Security Hands-On Lab
|
|
- Melvin Simpson
- 5 years ago
- Views:
Transcription
1
2 Security Hands-On Lab Ehsan A. Moghaddam Consulting Systems Engineer Nicole Wajer Consulting Systems Engineer LTRSEC-2009
3 Ehsan & Nicole Ehsan Moghaddam Consulting Systems EMEAR (ME) Joined Cisco Aug 2015 Content Security Nicole Wajer Consulting Systems EMEAR (North) Joined Cisco Dec 2007 Now Content Security & IPv6 LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Agenda SMTP Overview Cisco Security Pipeline Lab Exercise 0: Introduction & Installation (Mandatory) Lab Exercise 1: End User Message Flow, ISQ Notifications and Graymail Management Lab Exercise 2: Preventing Phishing Attacks with Anti-Spam and Outbreak Filters Lab Exercise 3: Preventing Advanced Persistent Attacks with AMP Lab Exercise 4: Using URL Categorization and URL Reputation
7 Agenda - Continued Lab Exercise 5: Envelope Encryption Lab Exercise 6: Preventing External Domain Spoofing with DMARC Lab Exercise 7: Preventing Internal Domain Spoofing Lab Exercise 8: High Volume Mail Flow Management
8 For Your Reference There are (many...) slides in your print-outs that will not be presented. They are there For your Reference For Your Reference LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 SMTP Overview
10 SMTP Conversation Overview DNS MX Records presidentclinton.com IN MX mx.presidentclinton.com mx.presidentclinton.com IN A mail.trump.com MTA Internet mx. presidentclinton.com MTA Envelope Header Body Cisco IronPort C-Series To: hillary@presidentclinton.com exchange.presidentclinton.com donald@trump.com LTRSEC-2009 hillary@exchange.presidentclinton.com 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Sample: SMTP Conversation mail.trump.com Envelope Headers Body SYN ACK SYN/ACK << 220 mx.presidentclinton.com ESMTP >> HELO mail.trump.com << 250 mx.presidentclinton.com >> MAIL FROM: << 250 sender ok >> RCPT TO: << 250 recipient ok >> DATA << 354 go ahead >> From: Donald >> To: Hillary >> Subject: Banned From Traveling! :-( >> Date: Tue, 21 February :57: >> >> >> Hillary!! >> I have signed a new executive order >> That bans you from traveling to Germany! >> -Trump >>. << 250 ok >> QUIT << 221 mx.presidentclinton.com mx.presidantclinton.com Cisco and/or its affiliates. All rights reserved. Cisco Public
12 Why DNS is important? MX records tell us the next hop. A and PTR gives us the real hostname and we can compare with the greeting. SPF, DKIM and DMARC records. RBL and Reputation LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Cisco Security Pipeline
14 Cisco Talos (Centralized Threat Intelligence) Update: URL Intelligence FirePower Appliance AMP for EndPoint SBRS Updates Update: Outbreak Filters Rules Update: Sophos & McAfee Update: DLP File Reputation Check Retrospection File Reputation File Reputation Check Retrospection Update: File Reputation ThreatGrid Sandbox Unknown files uploaded to VRT Sand Behavioral analysis uploaded SBRS Servers Update: IPAS, IMS, Graymail Known File Reputation Retrospection data (downloaded) Unknown files are uploaded to VRT sandboxing Incoming Flow SBRS DNS Query/Response Clean s delivered SBRS Reputation Deny:: 88-93% of All Attempted SPF, DKIM, DMARC Dual Spam Engines Signature-Based Malware Scanners New CASE 3.5 Sophos, Webroot, McAfee (With URL Intelligence) Graymail & Graymail Safe UnSubscribe Advanced Malware Protection Content Filters Outbreak Filters URL Category On-board Phishing DB URL WBRS Reputation URL Intelligence Outbreak Rules from Talos & Contextual Data from CASE Drop or Quarantine, etc Outbreak Quarantine Replace URL with Text Rewrite URL to redirect to CWS Defang URL ***Web InteractionTracking Rewrite URL to redirect to CWS ***Web Interaction Tracking Deny: Bad Reputation Senders Drop: Spam and Marketing Drop: Signature-based malware Drop: s with known bad file reputation LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Cisco Security is backed by unrivaled global threat intelligence 100 TB Of Data Received Daily 1.5 MILLION Daily Malware Samples 600 BILLION Daily Messages with SenderBase III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00 III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I 00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000 0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I 250+ Full Time Threat Intel Researchers MILLIONS Of Telemetry Agents 4 Global Data Centers 16 BILLION Daily Web Requests Operations Over 100 Threat Intelligence Partners Deploy the world's largest traffic monitoring network Leverage industry-leading threat analytics LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Block fraudulent senders DMARC, DKIM and SPF Cisco Security TrustedPartner.com Signed Delete TrustedPartner.com Fraudulent SPF Checks if mail from a domain is being sent from an authorized host DNS DMARC Ties SPF and DKIM results to 'From' header Send Verified DKIM Matches public key to sender domain s private key records Quarantine Determine whether a sender is reputable Inspect sender details on inbound messages Block invalid senders and identify next steps LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 It s built with industry-leading spam protection Anti-spam processing / Context Adaptive Scanning Engine (CASE) Cisco Anti-Spam Block Cisco Security Who sent the message? What Is the content? How was the message constructed? Where does the call to action take you? Forward O365 Mail Server Quarantine Review sender reputation, URL reputation, and message content Block spam with 99% accuracy with fewer than 1:1M false positives Quarantine suspicious messages for additional review LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Separate what matters from what doesn t Graymail detection and safe unsubscribe Mark Up Messages Graymail Detection Modify subject Add x-header Add Safe Unsubscribe Link Safe unsubscribe unsubscribe here Bulk Social Network Marketing Unsubscribe engine Quarantine / Block Graymail warning added to banner of Identify messages that aren t spam Categorize incoming bulk, marketing, and social networking s Provide users a method to safely unsubscribe LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Block known and zero-day viruses Anti-virus processing Outbreak Filters Block Block Multiple detection methods: Pattern matching Emulation technology Advanced heuristic techniques Forward Zero-Hour Virus and Malware Detection.DOC.EXE.LNK Updates every 12 hours.pdf Quarantine Determine what actions to take on viral messages Real time security updates that prevent new malware Also receive AV Signature updates regularly Quarantine Determine whether anomalies are zero-day threats Scan attachments for known viruses Forward clean s to additional security checks Defend against zeroday malware LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Detect and contain advanced threats quickly Advanced Malware Protection (AMP) File Reputation File Sandboxing File Retrospection? Advanced Analytics Dynamic analysis 560+ indicators.sys.doc.exe.lnk.pdf.scr Unknown Clean Malicious Known Signatures Fuzzy Fingerprinting Indications of compromise Block known malware Investigate files safely Auto-remediate threats in O365 Gain visibility into messages trying to enter the network LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Control which s cross the network Content Filters Content Filters Rewrite URL Cisco Cloud Web Proxy Defang / Block BLOCKEDwww.proxy.org BLOCKED URL reputation and categorization Replace with Text This URL is blocked by policy Admin Customize filters in three different ways for additional security Easily enforce business and compliance policies LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 SMTP Envelope Protect against spoofing attacks Forged Detection Pre-processing Inspects the SMTP envelope address: $ telnet mail-smtp-in.l.mail.com 25 Trying Connected to mail-smtp-in.l.mail.com. Escape character is '^]'. Recipient Domain Compare against Company directory 220 mx.mail.com ESMTP i11si wmh.67 - gsmtp From: Chuck <chuck.robbins@mail.com> Subject: [URGENT] Need help transferring funds HELO mail.outside.com Sending Domain 250 mx.mail.com at your service MAIL FROM:<adam@outside.com> Actual Sender OK i11si wmh.67 - gsmtp RCPT TO:<alan@mail.com> Allison Johnson Barry Smith Chuck Robbins Dave Tucker From: adam@outside.com Subject: {Possibly Forged} [URGENT] Need help transferring funds OK i11si wmh.67 gsmtp Data Post-processing Inspect SMTP envelope for sender address Match sender address against company directory Send appended mail to warn users of potential forgery Record a log of attempts and actions taken LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Detect targeted or blended attacks automatically Outbreak Filters Outbreak Filters Rewritten message From: Bank.com To: Bob Smith Subject: Suspicious mail Cisco Cloud Web Proxy Site validated Forward Warning! This contains suspicious content Prepend subject line Hello John, Access your account here. Add threat warning Site blocked Rewrite URLs Block Dynamic quarantine Block Block all known threats with Talos Quarantine s with suspicious URLs Modify s to protect end-user Redirect traffic to protect from malicious links LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Lab Exercise 0: Introduction & Installation (Mandatory)
25 Gold Lab Access Class Name: niwajer_v20652 LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Lab Exercise 0: Introduction & Installation (Mandatory) Background: Your lab pod topology is composed of resources both inside and outside of the enterprise domain alpha.com. The gateway, Security Appliance or ESA, controls the mail flow between the outside and inside mailboxes. In this Lab 0 you will be familiarizing yourself with these resources and performing an installation via the System Setup Wizard and LDAP configuration wizard. You will access the following devices : o XP Management Client (via RDP) o ESA (via PuTTY telnet and web based login) o Outside Mail Client o Exchange Mail Client o Notes Mail Client Note: Following the completion of Lab 0, you can perform any of the other labs 1 9 independently or in series without interference. LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Lab Topology LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Lab Exercise 1: End User Message Flow, ISQ Notifications and Graymail Management
29 Lab Exercise 1: End User Message Flow, ISQ Notifications and Graymail Management Lab 1 goals are: o Drop positive spam o Quarantine suspect spam o Detect and Classify Graymail o Provide a safe method for users to Unsubscribe from Graymail o Use LDAP groups to define which recipients will receive Spam Quarantine Notifications, and those that do not. o Create a mail policy for messages from a trusted sender to bypass the Anti-spam engine when destined to a specific recipient LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Lab Exercise 2: Preventing Phishing Attacks with Anti-Spam and Outbreak Filters
31 Lab Exercise 2: Preventing Phishing Attacks with Anti-Spam and Outbreak Filters Lab 2 goals are: o Demonstrate remediation of messages with suspicious URLs by anti-spam engine o Demonstrate remediation of phish attacks by outbreak filters. o Using WBRS, Identify messages with URLs that must be rewritten for redirection through the web proxy. o Identify messages with URL categories that must be blocked. o Use Drill-Down reporting to identify remediation of phishing attacks. o Enable Web Interaction Tracking to track malicious URLs in s, and the recipients who clicked on them LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Lab Exercise 3: Preventing Advanced Persistent Attacks with AMP
33 Lab Exercise 3: Preventing Advanced Persistent Attacks with AMP Lab 3 goals are: o o o o o Verify licensing and operation of Advanced Malware Protection Verify connectivity to the reputation service Use scripts to deliver both known and unknown viral attacks Deliver both well known and unknown viral files (APTs) through the ESA Observe remediation of (APTs) LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Lab Exercise 4: Using URL Categorization and URL Reputation
35 Lab Exercise 4: Using URL Categorization and URL Reputation Lab 4 goals are: o o Import a Text Record that details the corporate Anti-Gambling Policy so that recipients can be warned. Use URL Categorization and Web Interaction Tracking to track recipient click activity on gambling sites. LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Lab Exercise 5: Envelope Encryption
37 Lab Exercise 5: Envelope Encryption Lab 5 goals are: o o o o Auto Registration of CRES administrator Create No Auth Envelope and enable Secure Reply Create Content Filter using Attachment Filename dictionary match Demonstrate the Undo Commit feature LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Lab Exercise 6: Preventing External Domain Spoofing with DMARC
39 Lab Exercise 6: Preventing External Domain Spoofing with DMARC Lab 6 goals are: o o o o Identify what domains have DMARC records published and how to interpret them Configure DMARC verification for incoming messages. Send legitimate and illegitimate messages through the ESA and see how they are remediated by DMARC Recognize the limitations of DMARC LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Lab Exercise 7: Preventing Internal Domain Spoofing
41 Lab Exercise 7: Preventing Internal Domain Spoofing Lab 7 goals are: o Remediate mail from Argument Abuse o Remediate From Header Abuse o Remediate Cousin Domain Abuse o Remediate Free Account Abuse LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Lab Exercise 8: High Volume Mail Flow Management
43 Lab Exercise 8: High Volume Mail Flow Management Lab 8 goals are: o o o o o Use scripts to deliver a flood of messages inbound from multiple mail domains to simulate a DOS attack. Use scripts to deliver a flood of messages outbound from multiple internal mail servers. Selectively rate limit both inbound and outbound mail flows Create reports on domains being rate limited. Use message tracking to determine if a message was dropped due a rate limiting policy. LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Continue Your Education Demos in the World of Solutions Security Area Meet the Expert 1:1 meetings Meet Nicole Wajer / Ehsan A. Moghaddam #CLEUR you can watch all recordings BRKSEC How to make spam your best friend on your appliance Tuesday 11:15 BRKSEC I wonder where that Phish has gone Tuesday at 16:45 LALSEC Lunch and Learn - Cisco Security - Wednesday 22 February 13:00-14:30 BRKSEC AMP Threat Grid integrations with Web, and Endpoint Security - Thursday 11:30 LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public
46 Cisco Spark Ask Questions, Get Answers, Continue the Experience Use Cisco Spark to communicate with the Speaker and fellow participants after the session Download the Cisco Spark app from itunes or Google Play 1. Go to the Cisco Live Berlin 2017 Mobile app 2. Find this session 3. Click the Spark button under Speakers in the session description 4. Enter the room, room name = LTRSEC Join the conversation! The Spark Room will be open for 2 weeks after Cisco Live LTRSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Thank You
48
Secure solutions for advanced threats
Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security
More informationCisco and Web Security News
Cisco Email and Web Security News Threat-centric email and web security Dragan Novakovic Security Consulting Systems Engineer dnovakov@cisco.com Email is still the #1 threat vector Phishing leaves businesses
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationHow to make spam your best friend on your appliance
How to make spam your best friend on your e-mail appliance Nicole Wajer Consulting Systems Engineer BRKSEC-2325 Abstract Spam has plagued the Internet pretty much since its inception. For a while it appeared
More informationUsing Centralized Security Reporting
This chapter contains the following sections: Centralized Email Reporting Overview, on page 1 Setting Up Centralized Email Reporting, on page 2 Working with Email Report Data, on page 4 Understanding the
More informationUnderstanding the Pipeline
This chapter contains the following sections: Overview of the Email Pipeline, page 1 Email Pipeline Flows, page 2 Incoming / Receiving, page 4 Work Queue / Routing, page 6 Delivery, page 10 Overview of
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationWe re ready. Are you?
We re ready. Are you? Defense against Multi-Vector Threats with Cisco Email and Web Security Usman Din Consulting Systems Engineer Agenda Threat Landscape Email and Web Solutions: Reputation Filtering
More informationModern attacks and malware
Modern attacks and malware Everything starts with an email and web Dragan Novakovic Cisco Systems New Cyber Threat Reality Your environment will get breached You ll most likely be infected via email Hackers
More informationTest-king q
Test-king 700-280 64q Number: 700-280 Passing Score: 800 Time Limit: 120 min File Version: 28.5 http://www.gratisexam.com/ 700-280 Email Security for Field Engineers Passed on 2-02-15 with an 890. Dump
More informationAnti-Spam. Overview of Anti-Spam Scanning
This chapter contains the following sections: Overview of Scanning, on page 1 How to Configure the Appliance to Scan Messages for Spam, on page 2 IronPort Filtering, on page 3 Cisco Intelligent Multi-Scan
More informationVendor: Cisco. Exam Code: Exam Name: ESFE Cisco Security Field Engineer Specialist. Version: Demo
Vendor: Cisco Exam Code: 650-153 Exam Name: ESFE Cisco Email Security Field Engineer Specialist Version: Demo Question No : 1 In the C-160's factory default configuration, which interface has ssh enabled
More informationCisco Security: Advanced Threat Defense for Microsoft Office 365
Cisco Email Security: Advanced Threat Defense for Microsoft Office 365 Microsoft Office 365 has become the standard productivity platform in organizations large and small around the world. It is a cost-effective
More informationAnti-Spam. Overview of Anti-Spam Scanning
This chapter contains the following sections: Overview of Scanning, on page 1 How to Configure the Appliance to Scan Messages for Spam, on page 2 IronPort Filtering, on page 3 Cisco Intelligent Multi-Scan
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationTracking Messages
This chapter contains the following sections: Tracking Service Overview, page 1 Setting Up Centralized Message Tracking, page 2 Checking Message Tracking Data Availability, page 4 Searching for Email Messages,
More informationESFE Cisco Security Field Engineer Specialist
ESFE Cisco Email Security Field Engineer Specialist Number: 650-153 Passing Score: 825 Time Limit: 60 min File Version: 4.3 http://www.gratisexam.com/ Exam A QUESTION 1 In the C-160's factory default configuration,
More informationChapter 1: Content Security
Chapter 1: Content Security Cisco Cloud Web Security (CWS) Cisco offers Cisco Cloud Web Security (CWS) to protect End Stations and Users devices from infection. Cisco Cloud Web Security (CWS) depends upon
More informationSecurity Experts Webinar
Security Experts Webinar Content Security Email and Web Fabio Panada Consulting Systems Engineer Security Mauro Pellicioli Systems Engineer May 2016 Content Security - Agenda Threat Landscape Cisco Approach
More informationPineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO
PineApp Mail Secure SOLUTION OVERVIEW David Feldman, CEO PineApp Mail Secure INTRODUCTION ABOUT CYBONET CORE EXPERIENCE PRODUCT LINES FACTS & FIGURES Leader Product Company Servicing Multiple Vertical
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationFor example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.
About Anti-Spam NOTE: Anti-Spam is a separate, licensed feature that provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing firewall.
More informationOffice 365 Integration Guide Software Version 6.7
rat Office 365 Integration Guide Software Version 6.7 Guide Version 6.7.061418 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction...3 1.1 Email Flow Explanation...3
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationSecuring Your Business Against the Diversifying Targeted Attacks Leonard Sim
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1 Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
More informationCloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection
Cloud Email Security & Advance Threat Protection Cloud Email Security & Advance Threat Protection Overview Over the years Cyber criminals have become more inventive in their attack methods to infiltrate
More informationManaging Graymail. Overview of Graymail. Graymail Management Solution in Security Appliance
This chapter contains the following sections: Overview of Graymail, on page 1 Graymail Management Solution in Email Security Appliance, on page 1 How Graymail Management Solution Works, on page 2 Configuring
More informationDefining Which Hosts Are Allowed to Connect Using the Host Access Table
Defining Which Hosts Are Allowed to Connect Using the Host Access Table This chapter contains the following sections: Overview of Defining Which Hosts Are Allowed to Connect, page 1 Defining Remote Hosts
More informationTrendMicro Hosted Security. Best Practice Guide
TrendMicro Hosted Email Security Best Practice Guide 1 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. The names of companies,
More informationDefining Which Hosts Are Allowed to Connect Using the Host Access Table
Defining Which Hosts Are Allowed to Connect Using the Host Access Table This chapter contains the following sections: Overview of Defining Which Hosts Are Allowed to Connect, on page 1 Defining Remote
More informationCisco Security:
Cisco Email Security: Best Practices and Fine Tuning Usman Din, Product Manger Email Security BRKSEC-2131 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this
More informationCisco Security. Deployment and Troubleshooting. Raymond Jett Technical Marketing Engineer, Cisco Content Security.
Cisco Email Security Deployment and Troubleshooting Raymond Jett Technical Marketing Engineer, Cisco Content Security Cisco Secure 2014 1 Agenda Email Security Deployment Devices Deployment Methods Virtual
More informationContent Filters. Overview of Content Filters. How Content Filters Work. This chapter contains the following sections:
This chapter contains the following sections: Overview of, page 1 How Work, page 1 Content Filter Conditions, page 2 Content Filter Actions, page 9 How to Filter Messages Based on Content, page 17 Overview
More informationCisco Download Full Version :
Cisco 650-153 ESFE Cisco Email Security Specialist Field Engineer Download Full Version : http://killexams.com/pass4sure/exam-detail/650-153 QUESTION: 90 When a message is matched on by a DLP policy, and
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-207 Title : Implementing Cisco Threat Control Solutions (SITCS) Vendor : Cisco Version : DEMO Get Latest & Valid
More informationSender Reputation Filtering
This chapter contains the following sections: Overview of, on page 1 SenderBase Reputation Service, on page 1 Editing Score Thresholds for a Listener, on page 4 Entering Low SBRS Scores in the Message
More informationTracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:
This chapter contains the following sections: Message Tracking Overview, page 1 Enabling Message Tracking, page 1 Searching for Messages, page 2 Working with Message Tracking Search Results, page 4 Checking
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationComprehensive Setup Guide for TLS on ESA
Comprehensive Setup Guide for TLS on ESA Contents Introduction Prerequisites Requirements Components Used Background Information Functional Overview and Requirements Bring Your Own Certificate Update a
More informationCOSC 301 Network Management. Lecture 14: Electronic Mail
COSC 301 Network Management Lecture 14: Electronic Mail Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 14: Electronic Mail 1 Today s Focus Electronic Mail -- How does it work? -- How
More informationAnti-Spoofing. Inbound SPF Settings
Anti-Spoofing SonicWall Hosted Email Security solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging
More informationGetting Started with the Cisco Cloud Security
Getting Started with the Cisco Cloud Email Security This chapter contains the following sections: What's New in Async OS 11.1, on page 1 What s New in Async OS 11.0, on page 4 Where to Find More Information,
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationAnti-Virus. Anti-Virus Scanning Overview. This chapter contains the following sections:
This chapter contains the following sections: Scanning Overview, page 1 Sophos Filtering, page 2 McAfee Filtering, page 4 How to Configure the Appliance to Scan for Viruses, page 6 Sending an Email to
More informationSolarWinds Mail Assure
TECHNICAL PRODUCT DATASHEET SolarWinds Mail Assure Email Protection & Email Archive SolarWinds Mail Assure provides best-in-class protection against email-based threats, such as spam, viruses, phishing,
More informationhttp://ignite.office.com Spam Protect communications Enforce policy Streamlined management On Premise Corporate Network EOP O365 Exchange Online Every Office 365 customer is an EOP customer Easy transition
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationHow-To Configure Mailbox Auto Remediation for Office 365 on Cisco Security
How-To Configure Mailbox Auto Remediation for Office 365 on Cisco Email Security Beginning with AsyncOS 10.0 1 2017 2017 Cisco Cisco and/or and/or its affiliates. its affiliates. All rights All rights
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationOutbreak Filters. Overview of Outbreak Filters. This chapter contains the following sections:
This chapter contains the following sections: Overview of, page 1 How Work, page 2 How the Feature Works, page 8 Managing, page 11 Monitoring, page 20 Troubleshooting The Feature, page 21 Overview of protects
More informationGFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall
GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall Features GFI MailEssentials Barracuda Spam Firewall Integrates with Microsoft Exchange Server 2007/2010/2013 Scans incoming and outgoing
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-207 Exam Name: Implementing Cisco Threat Control Solutions Version: Demo DEMO QUESTION 1 When learning accept mode is set to auto, and the action is set to rotate, when is
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationFranzes Francisco Manila IBM Domino Server Crash and Messaging
Franzes Francisco Manila IBM Domino Server Crash and Messaging Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations
More informationDell SonicWALL Security 8.2. Administration Guide
Dell SonicWALL Email Security 8.2 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software
More informationIronPort C100 for Small and Medium Businesses
I R O N P O R T E M A I L S E C U R I T Y A P P L I A N C E S S I M P L E I N S TA L L AT I O N, E A S Y M A N A G E M E N T, A N D P O W E R F U L P R O T E C T I O N F O R Y O U R E M A I L I N F R A
More informationUsing Trustwave SEG Cloud with Cloud-Based Solutions
.trust Using Trustwave SEG Cloud with Cloud-Based Email Solutions Table of Contents About This Document 1 1 Trustwave SEG Cloud for Anti-Malware with Cloud-Based Email Solutions 2 2 Networking and DNS
More informationContents. Introduction. WSA WebBase Network Participation
Contents Introduction WSA WebBase Network Participation ESA SenderBase Network Participation General Security Concerns FAQ Operation SenderBase (Email) Network Participation Statistics shared per Emailappliance
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationComodo Dome Antispam Software Version 6.0
St rat Comodo Dome Antispam Software Version 6.0 Admin Guide Guide Version 6.6.051117 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Dome Anti-spam...
More informationInnovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security
Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018 Challenges 2017
More informationSymantec Security.cloud
Data Sheet: Messaging Security filters unwanted messages and protects mailboxes from targeted attacks. The service has selflearning capabilities and Symantec intelligence to deliver highly effective and
More informationUsing Trustwave SEG Cloud with Exchange Online
.trust Using Trustwave SEG Cloud with Exchange Online Table of Contents About This Document 1 1 Trustwave SEG Cloud for Anti-Malware with Exchange Online 2 2 Networking and DNS Setup 2 3 Provisioning Trustwave
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationGFI product comparison: GFI MailEssentials vs. McAfee Security for Servers
GFI product comparison: GFI MailEssentials vs. McAfee Security for Email Servers Features GFI MailEssentials McAfee Integrates with Microsoft Exchange Server 2003/2007/2010/2013 Scans incoming and outgoing
More informationMail Assure Quick Start Guide
Mail Assure Quick Start Guide Version: 11/15/2017 Last Updated: Wednesday, November 15, 2017 CONTENTS Getting Started with Mail Assure 1 Firewall Settings 2 Accessing Mail Assure 3 Incoming Filtering 4
More informationAgenda: Insurance Academy Event
Agenda: Insurance Academy Event Drs Ing René Pluis MBA MBI Cyber Security Lead, Country Digitization Acceleration program the Netherlands The Hague, Thursday 16 November Introduction Integrated Security
More informationSecurity Deployment Guide. Revision: H2CY10
Email Security Revision: H2CY10 Who Should Read This Guide This guide is intended for the reader with any or all of the following: 100 1000 connected employees Up to 20 branches with approximately 25 employees
More informationStep 2 - Deploy Advanced Security for Exchange Server
Step 2 - Deploy Advanced Email Security for Exchange Server Step 1. Ensure Connectivity and Redundancy Open your firewall ports to allow the IP address ranges based on your Barracuda Email Security Service
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationSophos Central Admin. help
help Contents About Sophos Central...1 Activate Your License... 2 Overview...3 Dashboard... 3 Alerts...4 Logs & Reports... 15 People...31 Devices... 41 Global Settings... 57 Protect Devices... 90 Endpoint
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationFortinet.Certdumps.FCESP.v by.Zocki.81q. Exam Code: FCESP. Exam Name: Fortinet Certified Security Professional
Fortinet.Certdumps.FCESP.v2014-03-05.by.Zocki.81q Number: FCESP Passing Score: 600 Time Limit: 105 min File Version: 18.5 http://www.gratisexam.com/ Exam Code: FCESP Exam Name: Fortinet Certified Email
More informationSecurity Protection
Email Security Protection Loay Alayadhi Abstract: Email is the most important business communication tool. Security has been an issue in mail from ancient times. Therefore, email security protection has
More informationPROTECTION. ENCRYPTION. LARGE FILES.
NoSpamProy PROTECTION. ENCRYPTION. LARGE FILES. All features at a glance With its three modules PROTECTION, ENCRYPTION, and LARGE FILES, NoSpamProy offers reliable protection from spam and malware, secure
More informationMail Assure. Quick Start Guide
Mail Assure Quick Start Guide Last Updated: Wednesday, November 14, 2018 ----------- 2018 CONTENTS Firewall Settings 2 Accessing Mail Assure 3 Application Overview 4 Navigating Mail Assure 4 Setting up
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationSophos Central Partner. help
help Contents About help...1 About...2 Dashboard... 3 Alerts...4 Logs... 5 Audit Logs...5 Sophos Central...7 Sophos Central customers...7 Sophos Central Licenses... 7 Managed Customer Usage... 9 Trial
More informationexam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT
156-730.exam Number: 156-730 Passing Score: 800 Time Limit: 120 min File Version: 1.0 CHECKPOINT 156-730 Check Point Accredited Sandblast Administrator Version 1.0 Exam A QUESTION 1 Regarding a proper
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationConfiguring Gmail (G Suite) with Cisco Cloud Security
Configuring Gmail (G Suite) with Cisco Cloud Email Security This document covers the steps required to integrate Cisco Cloud Email Security with Google G Suite for inbound and outbound email delivery.
More informationEnabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji
Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0 Bill Yazji byazji@cisco.com C O N T E N T S E C U R I T Y A M P B E S T P R A C T I C E S Overview: The vast majority of threats,
More informationIP Reputation Exchange security research
IP Reputation Exchange e-mail security research Prof. Dr. Norbert Pohlmann Institute for Internet Security if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de Content
More informationProteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro
Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro 2 Customer Challenges 3 Most Attacks Include Phishing Emails 5 Advanced Malware Difficult to
More informationSales Training
Sales Training Extensible Content Security 16.03.2010 2009 WatchGuard Technologies Market Opportunity Total Addressable Market, ($M) Total Addressable Market by Segment, ($M) 16,000 14,000 11.2% CAGR 16,000
More informationSOLUTION MANAGEMENT GROUP
InterScan Messaging Security Virtual Appliance 8.0 Reviewer s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationTHE CLOUD SECURITY CHALLENGE:
THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody
More informationEnterprise Protection for the Administrator
Enterprise Protection for the Administrator Overview The Proofpoint Protection course covers the protection tools that are available as part of the Proofpoint Suite, including our newest module, Targeted
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationProduct Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd
Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd Symantec Endpoint Protection Product Roadmap 1 Safe Harbor Disclaimer Any information regarding pre-release Symantec offerings,
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More information