Verdicts

Secure Email Threat Defense applies the following threat verdicts to messages:

  • BEC: Business Email Compromises (BEC) are sophisticated scams that use social engineering and intrusion techniques to cause financial damage to the organization.

  • Scam: Scams are focused on causing financial harm to individuals using techniques such as lottery or extortion fraud.

  • Phishing: These messages have been convicted of fraudulently copying or mimicking legitimate services in an attempt to acquire sensitive information such as user names, passwords, credit card numbers, and more.

  • Malicious: These messages have been convicted of containing, serving, or supporting the delivery or propagation of malicious software.

Retrospective Verdicts

A retrospective verdict is one that was applied to a message sometime after the message was first scanned by Secure Email Threat Defense.

A retrospective verdict in Secure Email Threat Defense is slightly different that in other Cisco security products. Although Secure Email Threat Defense is not an inline mail processor, it does have a fixed time range for completing its initial analysis of a message. Newer content engines that have longer analysis times, such as Talos’ Deep URL Analysis, are treated as a retrospective verdict. As the verdict is delayed, so is the remediation. Thus, Secure Email Threat Defense tags these convictions distinctly.

Retrospective verdicts are indicated on the Messages page next to the Verdict with a blue icon. Hover your cursor over the icon to see the time the retrospective verdict was applied and the difference between when the message was received and when the verdict was applied.

Retrospective Verdict Email Notifications

To turn email notifications for retrospective verdicts on or off:

  1. Select Administration > Business.

  2. Under Preferences, select or deselect >Send Notifications for Retrospective Verdicts.

Retrospective verdicts email notifications are sent to the specified notification email address if the check box is selected. These notifications are turned on by default.