Email security

This type of CyberApp is for ISVs that provide email security by redirecting email traffic to their cloud.

The purpose of such an integration is to provide MSPs with the ability to protect their customers’ mailboxes by scanning emails for malware, phishing, and spam.

Recommended extension points

To be able to extend Acronis Cyber Platform with email security capabilities, the following extension points should be used.

CyberApp enablement form

CyberApp enablement form, to enable the CyberApp, provide credentials for accessing the ISV service, and map ISV customers to Acronis customers.

Email security is performed at the customer-level. This means that the Acronis Partner needs to enable the CyberApp for each end customer individually. Typically, email security CyberApps contain the following settings:

• Client ID and client secret

  Required to authenticate in the ISV cloud and fetch the list of end customers.

  These settings enable the CyberApp for the Partner.
• Customers mapping

  A list of customers fetched from the ISV cloud that allows the specification of an existing customer mapping or the creation of a new corresponding customer mapping in Acronis Cyber Platform.

  Mapping an ISV customer to an Acronis customer results in enabling the CyberApp for the specific customer.

CyberApp configuration and mapping can be done only by the Acronis Partner. It cannot be done by end customers.

Alerts

Alerts, to display alerts and events generated by the ISV service.

It is recommended to report information about malware detections in emails in the form of alerts.

Alerts must be submitted as a new alert type and contain the following parameters:

• Threat name.

• Action executed upon the threat detection.

• MD5, SHA1, SHA256 checksums of the detected object.

• General email information (sender, subject, received date, etc.).

• Email account.

Main menu

Main menu, to configure tenant-level settings for customers.

To be able to configure parameters for email security, it is recommended to create a dedicated page for the CyberApp in the email security section of Acronis Cyber Protection Console (a new menu item).

This page should contain application settings that are applied to the customer tenant.

Such settings can be:

• List of protected domains.

• List of protected mailboxes.

• Protection settings.

• Exclusions.

Page content must be described in the declarative format in Vendor Portal. Settings specified on this dedicated page are communicated from Acronis Cyber Platform to ISV cloud via API Callback Gateway.

Widgets and reports

Widget and reports, to display email security status.

An email security CyberApp should create several widgets to report the protection state.

For example:

• An historical diagram of email scanning alerts.

• List of top 5 mailboxes with the most number of alerts.

• List of 5 latest alerts generated by the email security Cyberapp.

These widgets should be declared by the CyberApp. The widget data must be based only on alerts or workload attributes submitted by the CyberApp.

It is recommended to add CyberApp-specific widgets to the Overview dashboard in Acronis Cyber Protection Console and in the Detected Threats report. Additionally, the application may register a new custom report on email security with all the widgets created by the CyberApp.