Security Review (Optional)

Efficacy Guide using Cisco Secure Email

Additional Hardening Recommendations

Admins should always keep in mind who has access to the mail gateway. Please always be sure to have best practices for the following to keep your configuration safe:

Scanning of Password-protected Attachments

Starting with the AsyncOS 14.0 was made available.

  1. Security Services > Scan Behavior
  2. Click Edit Global Settings...
  3. In Scanning of Password-protected Attachments, click Enabled for Inbound Mail Traffic
  • Outbound Mail Traffic is optional
  1. In Probable Password for Analysis, click Enabled
  2. Define up to five (5) passwords in the setting
  3. Submit and Commit your configuration changes

Sender Domain Reputation

Sender Domain Reputation (SDR) was introduced in AsyncOS 12.0. This is enabled by default. Assure that you are running the minimum configuration of SDR:


Note: Cluster: Hosted_Cluster as this is Cloud Gateway

User Config

For your Gateway/Cloud Gateway, enforce 90-day passphrase expiration.

  1. System Administration > Users
  2. In Local User Account & Passphrase Settings, click Edit Settings...
  3. For Passphrase Reset, configure Require users to reset passphrases after 90 days
  4. Submit and Commit your configuration changes

Two-factor Authentication (2FA)

For your Gateway/Cloud Gateway, enable Two-factor Authentication.

  • More information is to be provided; check back for 2FA details.

Guide Checklist

At this time, we have completed the following:

Congratulations! You're at the end of the Efficacy Guide using Cisco Secure Email! Thank you for taking the time to step through this guide.

Up next, if you wish - ensure that you get full use and detection of URLs with our URL Defense Guide.

What’s Next