Advanced email protection for Microsoft 365 without message flow disruption. Detects phishing, malware, and insider threats using AI and metadata analysis. Ensures security and compliance with data protection requirements.
In today’s environment, where email remains the primary attack vector, Cisco Email Threat Defense offers an innovative approach to protecting email communications in Microsoft 365. Unlike traditional solutions, it uses direct API integration with the Microsoft 365 platform, which enables unprecedented transparency and protection of inbound, outbound, and especially internal emails. This architecture eliminates the need for changes to the email flow and enables rapid deployment with immediate benefits. The solution combines advanced analytics, machine learning, and threat intelligence from Cisco Talos to identify and block a variety of email threats including phishing, malware, business email compromise (BEC), and lateral movement of attackers within an organization.
Key features and functions
API integration with Microsoft 365: Direct connection without the need to change MX records enables implementation within just minutes. Benefits of our architecture:
- No changes to email flow
- Deployable within minutes
- Zero risk of undelivered emails
- High compliance
Internal communications transparency: Unique ability to monitor and protect user-to-user (east-west) email communications, allowing for the detection of attacker lateral movement and compromised accounts.
Advanced threat detection: The combination of traditional filters, machine learning, and behavior analysis allows for the detection of known and novel threats:
- Phishing and sophisticated social-engineering attacks
- Malware and ransomware
- Business Email Compromise (BEC) fraud
- Fraudulent emails from compromised accounts
- Context/Behavioral Analysis flags suspicious patterns
Automated remediation: When malicious messages are detected, the system automatically performs remediation, including message removal from mailboxes, using a direct API connection.
Privacy and compliance: Unique architecture where the full content of emails never leaves the Microsoft Azure environment – only metadata is extracted for analysis, ensuring strong data protection and regulatory compliance.
Integration with Secure Endpoint and Secure Malware Analytics: Interfacing with other Cisco Secure products provides additional context and advanced analysis of suspicious files.
Post-Delivery Remediation: Ability to respond to threats discovered after delivery, including the automatic removal of malicious emails from your inbox.
Trajectory and Conversation View: A detailed look at a message’s journey through your organization, complete with any related communications, for comprehensive forensic analysis.
How Cisco Email Threat Defense works
Email Threat Defense uses a combination of journaling and the Microsoft Graph API to access email communications without disrupting message flow. The system analyzes emails on three levels:
- Metadata analysis: Checks sender, recipient, subject, and other metadata to identify suspicious patterns.
- Content Analysis: Advanced analysis of email body and attachments to detect phishing, social engineering, and malicious content.
- Behavioral analysis: Identifies anomalies in user account behavior and communication patterns that may indicate a compromised account.
On threat detection, the system can automatically perform remediation using the Microsoft API, which includes removing emails from mailboxes, blocking the sender, or other specific actions according to the set policies.
Customer Benefits By implementing Cisco Email Threat Defense, you will gain
Comprehensice email security
Across-the-board visibility and protection, including inbound, outbound, and internal email.
Simplified deployment and administration
No change to MX records or email flow required, with minimal administration requirements and no risk of email communication disruption.
Internal threat detection
Unique ability to identify lateral attacker movement and compromised internal accounts.
Automated response
Immediate remediation of detected threats with minimal intervention from the security team.
Quick return on investment
Deployable within minutes, with immediate security benefits.
Strong privacy protection
Our architecture respects user privacy and meets the compliance requirements, with email content never leaving the Microsoft ecosystem.
Complementary protection
Ability to supplement existing email gateways with internal communications protection and other detection mechanisms.
Technical aspects a implementation details
Email Threat Defense is a cloud-based solution deployed through API integration with Microsoft 365.
Implementation includes:
API authorization: Securely connect to Microsoft 365 tenants using OAuth 2.0.
Journaling setup: Configure journaling to capture complete email communication.
Policy settings: Definition of security policies and rules for automatic action.
The system does not require agent installation, network infrastructure changes, or MX record editing. All of the analysis is carried out in the cloud, thereby minimizing the impact on the performance and infrastructure of your organization’s IT solution.
Cisco Email Threat Defense
This is an innovative approach to protecting email communications in the Microsoft 365 environment. Its unique API-based architecture provides unprecedented transparency and the protection of inbound, outbound, and internal email communications, which is crucial for detecting modern sophisticated attackers. The solution is ideal for organizations looking for simple but effective email protection as well as those looking to add an additional layer of protection and internal communications transparency to their existing security gateways. With minimal implementation and administration requirements, Email Threat Defense provides immediate value and significantly improves an organization’s security posture.