Page 37 - Accelerating Sales in Cisco Content Security - ASCCSv9
P. 37

Supporting Student Notes:

 • SIO issues rules to quarantine suspicious messages, based on any combination of 6 parameters including file type,
    file name, file size and URLs in a message.

 • As the Threat Operations Center learns more about an outbreak, it can modify the rule and release messages from
    quarantine accordingly. Messages are held in quarantine until Sophos or McAfee releases an updated signature.

 • On average, Cisco Virus Outbreak Filters stop viruses 13 hours ahead of the next major AV vendor. In fact, we post
    the last 20 outbreaks and our response time relative to the major AV vendors at www.ironport.com/toc.

 • A huge spike in executable files—that’s a virus. With our virus outbreak filters, we can see where that virus is
    coming from and update your Cisco Email Security solution to put that message in quarantine (don’t deliver it, but
    don’t delete it). We’re going to hold onto it and wait until we can scan it with our antivirus engine.

 • It sounds simple, but this process works. We’re providing our customers with protection in less than 60 minutes. It’s
    because we’re different than your traditional antivirus engine – Sophos, McAfee, or Symantec, who are trying to get
    a copy of that message, run it in their test lab to see what it does, and then release the patched file and ultimately
    release their signature file.

 • With our virus outbreak filters, we just see a spike in executables or some kind of dangerous traffic coming from
    some dangerous region of the world and we can react immediately. We can delete or quarantine those messages.
    You can hold on to them until we scan them with our antivirus engine, at which point you can delete them if
    they’re bad and deliver them if they’re good. That’s the industry’s only proven 0-hour solution with virus outbreak
    filters and we couple that with our scanning engines—with our Sophos antivirus engine, and if you want to max out
    your antivirus on this one solution you can add in McAfee so you can have three antivirus layers on one Cisco Email
    Security solution.
   32   33   34   35   36   37   38   39   40   41   42