Cisco Cisco Email Security Appliance C170 Mode D'Emploi
10-5
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
•
Redirect. Based on the threat level, Outbreak Filters rewrites the URLs in
non-viral attack messages to redirect the recipient through the Cisco web
security proxy if they attempt to access any of the linked websites. The proxy
displays a splash screen that warns the user that the website may contain
malware, if the website is still operational, or displays an error message if the
website has been taken offline. See
non-viral attack messages to redirect the recipient through the Cisco web
security proxy if they attempt to access any of the linked websites. The proxy
displays a splash screen that warns the user that the website may contain
malware, if the website is still operational, or displays an error message if the
website has been taken offline. See
information on redirecting URLs.
•
Modify. In addition to rewriting URLs in non-viral threat messages, Outbreak
Filters can modify a message’s subject and add a disclaimer above the
message body to warn users about the message’s content. See
Filters can modify a message’s subject and add a disclaimer above the
message body to warn users about the message’s content. See
for more information.
Cisco Security Intelligence Operations
Cisco Security Intelligence Operations (SIO) is a security ecosystem that
connects global threat information, reputation-based services, and sophisticated
analysis to Cisco security appliances to provide stronger protection with faster
response times.
connects global threat information, reputation-based services, and sophisticated
analysis to Cisco security appliances to provide stronger protection with faster
response times.
SIO consists of three components:
•
SenderBase. The world’s largest threat monitoring network and vulnerability
database.
database.
•
Threat Operations Center (TOC). A global team of security analysts and
automated systems that extract actionable intelligence gathered by
SenderBase.
automated systems that extract actionable intelligence gathered by
SenderBase.
•
Dynamic Update. Real-time updates automatically delivered to Cisco
IronPort appliances as outbreaks occur.
IronPort appliances as outbreaks occur.
SIO compares real-time data from the global SenderBase network to common
traffic patterns to identify anomalies that are proven predictors of an outbreak.
TOC reviews the data and issues a threat level of the possible outbreak. Cisco
IronPort Email Security appliances download updated threat levels and Outbreak
Rules and use them to scan incoming and outgoing messages, as well as messages
already in the Outbreak quarantine.
traffic patterns to identify anomalies that are proven predictors of an outbreak.
TOC reviews the data and issues a threat level of the possible outbreak. Cisco
IronPort Email Security appliances download updated threat levels and Outbreak
Rules and use them to scan incoming and outgoing messages, as well as messages
already in the Outbreak quarantine.
Information about current virus outbreaks can be found on SenderBase’s website
here:
here:
http://www.senderbase.org/