Cisco Secure Email Gateway Gains Remote Browser Isolation and Content Disarm & Reconstruction
What Happened – Cisco announced two new capabilities for its Secure Email Gateway (SEG): Remote Browser Isolation (RBI) and Content Disarm & Reconstruction (CDR). RBI routes clicked links to a remote, sandboxed browser, while CDR strips active content from attachments and rebuilds a clean version. Together they shift protection from “detect‑and‑react” to “isolate‑and‑neutralize.”
Why It Matters for TPRM –
- Email remains the primary vector for credential theft and malware; these controls reduce the risk of third‑party‑delivered threats.
- Vendors that rely on Cisco SEG can now claim a higher baseline of zero‑trust email hygiene, easing due‑diligence assessments.
- RBI and CDR mitigate the impact of unknown or zero‑day exploits that traditional signature‑based tools miss.
Who Is Affected – Enterprises using Cisco Secure Email Gateway, Managed Security Service Providers (MSSPs) that resell SEG, and any organization that processes inbound/outbound email traffic.
Recommended Actions –
- Verify whether your contract includes RBI and CDR; if not, request an add‑on.
- Update your email security policy to reflect the new “isolate‑and‑neutralize” workflow.
- Test the RBI and CDR flows in a staging environment to confirm compatibility with legacy applications.
Technical Notes – RBI intercepts click‑through URLs, renders them in a remote Chromium instance, and discards any malicious payload before it reaches the endpoint. CDR parses attachments (PDF, Office, images), removes macros, embedded scripts, OLE objects, and rewrites URLs/QR codes to route through RBI. No new CVEs are disclosed; the controls are architectural mitigations. Source: Cisco Security Blog