D2S6.Email Security Roadmap 13.5 and Beyond

Cisco Email Security
Roadmap Deep-Dive
Filipe Lopes
Technical Marketing Engineer
October 2019
Global
#GST #CISCOVT #CISCOSE
Sales Training
Attackers rely primarily on email
to distribute spam, malware, and
other threats. To prevent
breaches, you need a powerful
email security solution.
Talos Team
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
1 FY19 Overview -> FY20 Priorities
2 Consolidated Roadmap
Agenda
3 FY20 Roadmap Deep-Dive
4 Call to Action
Sales Training
Disclaimer
Many of the products and features
described herein remain in varying
stages of development and will be
offered on a when-and-if-available
basis.
This roadmap is subject to change at
the sole discretion of Cisco, and Cisco
will have no liability for delay in the
delivery or failure to deliver any of the
products or features set forth in this
document.
Sales Training
FY19: A Record Year for Email Security
Highlights Keys to Success
Strong Execution fueled by

1 Cloud Migration
39% 26% 123% 1100+

Growth in Overall YOY Net New Advanced Phishing and
Cloud Email Growth Renewal customers 2 Domain Protection upsell
Rate
New Datacenters +75% AMP attach on Cloud

3 Email
Frankfurt
Significant investments in
4
Melbourne Tokyo
infrastructure
FY19 Overview/FY20 Priorities Initiatives 13 Highlights FY20 Call to Action!S a l e s T r a i n i n g
FY20 Priorities
Efficacy Integration User Experience Office 365
Improved phishing 3rd phase of integration New User Interface for East / West email visibility
detection with Cloud with Cisco Threat Cloud Email Security
based URL analysis Response Reading of Reporting and
New interface for Mailbox data from
Faster lookup times via Advanced Phishing Registered Envelope Exchange
new cloud architecture Sensor on CES/ESA Service
Native integration with
New scanning engines Publish of Public API for Domain Protection and Exchange folders (Junk,
for emerging threats Configuration Advanced Phishing Quarantine, etc.)
Reports
On-demand retraction of
emails
Email Security Initiatives FY19-20 Available Now In Planning
2019 2020
January June September February
v12.0 v12.5 v13.0 v13.5
Thought
Leadership
External Threat Feeds Support Using
Auto Remediation for Exchange 2016+
*
Mailbox On-Demand Retraction : For On-
STIX over TAXII standard prem, cloud and Hybrid O365, MS
SafePrint File Disarm and Reconstruction Exchange
Threat
Efficacy Enhanced IMS Engine: Revamped Efficacy Improvements: Enhanced anti-
Sender Domain Reputation (SDR) Phishing Improvements: Detection of
Intelligent Multi-scan engine to better spam with additional profiles & improved
Domain reputation, age based filtering credential phishing, malware download,
detect spams, phishing outbreak filters for better phishing
browser attack links
detection
Infrastructure
Expansion Japan, Australia CES DC Launch Site-to-site VPN for APJC customers New multi-tenant dashboard in CES
New EU Data center: Germany DC in
preparation for Brexit
GDPR Compliance for CES Load balancers for US CES data centers Load balancers for EU, APJC data centers
Cisco on
Cisco Cisco Threat Response Integration Integration of Advanced Phishing
Cisco Threat Response : Support for Cisco Threat Response: Casebook, Pivot
Integration Protection sensor, Domain Protection “My
multiple regions (US, EU) menu support
ThreatGrid Cluster support Domains” Report
Platform DANE Support: Meet EU standards CEF logs & AWS S3 bucket upload Scalable SMA: To handle more gateways
X95 Platform support: new and better
Enhancements performing platform
Smart Licensing: Simplified licensing SSO access to Email gateways via SAML CRES Custom branded CRES UI
CRES Easy open: Pull based encryption

SMA APIs New UI How-Tos New UI for Email Gateway for RTQ
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *Gversion
l o b anot
l defined yet
Version 13 Highlights
Sales Training
Version 13.0 Summary
ESA 13.0 Enhancements SMA 13.0 Enhancements
• Enhancements to Mailbox Auto Remediation • SMA UX – phase 3
• Exchange Hybrid support • Configuration of Quarantines
• Exchange 2013, 2016 support • Scheduled Reporting
• O365 Multi-tenant support
• PDF of reports in new UI format
• Cisco Threat Response – pivot menu, casebook
• Single Log Line (CEF)
• SAML for administrative authentication
• FIPS/CC Certification
• Phishing enhancements - phase 1
• x95 platform support
• Reporting / Tracking / Quarantine UI on ESA
w/APIs
Mailbox Auto Remediation Enhancements
MS Exchange Office 365 Office 365
2016, 2019 (main tenant) (Secondary tenant)
Graph API supports Exchange

2013/2016 Hybrid Deployments
EWS API supports Exchange

2013/2016 Standalone
EWS API Graph API
Deployments
Multiple Tenants can use a single Appliance (HW/VM) Cloud

MAR action with Chained Profiles Cisco Email Security
CEF Formatted Logs
CEF allows for standardized log format so that SIEM vendors can easily ingest logs
All data / verdicts / actions on the email are logged into a single entry after the final
action of the email is taken
CEF uses reduces disk consumption in SIEM applications, with faster indexing
S3 Buckets will be supported for log transfers
CEF Formatted Logs
CEF:0|Cisco|ESA|11.1|SERIAL|0|IP|HostName|SenderGroup|ICID|MFP|Action|MID|OfficalSantaLetters@specialnewss
anta.icu|me@cisco.com |Make Christmas Magical again!|Policy|IPAS|AV|AMP|GRM|CF|OF|Drop
Base CEF format: CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

Cisco Threat Response – Phase 2
New Reporting, Tracking and Quarantine
Pivoting from ESA/SMA to CTR
More context on specific observables
SAML for Administrative Authentication
• SSO Authentication
• Map roles to groups
• SAML verified against
ADFS, Azure AD and
Duo
• ESA and SMA
New! x95 Hardware Refresh for ESA/WSA/SMA
Data Sheets Product
Overview
with
Migration
Guide
SafePrint
Malicious & Suspicious Document Types or URLs in Attachments
AV, AMP & TG, URL Filter ESA
MTA Malicious / Suspicious Deliver / no Attachment
Do Safe Print Deliver / Safe Print

Safe Print
Drop / Quarantine
SafePrint – Content Disarm
End User
Effectively Disarm potentially malicious documents delivering a Safe File
13.5 and Beyond…
Sales Training
AsyncOS 13.5 & Beyond
ESA 13.5 Summary SMA 13.6 Summary

• Phishing Enhancements - CUA • Reporting Scalability enhancements on SMA
• APP Integration on Cisco Email Gateway • Load-Balancer / Centralized Management
• Performance and Scalability Enhancements • Dashboard
• Cisco Success Network&Telemetry • Configuration
Anti-Phishing Enhancements
12.x 13.0 13.5
Cloud URL Analysis for
CASE/OF Engine not CASE/OF Engine detection inline URL inspection of
detecting all URL-based improvements anomalies Real-time Cloud queries
Threats for IP and URL reputation
SDR verdict is not passed
Pass SDR, URL’s in
to CASE OF/Re-scan improvements
attachments
information to passing intermediate scan
Upon release from OF, only
results, Suspect spam Support for additional URL
AS/AV rescans the email CASE/OF Shortened services
handling
Passing Macro detection , Re-scan an email by all
SPF and DKIM verification engines on release from Infrastructure Improved Telemetry and
verdict to CASE OF quarantine improvements for faster exchanging contextual data
URL’s reputation updates across services
IMS-NG (Advanced CASE New Aggressive scanning
and new spam detection) profile for IPAS users
Anti-Phishing Enhancements – Phase 2
Cloud URL Analysis (CUA)
Enhanced coverage on:
o Credential Phishing (Financial,

Brand, Documents, Surveys)
o File-Based Malware (Emotet)
o Browser Exploits
o Shortened URL services
SMA & DP Integration
ESA & APP Integration
APP Sensor APP Portal
APP sensor is now on Cisco Email Gateway

• No additional VMs required to deploy sensor
• Enable forwarding as last blade on ESA/CES
• Basic summary of APP detections on ESA/CES with
ability to pivot into APP portal for further details
Advanced Phishing Protection
Performance and Scalability Enhancements
SMA Scalability
Robust Scanning
Parallel Processing
Faster UI responses
Benchmarks
ESA
FY19 Overview/FY20 Priorities Initiatives 13 Highlights FY20
Call to Action! Call to Action!
Sales Training
SMA – Reporting Scalability Enhancements
13.0 13.5
SMA SMA
1 – 20/25 1 – 40+
Email Security Email Security Email Security Email Security
CES v2
• Vision: CES to be a cloud native SEG
• Load balancer & Multi-tenant portal: building blocks of this architecture
FY20 Q1 FY20 Q2 FY20 Q3

Aug Sep Oct Nov Dec Jan Feb Mar
Complete LB
Complete LB roll out in
Load-Balancer migration for pilot ……..
US DC
customers
Multi-tenant Portal RTQ portal development Config Portal development ……..
Cisco Success Network&Telemetry
Usage Information and Statistics
Security Services Exchange (SSE) Cloud

Email Security
Analytics on collected Telemetry Data = Increased Visibility
Effectiveness of the Product Increases = Improved Customer Experience
Customers will be more inclined to continue to invest

On-Demand Email Retraction
Search for a Malware:

(File / URL / Domain / IP / Message ID) Pull from O365, Exchange
Admin Select and Remove from mailboxes
Email Security Portfolio
Cloud (CES) CSMP

Appliance (HW/VM)
Cisco Email Security
Renaissance (ESA 13.5 + SMA 13.6)
We need you!!
• Direct link to product development!
• Private weekly calls with the product team
• New feature training; TAC support
• Free beta loaners for your test lab
• Ensure your bugs are fixed by GA
Enroll today!
http://cs.co/security-beta-nomination
ask-sbg-beta@cisco.com
Sales Training
Email Security Call to Action
Upsell and Engage Customers
• Email Security + AMP bundle
Utilize Email Security Demos & PoV (Single SKU)
• Threat Analyzer v2 for O365 (v3…!) • Health check & Customer Success
• Updated Email Security PoV Guide! • CTR Awareness & Integrations!
• Email Security dCloud Instant Demo • Include Domain Protection, Advanced
• DP & APP PoV guide Phishing Protection, Security
• DP & APP dCloud Instant Demo Management Platform in every
• CES Eval process via Atlas 5.0 conversation
Enablement and Education

• Fire Jumper for Sales, SE, FE
Promote AsyncOS 13.0 Release • Collaterals, SEVT, PVT
• SAML, MAR Exchange, SLL • Product webinars <- Register your customers!
• Drive CES Engagements • Partner Interactive Webinars (PIW)
• O365 LDAP Connector, New CES • Voice of the Engineer (VoE)
DC in APJC and Germany! • Power Hour updates and webinars
• CRES Easy Open • WW Partner Roadshows!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Email Security Global
FY19 Overview/FY20 Priorities Initiatives 13 Highlights FY20 Call to Action! S a l e s T r a i n i n g
WSA Product Update
On Premise Web Protection
Christian Clasen
Technical Marketing Engineer
October 2019
Global
#GST #CISCOVT #CISCOSE
Sales Training
Today’s Agenda
Market and Positioning
12.0 Features
Forward Looking
Selling Aids and

Resources
Sales Training
Market and Positioning
In a cloud-obsessed world,
where is the on-prem proxy
market?
VS.
Sales Training
Key Market Verticals for On-Prem Proxy
Health Care Financial Federal

Services DoD
Sales Training
Health Care Financial Services
Granular Reporting
Strong Identity
VDI Support
DLP
Log Retention
Behavioral Analysis
WSA
Sales Training
Globally Recognized Certifications
FIPS Common
Certification Criteria
AsyncOS 10.5
Global
AsyncOS 11.8 (CC pending)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Sales Training
US-Centric Certification
DoDIN
APL
AsyncOS 10.5
AsyncOS 11.8 Global
Sales Training
Key geographies
European Market
GDPR compliance
Strong workers councils
Cloud reluctance
Sales Training
Regulatory compliance
3rd Party
CTA Cloud Services Cloudlock
Anonymization
IP Address
Username
Group
Global
3rd Party DLP
WSA Sales Training
Agenda
Market & Forward Selling Aids &

12.0 Features
Positioning Looking Resources
© 2018
2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Road Map
Q2CY19 11.8 (LD) Q4CY19 12.0 (Beta) Q1CY20 12.5
• UX refresh / REST API • High Performance (phase I) • High Performance (phase II)
• ISE enhancements (VDI / fallback) • TLS 1.3 • Proxy IP Spoofing
• Threat categories • CTR integration (WSA) • YouTube categories
• Multiple categories • UX refresh (WSA) • System Health Dashboard
• Threat Grid cluster support

• CTR integration (SMA)
• Passthrough without certificate check
• O365 bypass and exception list
• Multi-config master (SMA)
• Threat categories
Sales Training
The WSA is the only
Cisco security product
that can decrypt
TLS 1.3
TLS
v1.3
WSA 12.0
Sales Training
TLS 1.3 Benefits
Adoption Privacy Security Performance

• More of the • Insecure / obsolete Faster handshake
• Finalized in March ‘18 •
handshake is ciphers removed
• Supported by all major encrypted TLS false start
• No renegotiation •
browsers
• Including the • No compression
• 18% of Alexa ranked sites certificate • Resumption
support it
TLS
v1.3
Global
AsyncOS 12.0 Sales Training
High Performance WSA
S690 and S695

double their
2x previous
Performance performance
Phase I: 12.0
15 beta customers have tested
Phase II: 12.5
Sales Training
New Reporting UI
• Less cluttered
• More modern
• Customizable
AsyncOS 12.0 Global
Sales Training
CTR integration
Query the WSA or SMA Web Tracking Database
Observables
Domain
Destination IP
URL
Filename
File Hash
System Health Dashboard
Status Info
CPU by Process
Memory
Disk
Traffic Profile
RPS
Bandwidth
DecryptGRate
lobal
System Health Dashboard
Service Details
Status
Latency
Historical Alerts
ISE
AMP
Authentication
WBRS
And More…
Global
AsyncOS 12.5
Sales Training
Proxy IP spoofing
New feature
IP 1
WSA P
IP 2 B
R
12.0 IP 3
WSA
Global
AsyncOS 12.5
Sales Training
YouTube categories
Music News and
{API} Gaming
Sports
Education
Politics More
Block YouTube videos

based on category
Agenda

12.0 Features
© 2018
Sales Training
HTTP/2.0 Support
• 2.2x Faster
• Fewer Connections
• No competitor support
http/2
Sales Training
CTR Remediation WSA
Policy
Enforcement
Investigate Remediate
Global
CTR
Sales Training
New Configuration UI
Policy
Configuration
{API}
{API}
Sales Training
Agenda

12.0 Features
© 2018
Sales Training
Active campaigns
Forcepoint and Symantec takeout
Competitive 3Y for price of 2Y
5Y for price of 3Y
Stackable Discounts
Migration Incentives Up to 71% discounts for partners moving customers to Cisco
https://salesconnect.cisco.com/#/program/PAGE-12501
Ratio pricing for education
SLED Licensing 1:5 for students
x95 Offer Up to two x95 for the price of one x90

When purchasing Web Security Shield license bundle
Free health checks

Health Checks Request here: http://cs.co/wsahealthcheck
Sales Training
Cisco Software Support for Security
3rd Party Web Policies Cisco WSA Web policies
3rd Party Web

Proxy Appliances Software Security WSA
Support Service
PREMIUM
SKU: WSA-SW-SUPP
Sales Training
Resources
Partner Portal Guides YouTube dCloud
• http://cs.co/wsapartners • http://cs.co/wsaguides • http://cs.co/wsavideos • AWSR instant demo

• Training • User guides • Integration Steps • WSA instant demo
• Demos • Whitepapers • Feature Demos • ISE integration with WSA
• Active campaigns • Technical data sheets • Release Overviews
Sales Training

D2S6.Email Security Roadmap 13.5 and Beyond

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D2S6.Email Security Roadmap 13.5 and Beyond

Uploaded by

Copyright:

Available Formats

Cisco Email Security

Strong Execution fueled by

39% 26% 123% 1100+

New Datacenters +75% AMP attach on Cloud

Efficacy Integration User Experience Office 365

CRES Easy open: Pull based encryption

Graph API supports Exchange

EWS API supports Exchange

Multiple Tenants can use a single Appliance (HW/VM) Cloud

S3 Buckets will be supported for log transfers

Base CEF format: CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

New Reporting, Tracking and Quarantine

Pivoting from ESA/SMA to CTR

More context on specific observables

AV, AMP & TG, URL Filter ESA

MTA Malicious / Suspicious Deliver / no Attachment

Do Safe Print Deliver / Safe Print

Effectively Disarm potentially malicious documents delivering a Safe File

ESA 13.5 Summary SMA 13.6 Summary

Enhanced coverage on:

o Credential Phishing (Financial,

o File-Based Malware (Emotet)

o Shortened URL services

APP Sensor APP Portal

APP sensor is now on Cisco Email Gateway

Advanced Phishing Protection

FY20 Q1 FY20 Q2 FY20 Q3

Multi-tenant Portal RTQ portal development Config Portal development ……..

Usage Information and Statistics

Security Services Exchange (SSE) Cloud

Analytics on collected Telemetry Data = Increased Visibility

Effectiveness of the Product Increases = Improved Customer Experience

Customers will be more inclined to continue to invest

Search for a Malware:

Admin Select and Remove from mailboxes

Cloud (CES) CSMP

Cisco Email Security

Enablement and Education

Selling Aids and

Health Care Financial Federal

Strong workers councils

Market & Forward Selling Aids &

• ISE enhancements (VDI / fallback) • TLS 1.3 • Proxy IP Spoofing

• Threat categories • CTR integration (WSA) • YouTube categories

• Multiple categories • UX refresh (WSA) • System Health Dashboard

• Threat Grid cluster support

Adoption Privacy Security Performance

S690 and S695

Block YouTube videos

Market & Forward Selling Aids &

Market & Forward Selling Aids &

x95 Offer Up to two x95 for the price of one x90

Free health checks

3rd Party Web Policies Cisco WSA Web policies

3rd Party Web

Partner Portal Guides YouTube dCloud

• http://cs.co/wsapartners • http://cs.co/wsaguides • http://cs.co/wsavideos • AWSR instant demo

You might also like