

Related Firewall & Network Security Vendors

Vendor Directory
Lookup Tools
Analysis
Bulk & Enterprise
Resources
Close