In at present’s dynamic menace panorama, securing the digital entrance strains is paramount. At Cisco, with greater than 326 million emails incoming every quarter, we confronted the identical problem many organizations do: defend in opposition to subtle electronic mail threats whereas sustaining person productiveness. Our reply was a daring, layered safety method, powered by AI-driven options like Electronic mail Risk Protection and the superior analytics of Splunk. Right here’s how we did it, and what we discovered.
The rising menace panorama
Electronic mail: It’s the one main assault vector for safety breaches for companies throughout the globe. In 2023, the FBI reported $2.9 billion of enterprise losses attributed to electronic mail cyberattacks within the US, an alarming enhance of over 805% since 2016. Since 2022, electronic mail ransomware incidents are up 18%. These looming threats develop day-after-day and underscore the crucial want for a sturdy, multi-layered electronic mail safety technique.
Whereas native electronic mail filters present a baseline stage of safety, they’re inadequate in at present’s advanced menace setting. In Cisco IT, we acknowledged this hole and started constructing a plan to boost our defenses.
Nevertheless, as we have been crafting a plan, a brand new downside rose in precedence. Our executives have been annoyed with inboxes stuffed with spam, advertising, and muddle. A fast session with Cisco Talos confirmed our plan, and we got down to improve our front-line electronic mail defenses — and rapidly.
Placing our plan into motion
We leverage many options throughout Cisco’s safety portfolio to maintain us digitally resilient. However we knew that bringing the items along with the AI-driven capabilities of Cisco Electronic mail Risk Protection and Splunk would give us an unparalleled benefit: deeply built-in, layered defenses that cut back gaps, enhance safety of customers and units, and safe entry to purposes. Over the previous decade, now we have applied a layered method to guard our customers on any gadget, anyplace they join, leveraging:
- Cisco XDRwhich acts as a bridge between our safety purposes. It unifies our safety insights and correlates information throughout a number of domains.
- Cisco Safe Malware Analyticswhich determines if incoming recordsdata comprise malware by isolating and opening them on a digital machine, then analyzing system impacts. This powers extra knowledgeable menace detection.
- Cisco Safe Endpointwhich protects our endpoints by figuring out and blocking recordsdata containing malware, together with details about who might have opened and/or shared these recordsdata.
- Cisco Safe Endpoint Analyticswhich offers endpoint gadget visibility, discovering endpoint threats earlier than they’re an issue together with day-zero malware, harmful person habits, information exfiltration, and so forth. It sees what purposes or Software program as a Service (SaaS) are in use, makes use of forensics for incident response, and positive aspects visibility to gadget varieties and working techniques on the community.
- Cisco Umbrella, which provides information and insights about particular domains, enabling us to dam these with poor reputations.
- Cisco Endpoint Safety Analytics Constructed on Splunk (CESA) with Cisco AnyConnect Community Visibility Module (NVM)which feeds us wealthy person habits information for electronic mail menace investigations. The NVM is the one know-how for cellular units that creates IPFIX information (IP Movement Info Export). It plugs into CESA, which delivers all the required Splunk analytics software program crucial to investigate NVM telemetry.
And in Could 2024, dealing with more and more advanced threats, we deployed Cisco Safe Electronic mail Risk Protection to mitigate threats in actual time. This platform enlists 90+ AI language fashions (LLM) detectors to robotically detect electronic mail menacesthen it proactively takes the crucial subsequent steps to guard the enterprise. This innovation saves us 1000’s of hours of manually sorting, learningand gauging intent of emails, with plenty of room for human error. As dangerous actors more and more utilize AI, Electronic mail Risk Protection ranges the taking part in discipline for us.
The Electronic mail Risk Protection affect report affords full visibility into AI-tracked threats, displaying developments over time in addition to additional insights and analytics.
For Cisco IT, integrating Electronic mail Risk Protection was seamless, taking solely a matter of days.Actually, since deployment day, we’ve acquired zero complaints from the enterprise and nil unfavorable affect on our workers’ expertise. With Electronic mail Risk Protection on high of our current layers of electronic mail safety, worker mailboxes not should cope with enterprise electronic mail compromise (BEC) the place dangerous actors impersonate trusted sources to steal cash from companies, phishingor different threats. From malware to advertising spam, we will rapidly establish and remediate every kind of undesirable mail, and do with it as we see match organizationally, whether or not it’s transferring it to the junk folder or blocking it altogether.
Elevating incident response with Splunk’s superior analytics
Even with our entrance strains being well-protected by our strong layered defenses, our groups wanted extra to remain forward of dangerous actors. In April 2025, our incident response workforce built-in Splunk into our operations, giving us entry to a number of the most modern safety developments in the marketplace.
With Splunk Assault Analyzer, Cisco now permits automated menace evaluation and digital forensics for credential phishing and malware. Its proprietary know-how extracts and analyzes malicious content material hidden in textual content, photographs, macro supply code, web site content material, and extra. This automation considerably improves our workforce’s operational effectivity, saving analysts’ time and enhancing the flexibility of our workforce to research advanced phishing threats with larger velocity and accuracy.
Quantifiable affect: Attaining resilience at scale
For Cisco, our layered method is constructed to frustrate the attacker, not the person. In terms of attackers, we’ve had lots. Throughout a typical quarter, Cisco mailboxes collectively obtain greater than 326 million inbound emails. For us, “one in one million” isn’t adequate relating to safety. Our unified portfolio stops threats of their tracks.
Let’s break down the affect of our method over a typical quarter:
- 41,000,000 (12.57%) emails blocked for having poor IP reputations
- 23,000,000 (7.05%) emails blocked for DMARC failures (Area-based Message Authentication, Reporting, and Conformance)
- 6,800,000 emails blocked for spam
- 49,000 emails blocked for having poor area reputations
- 1,940 emails blocked for holding viruses
- 840 emails blocked for holding malware
- 70,000 extra emails confirmed threats blocked by Electronic mail Risk Protection’s LLM detectors
- 1000’s extra emails blocked for different numerous causes
This stage of visibility, integration, and automation is unmatched out there. Once you’re coping with numerous customers, workplaces, and a mixture of managed and unmanaged units, there’s no different to a layered complete, platform-based method. Our technique successfully closes gaps within the assault floor to make our techniques as well-defended as attainable.
For IT and safety groups our journey affords crucial classes:
- A layered protection is non-negotiable: Counting on single-point options is inadequate. A complete, built-in portfolio is crucial.
- AI is a drive multiplier: AI-driven options like Cisco Safe Electronic mail Risk Protection considerably improve menace detection and cut back guide overhead, even leveling the taking part in discipline in opposition to AI-powered assaults.
- Automation and analytics are key to effectivity: Options like Splunk Assault Analyzer automate crucial processes, liberating up invaluable safety workforce assets and enhancing incident response.
- Integration is paramount: The true energy comes from seamlessly connecting safety instruments, making certain information correlation and unified insights throughout your setting.
Trying forward: Persevering with to construct a future-proofed office
We’re not accomplished constructing but. Cisco’s integration of AI, Splunk, and electronic mail safety represents a paradigm shift in how organizations can method safety and office innovation. By combining cutting-edge know-how with a unified imaginative and prescient for a way they’ll work extra successfully collectively, we’re not solely defending our entrance strains but additionally setting a brand new customary for resilience and adaptableness within the trendy office. We’re bringing know-how collectively to realize issues which have by no means been attainable earlier than.
Constructing on this basis, our incident response workforce is within the early levels of deploying Splunk Enterprise Safety as a part of our evolving electronic mail safety technique. Whereas this integration remains to be in progress, it displays our ongoing dedication to strengthening detection, investigation, and response capabilities throughout our surroundings. As we proceed to discover and develop sensible use circumstances, we anticipate that Splunk Enterprise Safety will change into a key part in our general method to figuring out and mitigating email-based threats — additional future-proofing our safety posture for what’s forward.
Because the menace panorama evolves, so does Cisco. Taking these learnings, we push ahead, persevering with to innovate, combine, and strengthen our defenses to guard what issues most.
Study extra:
Share:
