HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

Cisco Secure Email Gateway Adds Remote Browser Isolation and Content Disarm & Reconstruction

Cisco unveiled Remote Browser Isolation (RBI) and Content Disarm & Reconstruction (CDR) for its Secure Email Gateway, giving organizations a way to isolate malicious links and strip active content from attachments. The controls shift email security from detection‑only to proactive neutralization, a key consideration for third‑party risk managers.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 blogs.cisco.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
blogs.cisco.com

Cisco Secure Email Gateway Gains Remote Browser Isolation and Content Disarm & Reconstruction

What Happened – Cisco announced two new capabilities for its Secure Email Gateway (SEG): Remote Browser Isolation (RBI) and Content Disarm & Reconstruction (CDR). RBI routes clicked links to a remote, sandboxed browser, while CDR strips active content from attachments and rebuilds a clean version. Together they shift protection from “detect‑and‑react” to “isolate‑and‑neutralize.”

Why It Matters for TPRM

  • Email remains the primary vector for credential theft and malware; these controls reduce the risk of third‑party‑delivered threats.
  • Vendors that rely on Cisco SEG can now claim a higher baseline of zero‑trust email hygiene, easing due‑diligence assessments.
  • RBI and CDR mitigate the impact of unknown or zero‑day exploits that traditional signature‑based tools miss.

Who Is Affected – Enterprises using Cisco Secure Email Gateway, Managed Security Service Providers (MSSPs) that resell SEG, and any organization that processes inbound/outbound email traffic.

Recommended Actions

  • Verify whether your contract includes RBI and CDR; if not, request an add‑on.
  • Update your email security policy to reflect the new “isolate‑and‑neutralize” workflow.
  • Test the RBI and CDR flows in a staging environment to confirm compatibility with legacy applications.

Technical Notes – RBI intercepts click‑through URLs, renders them in a remote Chromium instance, and discards any malicious payload before it reaches the endpoint. CDR parses attachments (PDF, Office, images), removes macros, embedded scripts, OLE objects, and rewrites URLs/QR codes to route through RBI. No new CVEs are disclosed; the controls are architectural mitigations. Source: Cisco Security Blog

📰 Original Source
https://blogs.cisco.com/security/enhancing-cisco-secure-email-gateway-safer-clicks-cleaner-files/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →