Latest features of Sophos Central Email
In recent months, Cental Email has received a whole host of new features. I have listed some of them here, and for most, there is a video that explains everything.
Message History - Advanced Search and Enhancements
With this release, Sophos brings advanced search functionalities to the Message History for the Central Email Service. The advanced search allows users to search for emails based on various criteria such as sender email address, recipient email address, subject, message size, attachment, and DSN (Delivery Status Notification) code. It is required that at least 3 characters are entered in a field for searching. Fields can also be left blank to exclude them from the search criteria. The basic search will become obsolete and be removed after a certain period.
In addition to the advanced search, improvements have also been made to the message history. In the message details, the option to block sender addresses or sender domains has been added. In the “Block IP address” option, the domain name of the IP address is now displayed via the Reverse DNS (Domain Name System) query. This helps in assessing the impact of blocking an IP address and prevents unintended blocking of IP addresses used by multiple sources, such as Google (Gmail). A new “URLs” tab has also been added to the message details page, listing unique URLs in the message and making them searchable.
More information: Message History - Advanced Search and Enhancements
Interactive Reporting
There is a new interactive reporting function that makes reports consistent and granular and significantly improves the user experience of the dashboard and reports. The new dashboard shows improved statistics and the most important metrics for inbound and outbound messages.
The activity summary for inbound and outbound messages has been updated to arrow graphics representing the direction of email flow. The arrow graphics show messages in the order of scans performed.
The Data Control chart (formerly referred to as DLP) has been updated to show a split between inbound and outbound messages in the pie chart on the left and a further categorization of messages by data control rule type in the pie chart on the right.
The report data can also be exported in CSV and PDF format. It is also possible to sort the report data by any desired column. The user can now interact with any linked value in the dashboard or other reports by clicking on the value to navigate to a report that displays more details about the value.
However, graphics are difficult to describe in text, and therefore there is a video here that explains the innovations.
More information: Interactive Reporting
Policy Improvement
Sophos Email has improved its policies to also apply to external domains and mailboxes. This capability has been added for both Email Security and Data Control Policies.
To use this feature, a new tab named “External” is added to the policies. The default option is “Include all,” so existing policies will continue to function as usual. However, it is possible to customize policies to either include or exclude a list of email addresses and domains to which the policy should apply. It is also possible to import a list of external email addresses and domains in CSV or TXT format to populate the include or exclude list for the policy.
External domains/mailboxes should be configured in the policy such that the policy only applies to messages exchanged between the external domains/mailboxes and the group of internal users, groups, or domains. This allows the policy to be more granularly adapted to meet data protection or data control requirements for these messages. For example, if S/MIME is to be applied to all messages exchanged between a group of users in one’s own organization and a group of users in a partner organization, the domains or mailboxes of the partner organization must be listed under the External tab and one’s own users under the Users, Groups, or Domains tabs.
The new functions are also explained in the following video.
More information: Policy Enhancement
Enhanced Time of Click Protection
HTTP/1.1 (Hypertext Transfer Protocol) does not impose any requirements on the length of URLs. However, various Microsoft products do not support URLs that exceed a certain length. Microsoft Outlook does not support URLs longer than 2048 characters. This limitation has caused inconvenience for users when URLs rewritten by Time-Of-Click exceeded the length restriction. The URL was truncated by Outlook and thus rendered unusable.
The Time-Of-Click function has now been enhanced to address the URL length restriction efficiently. You will find that URLs rewritten by Time-Of-Click no longer exceed the length restriction.
Stricter enforcement of TLS connection
Sophos Email has introduced stricter enforcement of TLS connection for accounts configured for encryption. This increased security. This improvement worked well for the vast majority of customers. However, for a handful of customers who had not configured TLS on their local mail servers, there were disruptions in email traffic. To help these customers transition, we temporarily rolled back the changes.
Impact: If you had not configured your mail server to accept a TLS connection, but had configured encryption in Sophos Email, you received the “TLS Delivery Failed” error message. This has now been fixed on 26.10.2022 and may require an adjustment in the configuration.
More information: Strict enforcement of TLS for Encryption
Message History API
Sophos has introduced a new feature called “Message History API”. This feature enables the collection of message history data from the Sophos Central XDR Data Lake and the retrieval of this data via this API. The Message History API extends the existing data sets in the Sophos Email XDR Data Lake and enables the search and analysis of various message types, such as impersonation emails or spam, based on attributes such as sender, recipient, attachment, or URL. An XDR or MDR license is required to use this function.
More information: Message History API
