White Paper
Cisco Cloud Email Security Interoperability with
Microsoft Office 365
We’ve all been witness to the “cloud” evolution and the technologies that have been driven by moving operations and resources off-site to provide services that were traditionally housed internally. The migration to online services has provided many benefits to companies; small businesses can now have enterprise class redundancy and disaster recovery without the capital outlay for telecommunication, network and server resources.
Scalability, reliability and numerous other factors have led to this evolution. Companies looking to gain competitive advantages and realizing that email, once thought to be not mission critical like financials, has become business critical. Companies conduct a large portion of their business today via email. Banking, trading, sales contracts, legal documents all are transferred securely and non-securely via electronic mail.
Companies have realized that a logical step to moving to the cloud is by moving mailboxes to hosted providers.
Microsoft Office 365 Hosted Mailboxes
Microsoft Exchange has become the standard email system used by many mid to large-scale organizations. In order to gain an even larger market share Microsoft has introduced Office365.com, which will allow even a sole proprietorship company to reap the benefits of Exchange without having to have the technical staff or the hardware necessary for an Active Directory and Exchange infrastructure.
https://products.office.com/en-us/business/explore-office-365-for-business Office365 is much more than just email and calendaring, it encompasses other Microsoft applications delivered via the public Internet. For the purpose of this paper we will stay focused on email and mailboxes provided by Office365.
Microsoft Exchange Online Protection (EOP)
Microsoft EOP is a hosted filtering service that provides protection for Office365. FOPE provides the following list of features: ● Antispam ● Antivirus ● Policy enforcement ● Disaster Recovery ● Directory services
SLA’s provided by Microsoft EOP are as follows:
● Spam Effectiveness >99%
● False Positives <1:250,000
● Virus detection and blocking of 100% of known viruses
● Monthly uptime of 99.999%
● Messages queuing for 2 days when the on-premises server cannot accept mail
While these SLA’s and Microsoft market position in Exchange would point customers towards using Office 365 with EOP as their email security solution, customer adoption to a more in-depth security solution has led to Microsoft having to provide mechanisms to interoperate with 3rd party systems like DLP (Data Loss Prevention) or industry leading Email Security vendors like Cisco Systems, Inc.’s, Email Security Appliance, cloud and on premise solutions
Cisco Email Security Services
Based on the same industry-leading technology that protects 50 percent of Fortune 1000 companies from inbound and outbound email threats, the Cisco Cloud Email Security service allows customers to reduce their on-site data center footprint and out task the management of their email security to trusted security experts. It provides a dedicated email security infrastructure in multiple, resilient Cisco data centers to enable the highest levels of service availability and data protection. Customers retain access to (and visibility of) the hosted infrastructure. With comprehensive reporting and message tracking, maximum administrative flexibility is assured. This unique service is all-inclusive – with software, hardware and support bundled together for simplicity.
Best-in-Class Features:
● Powered by Cisco Talos, the industry’s largest threat intelligence service
● Industry leading Anti-SPAM
● Award winning Anti-Virus from Sophos and McAfee
● Targeted Attack Prevention with Cisco AMP – Advanced Malware Protection
● RSA Data Loss Prevention
● Integrated Message Level Encryption
● S/MIME encryption
● Web in Email protection with URL categorization and reputation
● Content Filtering – Inbound / Outbound
● Transport Layer Security (TLS)
● Anti-phishing and day-0 protection with Outbreak Filters
● Role Based Administration
● 99.999% uptime
● False positive rate of less than 1 in 1,000,000
● Co-management
● Multiple US and European Datacenters for redundancy
● Dedicated IP addresses to avoid shared fate blacklisting
malicious URLs and file attachments in email. Organizations need this multi-vector intelligence in order to have best-in-class security and protect themselves from the latest of blended threats.
Why do you need Cisco Cloud Email Security with Office 365?
In addition to the best-in-class messaging security features listed above, the prime reasons why you will benefit from Cisco Cloud Email Security are:
● Industry leading protection from email based threats, including phishing and targeted attacks, with the highest efficacy (99% catch rate, < 1/1M false positives)
● Top controls for Data Loss Prevention (DLP) and Secure Messaging, essential for a protected and secure organization
● Integrated message level encryption—no 3rd party products necessary
● Ability to leverage Cisco Talos, for protection against multi-vector sophisticated attacks
● Near real time graphical message tracking—real time available from command line interface
● With a dedicated client infrastructure, organizations will benefit by having no shared fate and reduced risk of outages caused by another customer
● Dedicated monitoring and support for Cisco Hosted Email Security customers
● Customer controlled reporting with Cisco support available to assist if needed
Integrating Office 365 with Cisco Cloud Email Security
Fortunately for Office 365 customers Microsoft has made integration with 3rd party systems fairly easy. The ability inside of the Office365 environment to create Smart Host connectors for EOP to route email to these systems is well documented. See Microsoft Exchange library.
Routing Inbound mail for SPAM filtering to Cisco Cloud Email Security
Let examine how the customer Acme, Inc. (a fictitious company), would migrate their email security to Microsoft Office365 and Cisco Cloud Email Security.
Today Acme, Inc. houses their email systems internally and all messages are filtered by a homegrown application that hasn’t provided the level of protection necessary for Acme’s employees. Acme has made the decision to move both the mailboxes for the employees as well as the email security infrastructure to the cloud and has selected a combination of Microsoft Office365 and Cisco Cloud Email Security.
Acme’s IT staff has arranged for both services to be active and has configured the Office365 environment with their users mailboxes. Acme’s current mx record points to mail.acme.com. The Cisco Cloud Email Security environment has been configured and is ready for production traffic. MX records of mx1.acme.iphmx.com and mx2.acme.iphmx.com have been created. These records point to the Cisco Email Security Appliances hosted in redundant Cisco’s datacenters. Acme and their business partner have configured the Cisco Cloud protection to route email received for Acme’s domain to the Microsoft Office365 servers where they will be delivered to the end users mailbox.
Acme’s IT staff changes the companies DNS MX records from mail.acme.com to mx1 and mx2.acme.iphmx.com and over a period of up to 24 hours DNS server around the Internet will detect this change and begin forwarding email to the Cisco Cloud Email Security Appliances for Acme.
The messages will be scanned incoming for Anti-Spam, Anti-Virus, malicious file attachments, and malicious URL’s and other email hygiene will be performed prior to delivery to Office365.
4. Specify the recipient domain as *.*
5. Deliver all messages to the following destination: mx1.acme.iphmx.com and mx2.acme.iphmx.com 6. Select Transport Layer Security (TLS) and select validation against self-signed certificate
7. Save your changes
In the Cisco Cloud Email Security configure the following 1. Mail Policies/HAT Overview
2. Add the Office 365 domain: acme.onmicrosoft.com to the RELAYLIST policy and Commit changes
Now Acme Inc has all the benefits of hosted mailboxes by Office 365 and the industries best email protection from Cisco Cloud Email Security.
