IronPort X1070 Email Security Appliance
The Ultimate Email Security System for the World's Most Demanding Networks.
Cisco has acquired Ironport. Please visit our Cisco site for the latest re-branded Ironport products.
This product is no longer available, please contact us for a replacement solution
As the battle to protect the email perimeter continues, two predominant trends emerge: higher mail volumes and more resource-intensive scanning. The IronPort X1070™ is purpose-built, on the foundation of the IronPort AsyncOS™ operating system, to provide power for today’s volumes and high-performance scanning for tomorrow’s threats. This unparalleled performance delivers dial-tone availability — saving hours of productivity and thousands of dollars during peak traffic times, such as damaging virus outbreaks or spam attacks.
The world’s largest organizations and ISPs need a secure and easy-to-manage email security solution that protects all facets of their complex email infrastructures. The IronPort X1070 provides IronPort’s exclusive preventive filters and signature-based reactive filters, combined with data loss prevention (DLP) and best-of-breed encryption technology, to provide the highest level of email security available today — while delivering unprecedented visibility and management tools.
Real-Time Threat Intelligence
The Cisco Email Security Appliance (ESA) is powered by Cisco Security Intelligence Operations (SIO), our industry-leading threat intelligence organization.
Cisco SIO detects and correlates threats in real time using the largest threat detection network in the world. It monitors 100 TB of daily security intelligence, 1.6 million deployed security devices, 13 billion daily web requests, and 35 percent of worldwide email traffic.
Cisco SIO prevents zero-hour attacks by continually generating new rules that feed updates to the Cisco ESA. These updates occur every three to five minutes to provide industry-leading threat defense hours and even days ahead of competitors.
Advanced Malware Protection
ESA now includes Advanced Malware Protection (AMP), a malware defeating solution that takes full advantage of the vast cloud security intelligence network of Sourcefire (now a part of Cisco).
ESA delivers protection across the attack continuum—before, during, and after an attack—with malware detection and blocking, continuous analysis, and retrospective alerting. Users can block more attacks, track suspicious files, mitigate the scope of an outbreak and remediate faster.
- Fast blocking of new email transported viruses
- Best-in-class performance at stopping or encrypting sensitive outbound email
- A superior spam capture rate (more than 99 percent) and few false positives (less than one in one million)
- The industry's only proven zero-hour antivirus solution to date
Low Total Cost of Ownership
- Easy installation and management
- Low network impact
- Minimal ongoing administration
- 10 JD Powers award-winning security support centers globally, with 24-hour support available
- Cisco financial commitment to security investment and innovation
- Flexible deployments: on premises, cloud, hybrid, and virtual deployments
- Superior ability to scale threat analysis as global data explodes
Cisco Email Security defends your mission-critical email systems with appliance, virtual, cloud, and hybrid solutions. Cisco Email Security is recognized by third parties as the best source of email security.
Global Threat Intelligence
Get fast, complete email protection backed by one of the largest threat detection networks in the world. Cisco Email Security provides broad visibility and a large footprint, including:
- 100 terabytes (TB) of security intelligence daily
- 1.6 million deployed security devices including firewalls, Cisco Intrusion Prevention System (IPS) sensors, and web and email appliances
- 150 million endpoints
- 13 billion web requests per day
- 35 percent of the world's enterprise email traffic
Cisco SIO provides a 24-hour view into global traffic activity. It analyzes anomalies, uncovers new threats, and monitors traffic trends. Cisco SIO helps prevent zero-hour attacks by continually generating new rules that feed updates to the Cisco ESAs. These updates occur every three to five minutes, providing industry-leading threat defense.
Accelerating Email Threats
Modern corporate email systems such as Gmail and Microsoft Exchange and come with a measure of built-in security. Some see these built-in protections as adequate. They shouldn't.
Mobility, cloud and sophisticated blended attacks are expanding the number, range, and velocity of email- transported threats. Inbound threat defense that lags by hours or days, and sometimes even weeks, leaves email environments and businesses exposed.
Failure to secure sensitive data can also result in severe consequences. From fulfilling mandated compliance requirements to protecting intellectual property, email confidentiality is critical.
Receive fast and comprehensive email protection backed by the largest threat detection network in the world. Cloud-based intelligence, combined with information from industry partnerships and the analysis of a dedicated threat research team, is essential for providing zero-day responses.
At Cisco, defense starts with our Security Intelligence Operations (SIO) service.
Cisco SIO provides a 24x7 view into global traffic activity, enabling Cisco to analyze anomalies, uncover new threats, and monitor traffic trends. Automatic policy updates are pushed to network devices every three to five minutes.
Secure your network with the highest spam capture rate and an industry-low false positive rate.
Spam is a complex problem that demands a sophisticated solution. Cisco makes it easy. To stop spam from reaching your inbox, a multilayered defense combines an outer layer of filtering based on the reputation of the sender and an inner layer of filtering that performs a deep analysis of the message.
With reputation filtering, over 80% of spam is blocked before it even hits your network.
Protect your email with the industry's only proven zero-hour antivirus solution that defends you from brand new viruses hours ahead of others.
Cisco Virus Outbreak Filters provide a critical first layer of defense against new outbreaks hours before signatures used by traditional antivirus solutions are in place.
Cisco's global Threat Operations Center analyzes SIO data and issues rules to quarantine suspicious messages. It can issue rules on any combination of six parameters, including file type, file name, file size, and URLs in a message. As the Threat Operations Center learns more about an outbreak, it continually updates rules to appropriately deal with quarantined messages. Messages are held in quarantine until Sophos or McAfee releases an updated signature.
Protect your sensitive data-simply, effectively, and accurately.
Ensure your most important messages are compliant with industry standards and protected in transit. Protect outbound messages with Cisco Email Security Data Loss Prevention integration with RSA and email encryption.
Data Loss Protection (DLP)
Prevent leaks, enforce compliance, and protect your brand.
Ensure compliance with industry and government regulations worldwide and help prevent confidential data from leaving your networks. Cisco Email Security Data Loss Protection offers simplified management, comprehensive protection, and unparalleled accuracy.
Choose from an extensive policy library of more than 100 expert policies with the push-of-a-button interface to activate compliance requirements.
Satisfy compliance requirements secure messaging.
Meet encryption requirements for regulatory requirements such as PCI, HIPAA, SOX, and GLBA — as well as state privacy regulations and European directives — without burdening the senders, recipients, or email administrators. Offer encryption not as a mandate, but as a service that's easy to use.
Give the sender complete control of their content, even after it's been sent. With Cisco's email encryption, senders don't fear mistyped recipient addresses, mistakes in content, or time-sensitive emails because the sender always has the option to lock the message.
Take advantage of the most advanced cloud-based encryption key service available today. Manage recipient registration, authentication, and per-message/per-recipient encryption keys with Cisco Registered Envelope Service.
Cisco Registered Envelope Service provides all user registration and authentication as a highly available managed service. There's no additional infrastructure to deploy. For enhanced security and reduced risk, message content goes straight from your gateway to the recipient.
Cisco Registered Envelope Service
All Cisco Email Security solutions share a simple approach to implementation. The system setup wizard can handle even complex environments and will have you up and protected in just minutes, making you safer, fast. Licensing is user based, not device based, so you can apply it per user instead of per device to provide inbound as well as outbound email gateway protection at no additional cost. This capability lets you scan outbound messages with antispam and antivirus engines to fully support your business needs.
Flex and scale to meet the demands of your business with your choice of appliance-based, cloud-based, and hybrid solutions:
- SaaS: Reduce on-site data center footprint with little administrative overhead
- Hybrid SaaS: Benefit from the cloud and control sensitive data on-site
- Managed: Free your resources to focus on other strategic IT initiatives
Reporting Insight Proves ROI The IronPort X1070 offers very sophisticated management, monitoring and reporting tools designed to satisfy the large global enterprises and ISPs that make up IronPort’s customer base. Each appliance has a unique reporting system, providing both a real-time and historical look at mail flowing through your email infrastructure. IronPort provides system administrators with the necessary information to make critical security decisions and demonstrate Return On Investment (ROI).
Reduced TCO The IronPort MTA platform enables massive reduction in Total Cost of Ownership (TCO) by consolidating email operations and security into a single platform. Self-managing security services provide the lowest maintenance solution in the industry with minimal configuration requirements.
Increased End-User Productivity By securing the network at the gateway level, the IronPort X1070 acts as a “shock absorber,” in front of the groupware server(s). This ensures that end-users are not bogged down by spam, viruses, and other threats. Unlike other solutions, IronPort security services do not rely on end-users to “train” the system. Instead, high accuracy is maintained through continuous and automatic rule updates.
Improved Administrative Efficiency The IronPort Reputation Filtering system was the first in the industry and remains the most sophisticated. In its default settings, the system will block over 80 percent of incoming mail at the connection level. By eliminating these unwanted messages, organizations save bandwidth (the message is never accepted) and system resources. CPU-intensive spam and virus filters are used only when needed, and rate limiting is a very effective defense against “hit and run” spam attacks or denial-of-service attacks.
Minimized Downtime The comprehensive IronPort X1070 solution ensures the availability and security of your email infrastructure. IronPort offers a variety of security applications for spam and virus filtering, content scanning and data loss prevention. Together these features reduce the risk and potential downtime posed by security threats.
|Chassis / Processor|
|Form Factor||19" Rack-Mountable, 2U rack height|
|Dimensions||3.4" (h) x 17.4" (w) x 26.8" (d)|
|CPU||Two Intel Multi-Core Processors|
|Power Supplies||Hot-plug redundant, 750 watts, 100/240 volts|
|RAID||RAID 1+0 Configuration; Dual channel hardware with battery-backed cache|
|Drives||Six hot-swappable, 300 GB Serial Attached SCSI|
|Capacity||70 GB queue capacity|
|Ethernet||Four Gigabit Ethernet Ports|
|Serial||1 RS-232 (DB-9) Serial Port|
|Mail Protocols||SMTP, ESMTP, Secure SMTP over TLS|
|DNS||Internal resolver/cache; Can resolve using local DNS or Internet DNS servers|
|LDAP||Integrates with Active Directory, Notes, Domino, and OpenLDAP servers|
|Interfaces / Configuration|
|Web Interface||Accessible by HTTP or HTTPS|
|Command Line Interface||Accessible via SSH or Telnet; Configuration Wizard or command-based|
|File Transfer||SCP or FTP|
|Programmatic Monitoring||XML over HTTP or HTTPS|
|Configuration Files||XML-based Configuration Files archived or transferred to cluster|
|TLS (Encrypted SMTP)||56-bit DES, 168-bit 3DES, 128-bit RC4, 128-bit AES, 256-bit AES|
|DomainKeys Signing||512, 768, 1024, 1536 and 2048-bit RSA|
|SSH for System Management||768 and 1024-bit RSA|
|HTTPS for System Management||RC4-SHA and RC4-MD5|
Where to Deploy:
You can deploy Cisco Email Security solutions:
- On premises: The Cisco ESA is an email gateway typically deployed in a firewall demilitarized zone. Incoming Simple Mail Transfer Protocol (SMTP) traffic is directed to the Cisco ESA data interface according to specifications set by your mail exchange records. The Cisco ESA filters it and redelivers it to your network mail server. Your mail server also directs outgoing mail to the Cisco ESA data interface, where it is filtered according to outgoing policies and then delivered to external destinations.
- Virtual: With Cisco UCS running in your small branch office, you could host the Cisco ESAV with other Cisco products such as the Cisco Web Security Virtual Appliance (WSAV). Together, they provide the same level of protection as their hardware equivalents but save you money on space and power resources. You can centrally manage this custom deployment with the Cisco SMA.
Email Security Technology:
Email has become the primary communication method for organizations of all sizes. Whether private information is deliberately or accidentally leaked, the ramifications of data loss are severe: violation of compliance regulations, erosion of customer trust, and destruction of brand equity. As a result, executives are focused more than ever on rapidly deploying solutions to address data loss – and to do it in an easy-to-administer, unobtrusive manner.
Cisco has partnered with RSA – the leader in data loss prevention (DLP) technology – to provide an integrated DLP solution, RSA Email DLP, on Cisco IronPort email security appliances. To ensure compliance with industry and government regulations worldwide and help prevent confidential data from leaving customer networks, RSA Email DLP offers easy management, comprehensive protection, and unparalleled accuracy.
Comprehensive Policy Creation and Modification
RSA Email DLP has more than 100 predefined polices. These policies not only cover government regulations such as US focused HIPAA and UK focused Data Protection Act, but also include non-government regulations such as the Payment Card Industry Data Security Standards (PCI DSS). Administrators can also build custom policies to look for company-specific information. Additionally, they can choose from numerous remediation actions, such as BCC, notify, quarantine, and encrypt.
RSA DLP data classification technology and policies are fully integrated into Cisco IronPort email security appliances. In a single user interface, administrators can configure anti-spam, anti-virus, content filtering, encryption, and RSA Email DLP actions on a per-user basis. Administrators can access real-time and scheduled reports to view the top DLP email violations by policy, severity, and senders. The appliances' message tracking capabilities enable administrators to search for messages with certain DLP violations.
A common complaint about DLP solutions is the high rate of false positives. RSA Email DLP's pre-defined policies are created by RSA's Information Policy and Classification Research Team. This team has a proven methodology to develop policies with best-in-class accuracy. These policies leverage sophisticated content analysis techniques and are specifically tuned to virtually eliminate false positives and maximize catch rate. Administrators can set four different severity rankings, based on the amount of offending content, and apply different action depending on severity
Cisco IronPort solutions simplify the complexity of protecting sensitive communications.
With the click of a button, administrators can enable pre-defined RSA Email DLP policies. They can also quickly create their own policies, or modify policies, to best suit their environment.
Low Administrative Overhead
RSA Email DLP is specifically designed to virtually eliminate false positives, which means that administrators do not need to constantly monitor and manage violations. If examining quarantined messages is required, offending content is highlighted in each message. Administrators can also schedule DLP-related reports to be sent to them on a regular basis.
Simplified Regulatory Compliance
With RSA Email DLP, administrators don't need to be legal experts to ensure that their organizations are in compliance. With a single click, administrators can choose any one of the more than 100 pre-defined RSA Email DLP policies to ensure compliance with U.S. and international regulations.
Safeguard Proprietary Information
In addition to regulatory compliance, RSA Email DLP policies help ensure that intellectual property information and company confidential information does not leave the network. Administrators can choose from preloaded policies, or can customize them to scan for company-specific information.
RSA Email DLP is fully integrated into Cisco IronPort email security appliances – enabling administrators to manage all gateway-related tasks from a single user interface. This powerful DLP solution provides a comprehensive, easy-to-manage, and accurate DLP solution to protect companies from sensitive data loss.
A Cisco ESAV license is included for all Cisco Email Security software bundles: the Cisco Email Security Inbound, Cisco Email Security Outbound, or Cisco Email Security Premium bundle. This license has the same term as the other software services in the bundle and can be used for as many virtual instances as needed, as long as you stick to the purchased user count. The Cisco ESA licenses are included in all Cisco Email Security software bundles. Just purchase the appropriate licenses for the number of mailboxes you need to support, then buy the appropriate on-premises appliances. For virtual appliances, simply order the software licenses to get entitlement.
Term-Based Subscription Licenses
Licenses are term-based subscriptions of one, three, or five years.
Quantity-Based Subscription Licenses
The Cisco Email Security portfolio uses tiered pricing based on the number of mailboxes. Sales and partner representatives will help to determine the correct customer deployment.
Email Security Software Licenses
Three Cisco Email Security software license bundles are available, as well as one à la carte offering: Cisco Email Security Inbound, Cisco Email Security Outbound, Cisco Email Security Premium, and Advanced Malware Protection. The major components of each software offering are provided below.
|Cisco Email Security Inbound Essentials||The Cisco Email Security Inbound Essentials bundle delivers protection against email-based threats, including antispam, Sophos antivirus solution, virus outbreak filters, and clustering.|
|Cisco Email Security Outbound Essentials||The Cisco Email Security Outbound Essentials bundle guards against data loss with DLP compliance, email encryption, and clustering.|
|Cisco Email Security Premium||The Cisco Email Security Premium bundle combines both inbound and outbound protections included in the two Cisco Email Security Essentials licenses noted above, for protection against email-based threats and essential data loss prevention.|
|A la Carte Offerings||Description|
|Advanced Malware Protection||Advanced Malware Protection (AMP) can be purchased à la carte along with any Cisco Email Security Software bundle. AMP is a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis, and retrospective alerting.
AMP augments the antimalware detection and blocking capabilities already offered in Cisco Email Security with file reputation scoring and blocking, file sandboxing, and file retrospection for continuous analysis of threats, even after they have traversed the email gateway.
Software License Agreements
The Cisco End-User License Agreement (EULA) and the Cisco Web Security Supplemental End-User License Agreement (SEULA) are provided with each software license purchase.
Software Subscription Support
All Cisco Email Security licenses include software subscription support essential to keeping business-critical applications available, highly secure, and operating at peak performance. This support entitles you to the services listed below for the full term of the purchased software subscription.
- Software updates and major upgrades keep applications performing at their best, with the most current features.
- The Cisco Technical Assistance Center (TAC) provides fast, specialized support.
- Online tools build and expand in-house expertise and boost business agility.
- Collaborative learning provides additional knowledge and training opportunities.
Download the IronPort X1070 Data Sheet (PDF).
- Pricing and product availability subject to change without notice.