Protection of Cisco front lines using Ai-spilled e-mail threats and joins

In today’s dynamic threat landscape, the provision of digital front lines is primarily. In Cisco, with more than 326 million e -mails that come every quarter, we faced the same challenge that many organizations do: how to defend against sophisticated e -mail threats while maintaining users’ productivity. Our answer was a courageous, layered security approach, driven by solutions controlled and, such as the defense of e-threats and advanced splunk analysts. This is how we did it and what we learned.

The growing threat of landscape

E -mail: It is the only leading attack vector to breach security for business around the world. In 2023, FBI reported $ 2.9 billion from business losses assigned to E -Maly Cyber ​​attacks in the US, an alarming increase of more than 805% of 2016 sales. Sale 2022, e -mail incidents with ransomware increased by 18%. These imminent threats grow every day and emphasize the critical need for a robust, multi-point email security strategy.

While native e -mail filters provide a basic level of protection, they are not sufficient in today’s complicated threat environment. In Cisco, we recognized this gap and started building a plan to strengthen our defense.

However, when we created a plan, a new problem in priority. We frustrated our managers with a delivery in the mail full of spam, marketing and mess. Quick consultation with Cisco talos Confirmed on the plan and we decided to improve our e-mail defense and quickly.

Putting our plan to action

We will use many solutions across Cisco’s security portfolio to keep us digitally durable. However, we knew that connecting pieces together with the abilities of the driven and cisco e-mail threats and merging would give us an unrivaled advantage: deeply integrated, layered defense, which reduces gaps, increases user and devices and secure access to applications. Over the last decade, we have implemented layered access to the protection of our users on any device wherever they connect, use:

• Cisco xdrwhich acts as a bridge between our security applications. It unifies our security knowledge and correlates data across several domans.
• Cisco Secure Malware AnalyticsIt determines whether incoming files contain insulation malware and open on a virtual computer and then analyze the impact of the system. This drives more informed threat detection.
• Cisco safe endpointWhich protects our endpoints by identifying and blocking files containing malware, including information about who could open or share these files.
• Cisco Secure Endpoint AnalyticsWhich provides the visibility of the endpoint, search for endpoints before the problem, included daily zero malware, dangerous behavior, exfiltration of data, etc. They see what applications or software as a service (SAAS) are used, forensic to respond to incidents and gain visibility of equipment and operating systems.
• Cisco,, who pRovides data and knowledge about specific domains, which will block us to block those with poor reputation.
• Cisco Endpoint Security Analyticswhich We are feeding wealthy data about user behavior for investigating e -mail threats. NVM is the only technology for mobile devices that creates IPFIX data (IP flow information about export). It will be involved in CESA, which provides all required software requirement SPLUNK Analytics for NVM telemetry analysis.

And in May 2024, facing increasingly complex threats, we put on Cisco Secure E -Mail defense of threats to mITTER Treats in real time. This Platform will include 90+ AI Language models (Llm) Detectors detectors e-mail fiberwiththen it actively takewith tea necessarily Stepwith To protect the business. This innovation USA saves thousands of hours by hand trip, readingIngAnd measurement of the e -mail intent with lots of space for a human error. Like bad actors Increasingly ATTile Ai,, E -mail defense of threat Level level for OUR.

The message of the impact on the defense of e-mails offers full visibility to the threats of the AI ​​monitored, which show trends over time, as well as other knowledge and analytics.

For Cisco IT, the integration of the defense of e -mail threats was trouble -free, it only stained a few days.In fact, from the day of deployment, we have received zero complaints from business and zero negative impact on our employed experience. With the defense of e -mail threats We have a peak From our existential strata of e -mail security, employed mailbox may not settle for a long time Business e -mail compromise (Beak) where bad actors go to trusted resources to stole money from business, Phishingor other threats. FROM malware To marketing spam, we can quickly identify and correct all kinds of undesirable mail and do with it, as we see the fitting organizationally, where it moves it to a junk or block it completely.

Increasing the response to incidents with advanced analysts of joining

Although our front lines are well protected by our robust defense defense, our teams needed more to stay from bad actors. In April 2025, our team of incident response integrated to our operations, allowing us to access some of the most innovative security developments on the market.

WITH Analyzer Splunk Attack,, Cisco now allows automated analysis of threats and digital forensia for phishing and Malware credentials. Its proprietary technology extracts and analyzes malicious content hidden in text, images, macro source code, website content and more. This automation significantly improves our team’s operational efficiency, saves analysts and increases our team’s ability to explore complex phishing threats with greater speed and accuracy.

Quantifiable Impact: To achieve resistance in a scale

For Cisco, our layered approach is to construct the attack, not the user. In terms of attacks, we had a lot. During a typical quarter, Cisco mailboxes get more than 326 million incoming e -mails. For us, “one of a million” is not good enough to come to safety. Our united portfolio stops the threads in its footsteps.

Let’s analyze the impact of access over a typical quarter:

• 41 000 000 (12.57%) E -Maily blocked for poor IP reputation
• 23 000 000 (7.05%) Emails blocked for DMARC failure (verification of domain-based messages, reporting and compliance)
• 6,800,000 Blocked for spam e -mail
• 49,000 Blocked for having a bad reputation of domain e -mail
• 1,940 Blocked for e -mail viruses of viruses
• 840 E -Maily blocked for malware contecteing
• 70,000 Other e -mail confirmed threats blocked by LLM e -mail threats defense
• Thousands of others Blocked for other different reasons e -mail

This level of visibility, integration and automation is unrivaled on the market. When dealing with various users, workplaces and combinations of managed and unseen devices, there is no alternative to a lace understanding, it approves the platform. Our layer effectively closes gaps in attacking the surface to make our system as much as possible.

For IT and Security Teams Our journey offers critical lessons:

In layered defense it is uninhabable: Relying on individual solutions is insufficient. Understanding, integrated portfolio is necessary.

AI is forcibly multiplied: AI-DRIVENT, such as Cisco Secure, an e-mail threat of defense of solutions, significantly increases threat detection and reduces manual overheads, even balances the conditions against the attacks laid AI.

Automation and analysts are the key to efficiency: Like the Trunk Attack, the Attack automates critical processes, releases valuable Teamity team resources and improves the incident response.

Integration is Paramount: The actual force comes from continuously connecting security tools, enlished data correlations and unified knowledge across your environment.

See ahead: Continuation of the construction of the Future -resistant workplace

We’re not going. The integration of AI, Splunk and E -Mail’s Cisco security is a shift in paradigm in how organizations can access security and innovation in the workplace. Combining state -of -the -art technologies with a uniform vision, how they can work more efficiently, we protect not only our front lines, but also set a new standard for durability and adaptability at the modern workplace. We combine technology to achieve things that have never been possible before.

Based on this Foundation, our team for reaction to incidents in the early stages of the Enterprise Security is in our evolving strategy of E -Hail security. Although this integration is still ongoing, this reflects our commitment to strengthen the detection, investigation and responsible environmental abilities. When we continue to explore and develop practical uses, we expect that the Enterprise Security joining will become a key part of our overall approach to identifying and mitigating e-mail threats – Further resistance to the future of our attitude about what is ahead of us.

Both the threat and Cisco fees evolve. We accept ourselves, push forward, continue innovation, integrate and strengthen our defense to protect what matters most.

Further information:

Share: