Cisco SecureX [EOL] Reviews

When it comes as a business bundle, we come to customers [to provide] a one-stop shop, and we provide a return of value on human resources. We come with an angle of EDR, Umbrella, and email security. We provide one-stop management that provides the visibility, enrichment, the ticketing system, and the Rockwell playbook that integrates out-of-the-box. That's amazing value for our customers, and this is why we like it so much. 

Today we're not selling just EDR or just Umbrella or just a firewall anymore. We're coming with an XDR SecureX platform offer and that's it, and customers love it.

One of the examples is related to forensics. The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever. With just one click you have information from email, from the endpoint, from the web.

Let's say that tomorrow morning, you have a ransom[ware] attack in your organization and you would like to know from which email it came, or where the customer saved the file, even though the incident didn't occur at the same moment. With SecureX, you have Cisco Threat Response inside. [With] one click, you get all of the flow. That's amazing value. 

That also releases resources for our customers. The customers don't have to connect many systems and try to register the event on each system, or to go to the SIEM and do a correlation. That's the one-stop shop for the customers, and that's amazing.

We are using SecureX to protect all of our users and devices, both onsite and offsite, no matter what network they're on. We wanted a solution that would integrate across various platforms that we purchased through Cisco.

The biggest way we've benefited is because of COVID-19. In March, when the pandemic hit, as a school district we had to go fully remote. Obviously, we have devices that left our network for a substantial amount of time and we don't necessarily know what they were connected to, in terms of networks. Were they keeping safe? We were ready for that shift. We knew exactly what was going on with those devices, no matter where they were. SecureX has been keeping our devices safe during the pandemic. We haven't had any major threats that have come in or that have been found on our devices. That speaks to what Cisco is doing.

The fact that SecureX is built into Cisco Secure products and connects with our existing infrastructure has increased our security significantly because we use all Cisco products in our district. We have Cisco Next-Gen Firewalls and Cisco wireless controllers. What SecureX brings is that all of those can be incorporated together, and you're pulling data from all of those various systems into one pane of glass. You can really quickly see what security threats you have on your network.

With everything in one location, instead of having to open up five, six, seven, eight, or 10 different applications and look at data in them and then cross reference it, it's all in one pane so we can look at one application and see everything in one place.

It has also reduced the workload of our security team because that single pane of glass makes it easy. We don't have a dedicated security person in our department. We're a rather small IT department for the size of school district that we are, so we had to find a solution that easily gets the information we need, in a matter of seconds, because we might not always have the time to do it. And we needed something that obviously was a leader in the market share and we felt Cisco was that. SecureX has probably reduced our workload by 30 to 40 percent.

Something I've noticed, since going with Cisco security products, SecureX and all the rest, is that the number of issues on our devices has decreased substantially. Typically, in the past, we were re-imaging machines, wiping them clean and setting them up again, because they had run into issues, and that has decreased significantly. These products have allowed our users to continue to use their machines for many years without really having any threats on them.

In addition, it has saved us time when it comes to investigation tasks, again in that 30 to 40 percent range. An example of the way we've seen that reduction would be using Cisco Threat Response. If a computer has an issue, and we see some traffic or files on that computer, we can instantly investigate where that file or service has gone across our network. We can see if it went to five different computers and, if it did, we can instantly know what those five computers are. It reduces our investigation time because we don't have to go and check each machine. Cisco is going to give us a roadmap of how that malware impacted our network.

SecureX is a dashboard that aggregates all of the reporting from the Cisco stack into a central location. It's hosted on a public cloud.

ESA has a portal that has all their data, Cloudlock has a portal, and Umbrella has a portal. It basically aggregates them all into the same place so you have a widget or a section of the screen, depending on what you want to focus on. You can customize the dashboard to show all of those inputs in the same place at the same time.

We were just given the APIs, and you basically plug in the API coming out of your Cisco stack into the SecureX portal. It starts sending all the data from those products into Cisco's portal. There's no insight into the backend.

We had a handful of users using this solution. It's giving a readout of very sensitive metrics on our security stance, so we only had it pointing to a handful of users like top cyber security engineers and two or three people in management.

If management wants to ingest reports at a high level from all of the different products, they would only need one login to SecureX to view this information as opposed to separate logins for each of the integrated products.

It consolidated and streamlined viewing of metrics and high level data from our security stack.

We use a lot of different Cisco security products to protect different areas of our entire infrastructure. SecureX basically gives us a single pane to all those products. We were trying to avoid going from product to product to product to product, either to research security events or just look at overall performance of those. SecureX covers every security product that we have. 

There are integrations into third-party products, such as Office 365 and Azure, as well as Virus Turtle to do some research. This solution was mostly initially implemented to help us with researching events and has grown since then.

SecureX makes it easier for me to present to management, i.e., our leadership team, how these security products are working and how well they are doing. We can look at things like our email statistics and realize that more than 50% of all inbound email is actually rejected because it is either spam, malware, or something else. They never would have understood that the percentage was that high until we had a product which actually tracked these things. We could show leadership basically what was happening. 

When we need to investigate something, we only need to go to one place. So if I need to look, then I can see an event which occurred. Maybe it is an event that occurred on an endpoint device, but I need to check the firewall. I might need to check Umbrella. I might need to check Stealthwatch, Email Security, and all of those other products to see what else was happening at the same time. SecureX does that for me. I can go into the threat response part of SecureX, put in that endpoint device or indicators of compromise, then it searches those products for me. I don't have to do that. Not only do I not have to do that, but we can now give that over to someone else who isn't as an expensive resource as I am.

We use it to track our emails and to secure our endpoints. SecureX is a really big tool. If somebody tries to attack us with a virus, SecureX helps us to find that email quickly. Our staff members use laptops, computers, and other devices, but they don't have a lot of knowledge about the whole "IT war." There have been viruses and SecureX has enabled us to protect those users, and our systems and components as well. We have used it to solve spam and phishing attacks that are really popular these days. In our company we have over 20,000 users, so you can imagine how many emails we have on a daily basis. That is a really good example of what we can do really easily with SecureX.

Are you using multiple products from this vendor?

We use multiple Cisco tools within our environment. We use network solutions, products like switches, access points, routers. We also use many Cisco phones. For network solutions we use Cisco ISE and Cisco Prime. As the telephone system, we use Cisco CUCM, Cisco Unified CallManager, integrated with the Cisco Unity system for voicemail boxes. We also use Cisco Contact Center for our help desk and our employee services lines. We also provide systems to our customers. We have many government clinics. For communication, we use Cisco Webex Teams and Cisco meeting systems for video and call communications. We also use Cisco as a design solution.

Using multiple products from the same vendor is really nice and useful because many of Cisco's products are integrated. For example, we have that Cisco CallManager system which allows us to provide phone solutions for our users and that has really good integration with Webex Teams, the video conferencing platform. With the integration, we are able to provide standard phone PSTN features to our Webex Teams users. That is really great.

Using multiple solutions from one vendor saves our company time and money. With all the integrations, we also get really great support from Cisco because if you have, for example, a problem with integration between the systems there is just one company responsible for getting things right. A couple of times, in the past, I worked with two or three vendors, asking for support. We had some issues with integration and it is hard work to get good support from a couple of vendors at the same time.

Also, there have been a couple of times when I had to order physical devices and, working with Cisco, we got some better prices. Being a really big customer of Cisco allows you to also get preferred pricing.

The native integration between Cisco's products is really good because Cisco has solutions for almost every part of IT. There is a managed solution for network and unified communication. Integration between all these systems is really simple because Cisco has really good documentation. And if you need any help, you don't understand something, you are able to ask the great support.

To keep everything very simple, we use a solution provided wholly by Cisco. We grabbed SecureX from them and the cloud from them. That allows us to have better support because it's from one provider. If you have an issue with the system from Cisco, and the whole solution is based on Cisco products, the support can be moved from one team to another.

SecureX provides many measurements and has a really good dashboard. Working with it you are able to see things very clearly and you have every detail on a single display. That saves us money and time. There have been times when there have been 1,500 attacks per day. In a big company like ours, many employees are fired or leave the company and many have used the company email address for subscriptions or for personal usage and that also provides an opening for many attacks. These email addresses end up being used by fraud guys who try to get more information about the company. A couple of years ago we had a really bad situation related to something like that.

It brings all our data into a central point. It also shows us many data connections between many of our environments.

When it comes to investigation tasks, SecureX saves us time. SecureX gives you really good information about potential risks. You are able to find the source of a risk, a potential risk from a user or a machine. I can't tell you how much time it saves, but it's a really good tool that provides you many models that make your work easier and faster.

We have a total of about 150 customers with about 6,500 users and we handle their IT. There are 300 sites all over the Netherlands from which we get all the intel and we feed it into SecureX. It's our central point where we collect everything very easily. When we see something happening we can take the security feed, look at the event in an organization, and SecureX shows us what's going on. It helps us analyze and understand things.

All the security solutions such as firewalls, email security, web security, endpoint security, and antivirus report into SecureX where we have a dashboard that shows everything that is happening.

The orchestration allows us to say, "Well, if this happens here, then we should take an automated action." For example, if an email is received on a machine and malware is being executed, it can be put into lockdown mode. It should only be accessible by the investigators. It cannot connect with any other resources within the company anymore. It cannot send or receive any files. SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together.

We're seeing and correlating things that we never expected to be able to put together. Before we had the SecureX dashboard, which ties everything together, we would have logs on some computer, or logs on a different system with timestamps. We would have to input search commands to see if there was anything happening on one machine that was also happening on another machine, or if there was anything happening in the firewall that was also happening with email.

We're also doing things with SecureX now that I didn't think were possible two years ago. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. I didn't expect there to be a product in which you can so easily change between the different parts of your security with a single click, allowing you to go from publicly available security intelligence into, "How's it looking in my environment?" 

We can do things within seconds, things which we wouldn't even have thought about doing two years ago, just because we didn't think there would be anyone combining the different sources of information together and making it easy to correlate between what's happening in the rest of the world and what's happening within our environments.

Also, SecureX provides us with contextual awareness throughout our security ecosystem.

Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out. 

You can also see not only what kind of malware you have, but what kind of damage or what kind of tech you're looking at. You can very easily see if there is somebody who is trying to find out if there's anything open or if it is somebody who has already established access and is trying to escalate from a user account to the administrator account. You can even focus on these kinds of privilege-escalation attacks and make other issues a second priority.

In addition, like every company, we have to deal with compliance. We have a compliance officer, but normally the compliance officer would not have access to the firewall logs, the email security appliance, endpoint security, etc. But he still has to get all the compliance information out of them, including details such as how are we doing, how many threats we are capturing, etc. I gave our compliance officer access to the SecureX dashboards and now, without having to log in to any of our security appliances, he has a live dashboard with an overview of what's going on. How many incidents? How have they been resolved? How much malware was seen within the company? What kind of compromises were there? Were they critical, high, medium, or low?

He can look at everything himself without him having to ask for me to create a report and without having to have access to the files themselves. He has a dashboard and can say, "I want to see the last week, last month, etc." He gets all the widgets and all the information for whatever period he wants. He can use that within his report to show the auditors how we're dealing with our security. Without any reporting, without emailing back and forth, he gets access to the live information. That's something I wasn't expecting and it has proven to be very valuable. He cannot mess anything up, however, he still has access to the live data on the entire network.

We are a managed service provider with a number of customers that have different Cisco security products. We utilize SecureX to give us a better, high level overview of all of those different security installations.

When considering how SecureX has improved our organization, things should be looked at holistically with an endeavor to see threat patterns across one's entire environment rather than individual products. We still haven't really explored the Orchestration side of the tool, but if we can start to leverage that it will help us do better with some of the security challenges that we face. Hackers use automation and this means we can only attempt to keep up if we use automation as well.

The tool's use cases include cyber threat intelligence and automated hunting. These are some of the key features that our customers like about the tool. 

Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process. 

Our customers also find the ability to create their own workflows using low-code capabilities to be really powerful. This powerful tool automates threat hunting.