AsyncOS 14.0

📘

Release Notes

Please read and review the entire Release Notes for AsyncOS 14.0 for Cisco Email
Security Appliances
(GD).

Integrating Email Gateway with Cisco Secure Awareness Cloud Service

The Cisco Secure Awareness cloud service allows you to effectively deploy phishing simulations, awareness training, or both to measure and report results. It empowers the security operations team to focus on real-time threats and not end-user mitigation.

The Cisco Secure Awareness cloud service provides reports of repeat clickers - users who repeatedly click on any URL or attachment in messages. These users are identified via a phishing simulation campaign defined by the Cisco Secure Awareness cloud service.

You can integrate your email gateway with the Cisco Secure Awareness cloud service to:

  • Improve end-user awareness towards real-world phishing attacks.
  • Allow email administrators to configure stringent policies for end users identified as repeat clickers.

Simple Network Management Protocol (SNMP) Enhancements

The following are the enhancements made to the SNMP configuration settings:

  • Added new SNMP MIBs for additional CES monitoring.
  • Support for SNMPv3 traps:
    – SNMPv3 supports all the three security levels – noAuthNoPriv, authNoPriv, and authPriv.
    – When both SNMPv3 and SNMPv2 are enabled, you need to select the required version for traps.
    – A new option is added under snmpconfig CLI command to select the trap version when both SNMPv2 and SNMPv3 are enabled.

Improved Phishing Detection in Email Gateway

The following are the enhancements made to improve phishing detection in your email gateway:

  • Sender Domain Reputation Filtering Enhancement
  • Default Scanning of URLs in Message Attachments

Sender Domain Reputation Filtering Enhancement: You can configure your email gateway to block messages based on the Sender Domain Reputation (SDR) verdict at the SMTP conversation level.

You can enable or disable SDR verification using the Mail Flow Policy configuration settings.

📘

Note

By default, SDR verification is enabled for incoming mail flow policies and disabled for outgoing mail flow policies.

📘

Note

By default, your email gateway blocks all incoming messages if the SDR verdict is “Awful.”

Default Scanning of URLs in Message Attachments: By default, the email gateway scans URLs in message attachments for any malicious content early in the email pipeline (before the Anti-Spam engine.)

The ability to block messages based on the SDR verdict at the SMTP conversation level and default scanning of URLs in message attachments helps an organization to:

  • Improve efficacy detection in phishing and domain spoofing.
  • Detect phishing attacks early in the email pipeline based on the default action taken on the SDR reputation verdict.

Scanning Password-protected Attachments in Messages

You can configure the Content Scanner in your email gateway to scan the contents of password-protected attachments in incoming or outgoing messages.

The ability to scan password-protected message attachments in the email gateway helps an organization to:

  • Detect phishing campaigns that use malware as attachments in
    messages with password-protection to target limited cyber-attacks.
  • Analyze messages that contain password-protected attachments for
    malicious activity and data privacy.

The following languages are supported for this feature - English, Italian, Portuguese, Spanish, German, and French.

You can create user-defined passphrases to open password-protected attachments in incoming or outgoing messages in any one of the following ways:

  • Security Services > Scan Behavior page in the web interface.
  • protectedattachmentconfig command in the CLI.

In this release, the Content Scanner can scan the contents of password-protected attachments for the following file types only:

  • Adobe Portable Document Format (PDF) files.
  • MS Office file types:
    – Word - .doc file format that supports 2002 to 2004 version and
    .docx file format that supports 2007 to 2016 version.
    – Excel - .xls and .xlsx file formats that support 2007 to 2016
    version.
    – PowerPoint - .ppt or .pptx file formats that support 2007 to 2016
    version.
  • Archive file types - .zip format

New report for mail policy details

A new report – Mail Policy Details is added in the new web interface of your email gateway. Use this report to view the number of messages that match a configured mail policy.

New Message Tracking Filter for mail policy details

A new message tracking filter - Mail Policy is added in the Message Tracking > Advanced Search > Message Event option in the new web interface of your email gateway. Use this option to search for incoming or outgoing messages that match the configured mail policy name entered in the ‘Mail Policy Name’ field

Enhanced Overview and Incoming Mail reporting pages

The following are the enhancements made to the Overview and Incoming Mail reporting pages in the legacy web interface of your email gateway:

Overview report page:

  • Added new message category – Stopped by Domain Reputation Filtering in the Incoming Mail Summary section.
  • Changed Stopped by Reputation Filtering message category name to Stopped by IP Reputation Filtering in the Incoming Mail Summary section.

Incoming Mail report page:

  • Added new column – Stopped by Domain Reputation Filtering in the Incoming Mail Details section.
  • Changed Stopped by Reputation Filtering column name to Stopped by IP Reputation Filtering in the Incoming Mail Details section.

Enhanced Mail Flow Summary and Mail Flow Details reporting pages

The following are the enhancements made to the Mail Flow Summary and Mail Flow Details reporting pages in the new web interface of your email gateway:

Mail Flow Summary report page:

  • Added new category – Stopped by Domain Reputation Filtering in the Threat Messages graph section.
  • Changed Stopped by Reputation Filtering category name to Stopped by IP Reputation Filtering in the Threat Messages graph section.
  • Added new column – Stopped by Domain Reputation Filtering in the Threat Detection Summary section.
  • Changed Stopped by Reputation Filtering column name to Stopped by IP Reputation Filtering in the Threat Detection Summary section.

Mail Flow Details report page:

  • Added new column – Stopped by Domain Reputation Filtering in the Incoming Mails section for IP Addresses, Domains, and Network Owners.
  • Changed Stopped by Reputation Filtering column name to Stopped by IP Reputation Filtering in the Incoming Mails section for IP Addresses, Domains, and Network Owners.

Support for New Content Matching Classifiers - National Identification Numbers for Southeast Asian countries

You can create a DLP policy using any one of the following new content matching classifiers - National Identification Numbers for Southeast Asian countries:

  • Indonesia KTP
  • Malaysia MyKad
  • Thailand ID
  • Philippines UMID
  • Singapore NRIC

You can select the new content matching classifiers in the following pages of the web interface in your email gateway:

  • Go to Mail Policies > DLP Policy Manager > Add Custom Policy page > Predefined Custom Classifiers > Policy Matching Details option.
  • Go to Mail Policies > DLP Policy Manager > Add Custom Policy page > Create Custom Classifier > Entity rule option.
  • Go to Mail Policies > DLP Policy Manager >Add DLP Policy page > Privacy Protection template option.
  • Go to Mail Policies > DLP Policy Customizations > Add Custom Classifier page > Entity rule option.

New Remediation Report Status Widget

A new widget - ’Remediation Report Status’ is added when you search and remediate messages in the Message Tracking page of the new web interface of your email gateway.

Performing Remedial Actions on Messages in Cisco SecureX Threat Response

In Cisco SecureX Threat Response, you can now investigate and apply the following remedial actions on messages processed by your email gateway:

  • Delete
  • Forward
  • Forward and Delete

More info: Using Search & Remediate with Cisco SecureX

AMP Upstream Proxy Settings for File Analysis

You can now configure an upstream proxy for file analysis.

Content Filter - Attachment File Info condition and Strip by Attachment File Info action Enhancements

A new option - File Hash List is added in the Content Filters - “Attachment File Info” condition and “Strip by Attachment File Info” action.

Use this option to configure a content filter to take action on message attachments that match a specific file SHA-256 value in the selected file hash list.

📘

Note

You can also configure this functionality using message filters.

Smart Software Licensing Enhancements

AsyncOS 14.0 includes the following smart software licensing enhancements:

  • In a clustered configuration, you can now enable smart software licensing and register all the machines simultaneously with the Cisco Smart Software Manager.
  • After you enabled smart software licensing and registered your email gateway with the Cisco Smart Software Manager, the Cisco Cloud Services portal is automatically enabled and registered on your email gateway.
  • You can view details of the smart account created in the Cisco Smart Software Manager portal using the smartaccountinfo command in the CLI.
  • If the Cisco Cloud Services certificate is expired, you can now download a new certificate from the Cisco Talos Intelligence Services portal using the cloudserviceconfig > fetchcertificate sub-command in the CLI.

Security Enhancements

AsyncOS 14.0 includes the following security enhancements:

  • The email gateway now sends the Cisco Technical Support requests over TLS. If your SMTP server is not using TLS, the requests are sent as plain text.
  • You can now configure your email gateway to send alerts over TLS. Use the following subcommand in the CLI to configure this functionality: alertconfig > SETUP > Do you want to enable TLS support to send alert messages?

Support for Internationalized Domain Name (IDN)

Cisco Secure Email Gateway can now receive and deliver messages with email addresses that contain IDN domains.

Currently, your email gateway provides support of IDN domains for the following languages only:

  • Indian Regional Languages: Hindi, Tamil, Telugu, Kannada, Marati, Punjabi, Malayalam, Bengali, Gujarati, Urdu, Assamese, Nepali, Bangla, Bodo, Dogri, Kashmiri, Konkani, Maithili, Manipuri, Oriya, Sanskrit, Santali, Sindhi, and Tulu.
  • European and Asian Languages: French, Russian, Japanese, German, Ukrainian, Korean, Spanish, Italian, Chinese, Dutch, Thai, Arabic, and Kazakh.

Video: Support for International Domain Name (IDN)

No Support for Sender Domain Age functionality post AsyncOS 14.0 Release

There will be no support for the Sender Domain Age functionality post the AsyncOS 14.0 release. The Sender Domain Age functionality will be replaced with the Sender Maturity feature.

Sender Maturity represents the Cisco Talos view of how mature a domain is as an email sender. The maturity value is tuned to enable threat detection regarding emails and generally does not reflect the domain age represented in “Whois-based domain age.”

Sender Maturity is set to a limit of 90 days, and beyond this limit, a domain is considered mature as an email sender, and no further details is provided.

Sender Maturity is used to calculate the sender reputation. Immature domains are assigned lower reputation. Cisco Talos recommends you rely on sender reputation only for determining policy actions. Sender Maturity is exposed to fine-tune filters for specific, non-standard scenarios.

📘

Note

Cisco Talos does not manually adjust maturity for domains but relies on automated systems and sensors to determine the most appropriate value.

Alert or Notification Banner for End-of-Life (EOL) or End-of-Service (EOS) AsyncOS Version or Hardware Model

You will now receive an alert or notification banner message on your email gateway web interface or CLI, if your email gateway is running on an End-of-Life (EOL) or End-of-Service (EOS) AsyncOS version or hardware model.

Virtual Email Gateway Support for Amazon Web Services (AWS)

You can deploy Cisco Secure Email Virtual Gateway on Amazon Elastic Compute Cloud (EC2) on Amazon Web Services (AWS).

Contact your Cisco sales representative with your AWS account details (username and region) to provision an AMI image.

Support for Cloud Connector Logging

The email gateway now supports a new type of log subscription - Cloud Connector Logs. Use this log subscription to view information about Web Interaction Tracking data from Cisco Aggregator Server. Most of the information is present at the Info or Warning Level.

Enhancement for Request Retry Method of File Reputation Service

You can now set the reputation query timeout value within the range of 20–30 seconds while configuring the file reputation and analysis services (Security Services > File Reputation and Analysis). The default value is 20, which is the minimum value.

During the configured query timeout, the email gateway sends the file reputation queries to the AMP server. If the email gateway fails to receive response from the AMP server, it retries by sending the query again to the AMP server. The query timeout includes the time taken for the first query
request and the retry request.

The retry method enables the email gateway to receive responses when there are network latencies, issues related to the AMP server, and so on.

New Cisco Talos Email Status Portal

The Cisco Talos Email Status Portal replaces the legacy Cisco Email Submission and Tracking Portal.

The Cisco Talos Email Status Portal is a web-based tool for monitoring the status of email submissions from end-users.

Important:

Authentication Logs Enhancement

You can now view the user privilege role details (for example, ‘admin,’, ‘operator,’ and so on) of the logged-in user in the authentication logs.

Office 365 or Hybrid (Graph API) Remediation Account Profile Configuration Enhancement

You can now validate the client credentials for the Office 365 or Hybrid (Graph API) remediation account profile using the Client Secret value of the application generated on the Azure Management Portal.

New Passphrase Rule for defining login passphrases

A new passphrase rule is added in your email gateway to define your login passphrase:
Avoid usage of passphrases that contain three or more repetitive or sequential characters, (for example, ‘A[email protected],’ ‘[email protected],’ and so on.)

You can configure this passphrase rule in any one of the following ways:

  • System > Administration > Users > Local User Account & Passphrase Settings > Reject three or more repetitive or sequential characters in passphrases check box in the web interface.
  • userconfig > POLICY > PASSWORDSTRENGTH > Reject passphrases that contain three or more repetitive or sequential characters? [Y]> command in the CLI

Creating system-generated passphrases

In addition to creating a login passphrase manually, you can now also create a system-generated passphrase to log in to your email gateway.

You can configure the system-generated passphrase in any one of the following ways:

  • Options > Change Passphrase page in the web interface.
  • System Administration > System Setup Wizard page in the web interface.
  • System Administration > Users > Add Local User page in the web interface.
  • passphrase or passwd commands in the CLI.

Performing FQDN Validation for Certificates

You can configure your email gateway to perform FQDN validation for certificates in the following scenarios:

  • Importing a custom certificate.
  • Creating a self-signed S/MIME certificate.
  • Creating a self-signed certificate.
  • Importing a custom Certificate Authority (CA) list.

📘

Note

You can also perform FQDN validation for email gateway certificates that contain IDN domains.

Performing FQDN Validation for Peer Certificate during SSL Communication

You can configure your email gateway to perform FQDN validation for peer certificate in System Administration > SSL Configuration page in the web interface.

The FQDN validation is applicable for the following services:

  • Outbound SMTP
  • LDAP
  • Updater
  • Alert over TLS

📘

Note

You can perform FQDN validation for peer certificates that contain IDN domains for the ’Outbound' SMTP services only.

Performing x509 Validation for Peer Certificate during SSL Communication

You can configure your email gateway to perform x509 validation for peer certificate in System Administration > SSL Configuration page in the web interface.

The x509 validation is applicable for the following services:

  • Outbound SMTP
  • LDAP
  • Updater
  • Alert over TLS

Consolidated Event Logs Enhancement

Following are the enhancements made to the 'Consolidated Event Logs' log type:
• A new log field - Message Size is added in the ’Consolidated Event Logs’ log type to view the message size in the single log line output.
• You can now view the size of the attachment in the message in a single log line output.

Steps:
a. Select the 'File(s) Details' log field when configuring the log subscription for the Consolidated Event Logs.
b. Configure a message filter rule as follows:

Custom_ Log_Entry: if (true) {
log-entry("$filesizes");

OR

Configure the Add Log Entry content filter action by adding the customized text as ‘$filesizes.’

Enhancement for Request Retry Method of File Reputation Service

You can now set the reputation query timeout value within the range of 20–30 seconds while configuring the file reputation and analysis services (Security Services > File Reputation and Analysis). The default value is 20, which is the minimum value.

During the configured query timeout, the appliance sends the file reputation queries to the AMP server. If the appliance fails to receive response from the AMP server, it retries by sending the query again to the AMP server. The query timeout includes the time taken for the first query request and the retry request.

The retry method enables the appliance to receive responses when there are network latencies, issues related to the AMP server, and so on.

Rebranded Product and Related Documentation

We have rebranded the product and related documentation as follows:

Old TerminologyRebranded Terminology
Cisco Email Security ApplianceCisco Secure Email Gateway
Cisco Cloud Email Security ApplianceCisco Secure Email Cloud Gateway
Cisco Content Security Management ApplianceCisco Secure Email and Web Manager

Need more information on rebranding? Cisco Secure portfolio naming architecture

Bias-Free Terminology Usage in Product and Related Documentation

We have removed all bias terms in the product and related documentation.

The following table shows the list of bias terms replaced with the new bias-free terms:

Bias TermsBias-Free Terms
whitelistallowed list
blacklistblocked list
masterprimary
slavesecondary
blackholesink hole

Did this page help you?