[

[[[[

[ Exposure- email blocks

[

[ Today’s cyber-threat reality

Hackers will likely

command and control

your environment via web

You’ll most likely be

infected via email

Your environment

will get breached

[ Attack surface - email

A growing appetite

to leverage

targeted phishing

campaigns

Example: Snowshoe SPAM attack

SPAM up

250%

[ Attack surface – web browser

More than

85% of the companies studied were affected each month by malicious browser extensions

[ Sample attacking: Joe CFO

Meet Joe. He is heading home for a well deserved vacation.

He’s catching up on email using the airport Wi-Fi while he waits for his flight.

[ Sample attacking: Joe CFO

Joe just got an email from his vacation resort.

Your Tropical Getaway

Joe,

Thank you for choosing us. We look forward to seeing you.

Before your arrival, please verify your information here: www.vacationresort.com

Best,Resort Team

[ Sample attacking: Joe CFO

No problem, right? Everything looks normal.

The site may even be a trusted site, or maybe a site that is newly minted.

Your Tropical Getaway

Joe,

Thank you for choosing us. We look forward to seeing you.

Before your arrival, please verify your information here: www.vacationresort.com

Best,Resort Team

[ Sample attacking: Joe CFO

Joe opens the link and the resort video plays.

Although he doesn’t know it, Joe’s machine has been compromised by a Silverlight based video exploit.

The malware now starts to harvest Joe’s confidential information:

• Passwords

• Credentials

• Company access authorizations

[ Talos: before, during and after

1.1 million file samples per day

AMP community

Advanced Microsoft

and industry disclosures

Snort and ClamAV open source

communities

AMP TG Intelligence

AEGIS™ program

Private and public threat feeds

10 million files per month - AMP

TG Dynamic analysis

10I000 0II0 00 0III000 II1010011 101 1100001 110

110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

101000 0II0 00 0III000 III0I00II II II0000I II0

1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00

Cisco®

Talos

Threat

IntelligenceResearch

Response

ESA/WSA/CWS

Email Endpoints Web Networks IPS Devices

WWW

1.6 millionglobal sensors

100 TBof data received per day

150 million+ deployed endpoints

600+engineers, technicians,

and researchers

35% worldwide email traffic

13 billionweb requests

24x7x365 operations

40+languages

[ Cisco Email Security

Reporting

Message Track

Management

Allow Warn

AdminHQ

Anti-Spam

and

Anti-Virus

Mail Flow

PoliciesData Loss

ProtectionEncryption

BeforeDuringX XX

X

Inbound Email

Outbound Email

Cisco

Appliance Virtual

Talos

BlockPartial

Block

Outbound Liability

BeforeAfterDuring

Tracking

User click Activity

(Anti-Phish)

File

Sandboxing & Retrospection

X X XXX

Cloud

Content

Controls

X

Email

Reputation

Acceptance

ControlsFile

Reputation

Anti-Spam

Anti-Virus Outbreak

Filters

X

Mail Flow

PoliciesGraymail

Management

Safe Unsubscribe

X

Anti-PhishThreatGrid URL Rep & Cat

[ Demo

[ Graymail management

Threat Defense Security Graymail Detection

BulkSocial

Network Marketing

Quarantine

• Whitelist – Allow Sender

• Blacklist – Block Sender

• Release – Safe unsubscribe

Block

Add Safe Unsubscribe Link

Verdict

RequestReputation

Filter

Anti-spam

Anti-virus

AdvancedMalwareProtection

[ Cisco AMP

[ SecureMail 4.0 Design

• End User Policy

• End User Content Filter

• End User / Admin Spam Quarantine

• PMM Mail (1 Click)

• LDAP Sync & Import (Web Portal)

• Signature und Encryption

[ SecureMail 4.0