In at present’s dynamic menace panorama, securing the digital entrance traces is paramount. At Cisco, with greater than 326 million emails incoming every quarter, we confronted the identical problem many organizations do: find out how to defend towards refined e-mail threats whereas sustaining person productiveness. Our reply was a daring, layered safety strategy, powered by AI-driven options like E mail Risk Protection and the superior analytics of Splunk. Right here’s how we did it, and what we discovered.
The rising menace panorama
E mail: It’s the only main assault vector for safety breaches for companies throughout the globe. In 2023, the FBI reported $2.9 billion of enterprise losses attributed to e-mail cyberattacks within the US, an alarming improve of over 805% since 2016. Since 2022, e-mail ransomware incidents are up 18%. These looming threats develop daily and underscore the important want for a strong, multi-layered e-mail safety technique.
Whereas native e-mail filters present a baseline stage of safety, they’re inadequate in at present’s advanced menace setting. In Cisco IT, we acknowledged this hole and commenced constructing a plan to boost our defenses.
Nonetheless, as we had been crafting a plan, a brand new drawback rose in precedence. Our executives had been annoyed with inboxes stuffed with spam, advertising, and litter. A fast session with Cisco Talos confirmed our plan, and we got down to improve our front-line e-mail defenses — and shortly.
Placing our plan into motion
We leverage many options throughout Cisco’s safety portfolio to maintain us digitally resilient. However we knew that bringing the items along with the AI-driven capabilities of Cisco E mail Risk Protection and Splunk would give us an unparalleled benefit: deeply built-in, layered defenses that scale back gaps, improve safety of customers and units, and safe entry to purposes. Over the previous decade, we now have carried out a layered strategy to guard our customers on any machine, wherever they join, leveraging:
- Cisco XDRwhich acts as a bridge between our safety purposes. It unifies our safety insights and correlates knowledge throughout a number of domains.
- Cisco Safe Malware Analyticswhich determines if incoming information include malware by isolating and opening them on a digital machine, then analyzing system impacts. This powers extra knowledgeable menace detection.
- Cisco Safe Endpointwhich protects our endpoints by figuring out and blocking information containing malware, together with details about who could have opened and/or shared these information.
- Cisco Safe Endpoint Analyticswhich gives endpoint machine visibility, discovering endpoint threats earlier than they’re an issue together with day-zero malware, harmful person habits, knowledge exfiltration, and many others. It sees what purposes or Software program as a Service (SaaS) are in use, makes use of forensics for incident response, and features visibility to machine sorts and working methods on the community.
- Cisco Umbrella, which provides knowledge and insights about particular domains, enabling us to dam these with poor reputations.
- Cisco Endpoint Safety Analytics Constructed on Splunk (CESA) with Cisco AnyConnect Community Visibility Module (NVM)which feeds us wealthy person habits knowledge for e-mail menace investigations. The NVM is the one expertise for cell units that creates IPFIX knowledge (IP Move Info Export). It plugs into CESA, which delivers the entire required Splunk analytics software program needed to research NVM telemetry.
And in Might 2024, going through more and more advanced threats, we deployed Cisco Safe E mail Risk Protection to mitigate threats in actual time. This platform enlists 90+ AI language fashions (LLM) detectors to routinely detect e-mail menacesthen it proactively takes the needed subsequent steps to guard the enterprise. This innovation saves us hundreds of hours of manually sorting, learningand gauging intent of emails, with a number of room for human error. As unhealthy actors more and more utilize AI, E mail Risk Protection ranges the taking part in area for us.
The E mail Risk Protection influence report presents full visibility into AI-tracked threats, displaying tendencies over time in addition to additional insights and analytics.
For Cisco IT, integrating E mail Risk Protection was seamless, taking solely a matter of days.The truth is, since deployment day, we’ve acquired zero complaints from the enterprise and 0 destructive influence on our staff’ expertise. With E mail Risk Protection on high of our current layers of e-mail safety, worker mailboxes not should deal with enterprise e-mail compromise (BEC) the place unhealthy actors impersonate trusted sources to steal cash from companies, phishingor different threats. From malware to advertising spam, we are able to shortly establish and remediate all types of undesirable mail, and do with it as we see match organizationally, whether or not it’s transferring it to the junk folder or blocking it altogether.
Elevating incident response with Splunk’s superior analytics
Even with our entrance traces being well-protected by our sturdy layered defenses, our groups wanted extra to remain forward of unhealthy actors. In April 2025, our incident response crew built-in Splunk into our operations, giving us entry to a few of the most progressive safety developments in the marketplace.
With Splunk Assault Analyzer, Cisco now allows automated menace evaluation and digital forensics for credential phishing and malware. Its proprietary expertise extracts and analyzes malicious content material hidden in textual content, photos, macro supply code, web site content material, and extra. This automation considerably improves our crew’s operational effectivity, saving analysts’ time and enhancing the power of our crew to analyze advanced phishing threats with better velocity and accuracy.
Quantifiable influence: Attaining resilience at scale
For Cisco, our layered strategy is constructed to frustrate the attacker, not the person. With regards to attackers, we’ve had loads. Throughout a typical quarter, Cisco mailboxes collectively obtain greater than 326 million inbound emails. For us, “one in one million” isn’t adequate in the case of safety. Our unified portfolio stops threats of their tracks.
Let’s break down the influence of our strategy over a typical quarter:
- 41,000,000 (12.57%) emails blocked for having poor IP reputations
- 23,000,000 (7.05%) emails blocked for DMARC failures (Area-based Message Authentication, Reporting, and Conformance)
- 6,800,000 emails blocked for spam
- 49,000 emails blocked for having poor area reputations
- 1,940 emails blocked for holding viruses
- 840 emails blocked for holding malware
- 70,000 further emails confirmed threats blocked by E mail Risk Protection’s LLM detectors
- 1000’s extra emails blocked for different numerous causes
This stage of visibility, integration, and automation is unmatched available in the market. Once you’re coping with numerous customers, workplaces, and a mixture of managed and unmanaged units, there’s no different to a layered complete, platform-based strategy. Our technique successfully closes gaps within the assault floor to make our methods as well-defended as potential.
For IT and safety groups our journey presents important classes:
- A layered protection is non-negotiable: Counting on single-point options is inadequate. A complete, built-in portfolio is important.
- AI is a drive multiplier: AI-driven options like Cisco Safe E mail Risk Protection considerably improve menace detection and scale back handbook overhead, even leveling the taking part in area towards AI-powered assaults.
- Automation and analytics are key to effectivity: Options like Splunk Assault Analyzer automate important processes, liberating up useful safety crew sources and enhancing incident response.
- Integration is paramount: The true energy comes from seamlessly connecting safety instruments, making certain knowledge correlation and unified insights throughout your setting.
Trying forward: Persevering with to construct a future-proofed office
We’re not executed constructing but. Cisco’s integration of AI, Splunk, and e-mail safety represents a paradigm shift in how organizations can strategy safety and office innovation. By combining cutting-edge expertise with a unified imaginative and prescient for the way they’ll work extra successfully collectively, we’re not solely defending our entrance traces but additionally setting a brand new commonplace for resilience and flexibility within the fashionable office. We’re bringing expertise collectively to realize issues which have by no means been potential earlier than.
Constructing on this basis, our incident response crew is within the early levels of deploying Splunk Enterprise Safety as a part of our evolving e-mail safety technique. Whereas this integration remains to be in progress, it displays our ongoing dedication to strengthening detection, investigation, and response capabilities throughout our surroundings. As we proceed to discover and develop sensible use circumstances, we anticipate that Splunk Enterprise Safety will develop into a key part in our total strategy to figuring out and mitigating email-based threats — additional future-proofing our safety posture for what’s forward.
Because the menace panorama evolves, so does Cisco. Taking these learnings, we push ahead, persevering with to innovate, combine, and strengthen our defenses to guard what issues most.
Study extra:
Share:
