Hi there,
I manage a Cisco IronPort ESA appliance for my organisation and made a quick blog post last night about things I thought should be a best practice for a new ESA appliance.
The reason I wrote this is because some of these things are not configured from the start or are configured poorly by default.
Take a look and let me know what you think - I plan to make a part 2 because there are some things I did not have time to go through and it was quite long already!
Remember that your environment will be different from mine so you should understand the things I say before blindly implementing them!
http://emtunc.org/blog/06/2014/cisco-ironport-e-mail-security-appliance-best-practices-part-1/