Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 10 Outbreak Filters
10-2
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Outbreak Filters Overview
Messages designed to steal sensitive information from users or deliver malware to
their computers continue to evolve and can slip by traditional anti-virus and
anti-spam scanning software. Outbreak Filters act proactively to provide a critical
first layer of defense against these new outbreaks. By detecting new outbreaks in
real-time and dynamically responding to prevent suspicious traffic from entering
the network, Cisco IronPort’s Outbreak Filters feature offers protection until new
anti-virus and anti-spam updates are deployed. The Outbreak Filters use Cisco
IronPort’s outbreak detection technology and intelligent quarantine system to
protect your users.
their computers continue to evolve and can slip by traditional anti-virus and
anti-spam scanning software. Outbreak Filters act proactively to provide a critical
first layer of defense against these new outbreaks. By detecting new outbreaks in
real-time and dynamically responding to prevent suspicious traffic from entering
the network, Cisco IronPort’s Outbreak Filters feature offers protection until new
anti-virus and anti-spam updates are deployed. The Outbreak Filters use Cisco
IronPort’s outbreak detection technology and intelligent quarantine system to
protect your users.
The Outbreak Filters feature protects your users and your network by gathering
information about outbreaks as they occur and using this data to prevent the
spread of these outbreaks to your users. Outbreak Filters compares incoming
messages with published Outbreak Rules from Cisco Security Intelligence
Operations (SIO) to determine if the message is a part of a large-scale virus
outbreak or a smaller, non-viral attack. AsyncOS assigns messages that match the
Outbreak Rules a threat level that indicates the severity of the message’s threat
and compares that threat level to the quarantine and message modfication
thresholds you set for your mail policy. Messages that meet or exceed one of those
thresholds are quarantined or modified to protect the recipient.
information about outbreaks as they occur and using this data to prevent the
spread of these outbreaks to your users. Outbreak Filters compares incoming
messages with published Outbreak Rules from Cisco Security Intelligence
Operations (SIO) to determine if the message is a part of a large-scale virus
outbreak or a smaller, non-viral attack. AsyncOS assigns messages that match the
Outbreak Rules a threat level that indicates the severity of the message’s threat
and compares that threat level to the quarantine and message modfication
thresholds you set for your mail policy. Messages that meet or exceed one of those
thresholds are quarantined or modified to protect the recipient.
The process of outbreak detection and filtering begins with SenderBase, part of
SIO. SenderBase is the world’s largest email and web traffic monitoring system
and has a view into approximately 25% of the world’s email traffic. Cisco IronPort
uses historical SenderBase data to create a statistical view of normal global traffic
patterns. Outbreak Filters depends on the set of rules developed from this data to
determine the threat levels of incoming messages.
SIO. SenderBase is the world’s largest email and web traffic monitoring system
and has a view into approximately 25% of the world’s email traffic. Cisco IronPort
uses historical SenderBase data to create a statistical view of normal global traffic
patterns. Outbreak Filters depends on the set of rules developed from this data to
determine the threat levels of incoming messages.
Outbreak Filters has significant enhancements in features and usability. At a high
level the enhancements include, but are not limited to:
level the enhancements include, but are not limited to:
•
The increased threat types detected by Cisco Security Intelligence Operations
(SIO) and used to create Outbreak Rules to detect non-viral attacks, such as
phishing scams and malware distribution, in addition to virus outbreaks.
(SIO) and used to create Outbreak Rules to detect non-viral attacks, such as
phishing scams and malware distribution, in addition to virus outbreaks.
•
CASE (Context Adaptive Scanning Engine) scanning that scans for URLs to
detect non-viral threats, in addition to combining content analysis from
Adaptive Rules and Outbreak Rules from SIO to detect outbreaks.
detect non-viral threats, in addition to combining content analysis from
Adaptive Rules and Outbreak Rules from SIO to detect outbreaks.
•
Dynamic Quarantine, which re-evaluates messages periodically and
auto-releases them from the quarantine based on Outbreak Rule updates.
auto-releases them from the quarantine based on Outbreak Rule updates.