Cisco Email Security Appliance: Product overview
Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.
The Cisco Email Security Appliance is an email security gateway product. It is designed to detect and block a wide variety of email-borne threats, such as malware, spam and phishing attempts. Because so many of today's attacks occur through email messages, having an email security gateway has become a necessity for most organizations.
Cisco Email Security Appliance product versions
The Cisco Email Security Appliance (ESA) is available for cloud architectures, local hardware appliance deployments, virtual appliance deployments and hybrid architectures.
There are six models of the hardware appliance:
- C170 -- for small to midsize organizations, up to 2000 users
- C370 -- for midsize organizations, up to 10,000 users
- C380 -- similar to C370, but with more capable hardware
- C670 -- higher-performing product for midsize and large organizations
- C680 -- similar to C670, but with more capable hardware
- X1070 -- for large organizations and service providers
Also, note that the virtual appliance version is also known as the Cisco Email Security Virtual Appliance (ESAV). The ESAV is designed to run on a VMWare ESXi hypervisor.
The Cisco ESAs, including deployments that use multiple architectures -- cloud, hybrid, hardware appliance and virtual appliance -- may be managed with the Cisco Security Management Appliance (SMA). It is available in three models: M170, up to 1000 users; M380, up to 10,000 users; and M680, 10,000 or more users.
Security capabilities
In addition to the basic security capabilities of antivirus, antimalware, antiphishing and antispam, the Cisco ESA offers several advanced capabilities. Some of these advanced capabilities are bundled in the optional Advanced Malware Protection (AMP) solution. AMP offers sandboxing for suspicious files, file reputation services and file retrospection services. The Cisco ESA also offers threat intelligence that is updated at least every five minutes to help detect the latest threats.
Cisco ESAs provide data loss prevention (DLP) and email encryption services for outbound email. These services help protect the confidentiality of sensitive data being sent to external recipients.
Detection accuracy
The Cisco ESA has a stated spam detection rate of over 99% and a false positive rate of less than one in a million.
Licensing
Licensing for the Cisco ESA is user-based, mailbox-based, with license terms of one, three and five years available. This licensing includes software updates and technical support. There is an additional licensing fee to use the AMP bundle of security features.
Cisco Email Security Appliance overview
Compared to most email security gateway products, the Cisco Email Security Appliance supports a wider range of organizations and deployment models. Few products support cloud, hybrid, local hardware appliance and virtual appliance deployments. The cloud, hybrid and virtual appliances can readily be scaled to detect email threats for organizations of nearly any size. The hardware appliances are also available in a variety of sizes, although the smallest organizations may not need much of the processing power that the lowest-end hardware appliance provides. Such organizations would probably do better with a cloud solution.
Another factor in the Cisco ESA's favor is its security capabilities. It offers all the fundamentals plus sandboxing, threat intelligence, data loss prevention and email encryption services. Few other products support all four of these advanced capabilities. In part because of the use of sandboxing and threat intelligence, the Cisco ESA also has the same spam detection rate as other email security gateway products, plus a stellar false positive rate of less than one in a million.
In summary, there is a Cisco ESA option to meet virtually every organization's security needs.
