Cisco Cisco Email Security Appliance C160 Betriebsanweisung
C H A P T E R
10-1
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
10
Outbreak Filters
Low-volume, targeted email attacks such as phishing messages, scams, and malware links are on the rise
while viruses spread through attachments are on the decline. The messages used for these non-viral
attacks are complex and evolving; they are professional-looking messages that use social engineering
tricks, including using the recipient’s information, in an attempt to trick the recipient into clicking
custom URLs that point to phishing and malware websites. These URLs can be unique for each recipient
or a small group of recipients and these websites are online only for a short period of time and are
unknown to web security services. All of these factors make these small scale, non-viral outbreaks more
difficult to detect than widespread virus outbreaks and spam campaigns. Cisco IronPort’s Outbreak
Filters feature protects your users from this growing trend of targeted attacks in addition to new virus
outbreaks.
while viruses spread through attachments are on the decline. The messages used for these non-viral
attacks are complex and evolving; they are professional-looking messages that use social engineering
tricks, including using the recipient’s information, in an attempt to trick the recipient into clicking
custom URLs that point to phishing and malware websites. These URLs can be unique for each recipient
or a small group of recipients and these websites are online only for a short period of time and are
unknown to web security services. All of these factors make these small scale, non-viral outbreaks more
difficult to detect than widespread virus outbreaks and spam campaigns. Cisco IronPort’s Outbreak
Filters feature protects your users from this growing trend of targeted attacks in addition to new virus
outbreaks.
•
•
•
•
•
•
Outbreak Filters Overview
Messages designed to steal sensitive information from users or deliver malware to their computers
continue to evolve and can slip by traditional anti-virus and anti-spam scanning software. Outbreak
Filters act proactively to provide a critical first layer of defense against these new outbreaks. By
detecting new outbreaks in real-time and dynamically responding to prevent suspicious traffic from
entering the network, Cisco IronPort’s Outbreak Filters feature offers protection until new anti-virus and
anti-spam updates are deployed. The Outbreak Filters use Cisco IronPort’s outbreak detection
technology and intelligent quarantine system to protect your users.
continue to evolve and can slip by traditional anti-virus and anti-spam scanning software. Outbreak
Filters act proactively to provide a critical first layer of defense against these new outbreaks. By
detecting new outbreaks in real-time and dynamically responding to prevent suspicious traffic from
entering the network, Cisco IronPort’s Outbreak Filters feature offers protection until new anti-virus and
anti-spam updates are deployed. The Outbreak Filters use Cisco IronPort’s outbreak detection
technology and intelligent quarantine system to protect your users.
The Outbreak Filters feature protects your users and your network by gathering information about
outbreaks as they occur and using this data to prevent the spread of these outbreaks to your users.
Outbreak Filters compares incoming messages with published Outbreak Rules from Cisco Security
Intelligence Operations (SIO) to determine if the message is a part of a large-scale virus outbreak or a
smaller, non-viral attack. AsyncOS assigns messages that match the Outbreak Rules a threat level that
indicates the severity of the message’s threat and compares that threat level to the quarantine and
message modfication thresholds you set for your mail policy. Messages that meet or exceed one of those
thresholds are quarantined or modified to protect the recipient.
outbreaks as they occur and using this data to prevent the spread of these outbreaks to your users.
Outbreak Filters compares incoming messages with published Outbreak Rules from Cisco Security
Intelligence Operations (SIO) to determine if the message is a part of a large-scale virus outbreak or a
smaller, non-viral attack. AsyncOS assigns messages that match the Outbreak Rules a threat level that
indicates the severity of the message’s threat and compares that threat level to the quarantine and
message modfication thresholds you set for your mail policy. Messages that meet or exceed one of those
thresholds are quarantined or modified to protect the recipient.