Cisco Secure Email Reviews

It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

The bulk of the email stopped would be marketing. Spam-related email tends to be our biggest issue. The most dangerous contain malicious content, and those tend to be the worst.

The biggest issues are the social engineering and phishing. A lot of the spammers are actually quite good at spear phishing attacks and social engineering our emails. We obviously do checks. We run some simulations for our staff, where we try and train them so they are aware of what not to click on. Also, we have installed Umbrella and had it for a long time as well. Therefore, if something was malicious, and one of our users had clicked on it, Umbrella would usually stop anything outgoing. The combination of the two solutions has really helped secure our organization.

I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does.

The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have.

Over seven years.

We really haven't seen any issues on the stability side of it being cloud-based. We also have three virtual hosts that run in our environment. in the event that we lose one, there are two others. We have never seen any issues with the environment, which Cisco proactively monitors. They'll come back to us and indicate if there are any hardware performance issues and schedule appropriate restarts to appliances, if required. This happens occasionally. 

Given a lot of people target hospitals, we tend to be attacked more than other corporations because there are health records, health information, financial information, and research information. Cisco Secure Email Cloud Gateway and some other products have definitely allowed us not to have the downtime that we may have had if our previous products and solutions were in place. As far as I'm aware, we haven't had any downtime since we put in Cisco Secure Email Cloud Gateway and Umbrella several years ago, which has been fantastic. 

We have our security analyst who gets feeds out of Cisco Secure Email Cloud Gateway into our other products. We also get feeds into AMP for Endpoints, so we see what happens because we have our Cisco Secure Email Cloud Gateway integrated with AMP for Endpoints. That goes into our Threat Grid and Threat Response. 

Our server team might get queries about messages that might have been quarantined or someone having trouble receiving external emails. That's usually where a domain might be rated above our parameters and gets blocked. With something like 3,000 mailboxes, we spend at most an hour a day checking on the Cisco Secure Email Cloud Gateway environment. 

Our environment is scalable, and we monitor that with Cisco. When we do our periodic Health Checks, we look at the performance of the appliances and how they're doing. They're handling the 10 to 12 million emails that we do receive through Cisco Secure Email Cloud Gateway a month. There are about 90 percent which are not even forwarded onto us. Therefore, it's handling the capacity that we have at the moment. At this stage, there's no need for any increase in our hardware.

It's an invisible service where every piece of email going in and out of the organization goes through CES.

We are doing more integrations with other security products, like Threat Grid, Threat Response, and AMP, along with SecureX. Getting the Cisco Secure Email Cloud Gateway feed into that and have one pane of glass to see the threats of the organization through both emails, firewalls, routers and VPN is fantastic. 

We have a team of resources at Cisco that we can call on, if we need things escalated. Having great customer-centered service and support is one of the reasons why going with Cisco has been such a fantastic decision for both organizations that I've been at.

Positive

Prior to using Cisco Secure Email Cloud Gateway and my being at the organization, they had a Qbot massive issue. I don't know a lot of the detail, but at the time, we had a lot of machines that had to run certain versions of software. Because of it being older software, legacy-type applications, they were more susceptible to issues. Qbot just went through the organization and took out a lot of that equipment/machines. Cisco actually came in and assisted to get rid of all the issues that we saw with Qbot, etc. It took several weeks spent by Cisco and other organizations trying to resolve our issues with Qbot to get things operational and back to normal. That was really the catalyst to get Cisco Email Secuity into the organization.

We were previously using McAfee for both their Endpoint Protection as well as for Email Servers. The difference was the volume of emails hitting our email servers. The servers had to deal with 10 million emails a month. Having to process those additional emails and pushing them onto users took a massive amount of infrastructure and resources at a server level. Whereas, at the moment, our servers are not having to deal with that because we have Cisco Secure Email Cloud Gateway right outside of our perimeter.

One of the reasons that we switched away from McAfee is that we moved to an enterprise agreement with Cisco. Under that, we get the Cisco Advanced Malware Protection (AMP) for Endpoints. Once we went down that path and install it, there was no point in having McAfee as well when the AMP for Endpoints already has some of the different engines. Plus, there was a duplication of costs and applications, such as the support costs as well as to maintain multiple antivirus and endpoint protection software.

At my previous organization, we were using the standard Office 365 controls and Email Gateway before we put in CES. The amount of email and spam that we got, even malicious emails, through Microsoft was horrendous. We ended up having four different massive outages because of getting some viruses in the organization and some of our file servers along with encrypted user hard drives. We had four instances of major outages where we were down for probably 24 hours each time, and that was only because we had the backups. We also had some other measures where as soon as we saw any change in the root directory (as that data encrypts our file shares), we'd automatically shut the services down. However, this was an inconvenience for the users. You would end up getting the initial malware, then also having to do remediation to get it back to normal. When you have potentially hundreds of staff who are offline for 24 hours, it's a very big cost to the organization when you don't have your systems up and running. 

When the malware got through Office 365 on four different instances, that was directly attributable to the difference between Office 365 and CES. Our users still had to get their email through our on-prem server, but we did not let staff get their emails directly from the Microsoft 365 Server.

Once we put in CES, these issues disappeared altogether, and we were thankful that the volume of spam emails decreased considerably. Office 365 is a good second check to CES, but there's nothing that I've ever seen which has gotten through Cisco Secure Email Cloud Gateway that Office 365 has picked up.

The initial setup is straightforward. Cisco does a very good job of onboarding customers and setting it up so it's very much ready to go based on some fairly standard settings from Cisco's point of view. 

The deployment took only a few hours. Even at my previous organization, it was very quick. Once it was done, we changed our MX records to go to Cisco Secure Email Cloud Gateway instead of Office 365. From there, email went from Cisco Secure Email Cloud Gateway to Office 365. It was pretty simple. We had control of our DNS so it was very quick and easy for us to change the records and get our email flowing through Cisco Secure Email Cloud Gateway. We could see the benefits straightaway. We could see just how much volume was coming in, e.g., in my previous organization, we had something like a million emails per month, of which eight percent would be delivered to our end users.

In terms of switching from one solution to another, it's seamless for the user. They are not seeing the downtime because they're connected to the local Exchange Server. Therefore, they're not seeing the upstream components. There might be a slight delay in terms of the MX records globally, but that is, at worst, 24 hours. So, there might be some delayed emails, but that's probably the only thing. Once we had switched over, we received positive feedback saying, "Hey, what have you done? It's been fantastic. You've reduced the amount of spam messages we used to get."

It was easy enough to do the implementation with Cisco and their support because we had adopted an enterprise agreement with them. Therefore, we had the support of Cisco implementing both Cisco Secure Email Cloud Gateway and Umbrella into our organization. They were very good at helping getting up and running.

There was one of my other staff who assisted me in setting up Cisco Secure Email Cloud Gateway with Cisco. It was relatively simple and easy. 

Doing Health Checks with Cisco have been fantastic. Being able to do those every few months and going through what other options that we might want to lock down or change gives us an opportunity to ask them questions, see what we could be doing better, or what new measures/features have been deployed, furthering securing our organization. The Health Checks are an invaluable service that Cisco provides to CES.

In my previous organization, avoiding four instances of CryptoLocker within an estimated six month period is approximately $600,000 in lost time and effort. Our five year cost was about a million dollars, and the four outages that we had equated to 65 percent of that five year cost. It ended up being a very simple decision to go with the security enterprise agreement with Cisco, which included Cisco Secure Email Cloud Gateway and all their other cybersecurity products.

Office 365’s native security controls to protect your organization compared to this solution are terrible. With Office 365, unless you actually pay for the advanced options with email security, they're actually quite useless. You've no control over the standard offering.

My previous organization did look at the Symantec Cloud solution. At both organizations, it didn't really make any economical sense to look at other vendors. If we had an enterprise agreement with Cisco, then you get the support from Cisco that's second to none, where you get somebody on the phone straightaway to work through your issue until it's resolved. My previous dealings with Symantec and McAfee are that they're not as customer-focused in terms of their support. Cisco has been.

Don't have an organization that doesn't have this sort of protection in place. If I was to be in another organization, and they didn't have this sort of protection, I would definitely be advocating that they get something in very quickly.

Don't hesitate: The benefits are there. It can be seen as being a large cost. However, if you've ever had any instances where you've been affected by malware or CryptoLocker, there are a number of things that you should be doing as an organization: perimeter email security, DNS protection, and removing USB access on devices. These are probably the top three things that I'd be advising people to do.

We don't use Office 365 (which is now Microsoft 365) at the moment, but it's something that we are looking at. Being a large hospital, we're looking at aligning ourselves with our Department of Health so Office 365 is something that we will be using that to a certain extent. However, we would still be using Cisco Secure Email Cloud Gateway if we did move to that. We would deliver emails from Cisco Secure Email Cloud Gateway into Office 365. That way, we would still have the security. That's how I've set it up at previous organizations: Going from Cisco Secure Email Cloud Gateway into Office 365, delivering to our on-prem Exchange Server, and then onto our users.

The amount of traffic that it stops is massive. I would rate it a 10 out of 10.

It is like a gateway for email. They receive all your email traffic. They send over your email traffic, and it is the first incoming point and the last outgoing point. They deliver the traffic to the destination. Whatever it is, you want to be informed of what is happening. Depending on the site's deployment, if you have a single device, then you have all the information on the device. And if you have several devices, you have all the information on every single device for each device. However, for consolidation, you need another device called Security Management Appliance (SMA).

It has no real interaction with other stuff. It does not interact with a gateway beyond the networking level. You have a router and that router provides IP addresses for a switch, etc. You don't have to integrate Cisco Secure Email with something specific since it is standalone and only requires basic essential networking. You can integrate it with a firewall, like ASA, but that firewall has to allow traffic. To do that, you would open port 25.

It is available to be deployed as on-premises, on the cloud, and hybrid cloud.

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

• For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
• DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

The most valuable feature is reputation filtering. In the beginning, it was based on just the IP source. but it has now evolved to domain reputation. It allows you to classify different IP sources and different sender groups, where you can reject to throttle to whitelist from any IP sources, domains, etc. Based on the reputation gathering, the reputation is powered by Talos security. It is a super powerful feature. That alone gets rid of more than 50% of the crap from the traffic flow, before even hitting the anti-spam or antivirus.

If you have some knowledge about email, it is a pretty simple solution that has many controls on different levels, from the gateway part to accepting messages from certain sources to stringent filtering. It is state of the art with anti-spam, antivirus, and different threat prevention features. 

SecureX is powered by Talos, Sourcefire, etc. Today, it is the largest, richest threat intelligence on the market. SecureX is quite standalone in regards to integration since you put it into the network, whether it is on your own cloud or a third-party cloud.

If you go to the filtering level, you can have very accurate features or filters since it is programmatic. At a certain point, you can define sets of rules, such as where the email is coming from, whether it has this content, or to apply this policy. For example, if it has the same considerations, but the content is different, apply this another policy. It is super flexible and very customizable to your needs. It is not difficult to use.

It provides information, reporting, logging, and tracking. It has powerful tracking, so you can know exactly and accurately where an email came from, for which specific device, etc. It shows the emails which were:

• Dropped
• Rejected
• Quarantined
• Accepted by which policies.

It also shows the rule sets applied for that email and considers

• The source
• The Offender
• Anything else that you may consider in an email.

It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure. 

You can consolidate on SMA if you want to spam or threats quarantined for multiple devices. It is not advisable for a single device, because if it fails, you are left without any email.

I would like to see a few changes to the UX. 

There is space for improvement with data loss prevention, particularly with third-parties integration. Data loss prevention is quite important, though most customers have some third-party or other elements in their network doing data loss prevention, specifically for email. However, if it could be possible to integrate with other solutions, not only on the email flow, but on analysis for a connector or something like that, then that would be ideal.

The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear.

I have been using it since 2004.

It does not add anything to the potential downtime for a corporation, unless everything fails. If all your email exchanges fail, then you don't have email, but this solution does not affect the performance of your whole network. 

At the minimum, you need two devices. If you have two devices and one fails, then the other one can handle the work, though you might have some email delays.

You should keep track of what is going on. It does need some daily administration, fixes, and policy changes.

In general, their technical support is really good. There are a few who are still learning, e.g., not providing enough help, but there is always the option to escalate.

It was the IronPort before Cisco acquired it in 2007. It is the same appliance and software. This solution has been upgraded by several versions, but it is basically the same, they just changed the name. 

I have done the architecture for a company in China.

It is a super big router that costs a few hundred thousand dollars.

These days, the first tiers of this market have good enough anti-spam, antivirus, etc. These have become routine. There are some other not-so-good solutions, like Barracuda and Fortinet, but it depends on how much you are willing to pay as this solution is not cheap.

The best other solution is Proofpoint. They have been long-time competitors who have also been evolving. The big difference is it is more fancy because it has more bells and whistles. The solution is good as well. However, they are super expensive, not cheap.

If you want a multi-tiered deployment, you could perhaps have Secure Email on the cloud and Proofpoint on-premises. Then, you have the two best solutions in the market working together. I have customers who have done this and are satisfied. Very few solutions can compete with Secure Email and Proofpoint outside of the price. If your budget is a problem, then you have a problem.

Along with Proofpoint, this is the best solution in terms of preventing spam, malware, and ransomware.

Check Point has fancy graphics and an interface where you can do a lot. The Cisco Secure gateway has both, though not as fancy as Check Point, but a big majority of the tasks can be done on the graphical interface level.

It is not so difficult to us, but neither is it easy, particularly if you don't have some knowledge about email.

Whatever you are looking for with an email security appliance or device, you mostly have it, though nobody is perfect.

The solution’s ability to prevent phishing and business-email compromise is fairly good. DKIM, DMARC, and SPF integration are the best way to prevent phishing, spoofing, etc. However, they still have room to work in this area.

All of our inbound and outbound emails flow through the CES environment and we leverage it for spam filtering, phishing filtering, malicious URL detection, attachment scanning, and data leak protection. It basically covers all of the security layers for email.

It's cut down quite a bit on the amount of false-positive spam that we get. The spam engine that's utilized by CES, we found to be pretty effective. It's rare that things end up in a quarantine when they aren't supposed to be there, which is very beneficial. I believe that was one of the reasons that we moved from the previous hosted solution that we were utilizing to CES.

The malicious URL scanning, as well as the anti-malware features, have been really useful for us in our environment. Specifically, the URL scanning has helped to knock down quite a few phishing attempts that come into the organization. The broader blanket automated attempts get knocked down pretty quickly since those URLs typically get flagged early on, and then the appliance just picks up on those URLs and knocks them down. It is the same with malicious attachments. The malware scanning that's done via AMP, which is deployed elsewhere in the organization as well, just grabs all of that before it hits the inboxes.

We have our email security feeding into the SecureX solution and it's nice to have all of our security platform statistics in one place. We leverage quite a bit of the Cisco security stack and having all of that feed into the SecureX dashboard is great. The dashboard continues to evolve, but it is at least nice to be able to see everything at once.

Integrating this product with SecureX was pretty quick and easy. Both of the solutions are cloud-hosted and the SMA, which is the reporting module that feeds the data into SecureX, was done via the API. The documentation on the SecureX portal walks you through exactly how to add the various integrations.

We leverage the AMP functionality that exists in CES, and it also ties into threat response, which is the threat-hunting platform that Cisco has. The benefits of these integrations were pretty important in the decision to stay within the Cisco product family. The threat hunting and threat response are really nice because we're able to see if something malicious makes it into the environment. Once that happens, we are able to trace that back and find out if that was done via an email, and then grab the information for that specific message. This will tell us if there have been any other indications of compromise on any other hosts. When it comes to being able to do that, having it all in a uniform environment is pretty important.

The UI is definitely one area of improvement because it doesn't match other interfaces and the navigation can be a little clunky. Generally speaking, it is just dated, and I know that they're working on enhancing it for later versions.

They should continue to develop their integration with Office 365 or Hosted Exchange since a lot of organizations, ours included, are moving primary Exchange services to the Microsoft Cloud. Being able to integrate tighter with that environment is important.

I have been using Cisco Secure Email since joining the company.

We haven't had any issues at all with the stability of the platform.

With it being cloud-hosted, it can scale as wide as you need to.

We have roughly 1,000 employees and all of our inbound and outbound emails go through this system. This means that there are several tens of thousands of messages a day flowing through it. We haven't had any sort of performance issues at all with our environment.

Cisco's technical support is very good. We've just recently had a couple of tech cases that we needed help with. We were researching why some of our partner's messages weren't getting through intact. Because this is a hosted solution and they have quite a bit of visibility, it has always been great.

We've never had any issues with support on this platform.

In previous organizations, we've leveraged Postini, which was a cloud-based solution that was acquired by Google. I've also worked in environments that have leveraged Microsoft's Office 365 email spam filtering, and they've been good, but generally, usability is sometimes a problem. It goes back to the UI and then the accuracy.

The amount of spam that is stopped has not always been great. As such, I feel that CES has a pretty good balance in that regard.

As this solution is hosted on Cisco's cloud, we don't manage the underlying infrastructure.

We probably have about eight individuals who work with it. Some of them are within our support organization, there are messaging or Exchange admins, and there are network engineers.

Return of investment is something that is difficult to measure because you're essentially trying to prove a negative. It is difficult to say what it has prevented or what has been stopped from happening. That said, I think the overall satisfaction, at least from the user perspective, is good.

When you consider the spam and anti-phishing components, in addition to the IT benefit of the anti-malware and antivirus, I think we definitely get an appropriate return. Nobody questions the expenditure on the solution as being ineffective.

With respect to transferring policies and licenses, Smart Licensing has really improved the overall licensing model for Cisco. We've been really happy with Smart Licensing.

There are additional fees for adding features. For example, things like AMP are additional licenses. Because it's all done via the Smart Licensing portal, when new licenses are acquired they're dropped in our bucket, so to speak, and then the solution just grabs those licenses. There is no back and forth required. The license ends up in the bucket and then the solution syncs with Smart Licensing and we're good to go.

For the future, we are looking at moving to newer versions that allow for additional advanced phishing protection. That's something that we're targeting. Also, we're trying to figure out how to streamline our mail flow with the majority of our inbound and outbound email that is now flowing through Office 365. Essentially, we're figuring out how we can tighten up that integration and lessen our dependence on on-premises Exchange for our mail flow.

With respect to versioning, it is controlled by Cisco. I believe that version 13.5 is when they introduced the advanced phishing protection. We're notified when new versions are released and we can ask for earlier versions, but we get adopted once those versions become generally available.

My advice for anybody who is implementing this product is to leverage the Cisco Validated Design (CVD) documents that exist. They're super helpful. Cisco has done a lot of work with Microsoft in figuring out integrations and documenting those. There is quite a bit of really good documentation, both within Microsoft and Cisco on building those integrations and configuring them.

We have also leveraged Cisco's adoption services around renewal times to make sure that we're using the platform to the fullest extent. They offer health checks for their hosted solutions, so on a yearly basis, you can sit down with an engineer and walk through and make sure you're on a good version of the code. You can make sure that you've again implemented from a high level, those feature sets correctly, and that you're leveraging things properly. Cisco does a lot of things to make sure that it's an easy renewal conversation to have, specifically with leadership.

The biggest lesson that I have learned from working with this product is to make sure that you're engaged with your Cisco teams to guarantee that you're getting the most benefit out of the platform. Again, you should be taking advantage of the health check services and adoption services because they're really unique.

In summary, this is a good solution but I think there's always room for improvement. I don't think that anything is perfect and they've definitely got some work to do on tightening up the UI and the configuration presentation. From a functionality perspective, the platform is great. 

I would rate this solution an eight out of ten.

It is our email gateway. We have the Exchange Servers, but the Exchange Servers don't relay directly with the internet. We have ESA in-between, and every incoming and outgoing email must pass through ESA before it gets to the internet.

We are using Email Security Appliance C690, and we have three of them in a cluster. They are on-premise. We have decided not to go to the cloud. It is primarily because most of our clients are government agencies and the government, and they have this suspicion about the cloud. So, right now, we are still on-premise. 

Currently, we are on version 13.8. There is a newer version, but we are yet to migrate to that version.

We use ESA with Security Management Appliance (SMA). We have SMA M690. The integration of ESA and SMA makes the whole work easier. SMA is the central content appliance, and we have three ESAs. The SMA is able to collaborate with the clustered ESAs for log management and other things. It gives some stability in terms of what is happening. ESA keeps a lot of logs, so SMA is able to move through ESA and get those logs out. This integration has really helped us to drive our operation in the email platform.

It does a lot in terms of preventing phishing and business email compromise with DP and Advanced Phishing Protection. DMARC gives visibility for preventing spoofing and social engineering attacks. ESA has been able to help and protect us from those attacks. It is doing a lot of work. Gartner has always rated Cisco's ESA appliance as one of the major players.

It is doing a lot to prevent spam, malware, and ransomware. Everything is also tied to how you have configured it. Some of the spam emails don't get to the customers. We can quarantine a spam email, which gives us the visibility to look at it and see if it is actually spam or not. It is doing its work. It is. There are no false positives. It is working perfectly.

Email service is one of the services that we offer at Galaxy. ESA has improved our business. Our customers want to maintain their business with us for email security. We have over 500 domains on our email platform. It has improved our profitability in everything.

They have a lot of features such as Advanced Malware Protection, Email Protection, Advanced Phishing Protection, Antispam, Antivirus, and Outbreak Filters. They are very important.

It is doing its work. It is doing what it was actually designed to do. It has ensured we don't have business email compromises, and it has also ensured that our brand Galaxy is unique all year round. 

The area of license renewal should be improved. We normally renew our license every year. There is a feature called smart licensing, and I switched from the legacy mode to the smart licensing mode because of what I thought smart licensing does. I thought it would make licensing renewal seamless and very swift, but ever since I've switched to smart licensing, each time I want to renew my license, it is a whole lot of headache. The process is not smooth, and I had to keep calling Cisco TAC to see how the issue can be resolved. At one point, I wanted to revert back to the legacy mode, but I can't revert. Once you switch from the legacy mode to the smart licensing mode, you can't revert. They should improve on the visibility of the smart licensing mode so that it can indeed be smart and easier to use for the license renewal every year. That is one challenge.

Another challenge is that there is no way for me to know my level of utilization. For example, if I have a subscription of 2,000, there should be a way for me to know my level of utilization. Currently, I don't know my level of utilization. So, if my license is renewed on 20,000 subscribers and I'm using less than 20,000, I wouldn't know. It doesn't improve my ROI. If I'm using less than the subscription I've applied for, there should be a way the system should tell me, rather than me going to find out manually. When I go to the smart licensing profile, I should be able to see my utilization. I should be able to see that I've subscribed for 20,000 but I'm only using 12,000. This means that if I'm going to renew, I should reduce my licensing mode from 20,000 to maybe 15,000. This kind of information should be given to the customers, but right now, we don't have that.

I've been using this solution since 2017. My organization has been using it before that. It has always been in use as our email security gateway.

It is very stable. They have AsyncOS, which is the OS that runs on the appliance. They've released different versions. There is a general version, a limited version, etc. They keep coming with more services just to improve the platform. 

We never experienced downtime. We have ESAs, and they are in a cluster. If one ESA fails, there is no downtime. The remaining two can handles email communication and relay. We have high availability and redundancy. So, we don't experience any downtime.

We do ESA health checks with OEM during which they connect with us virtually. They connect to the device and then check if all security features are still well configured and if there is any other way to improve. Doing this quarterly has really helped to make sure that the appliances are up to date.

It is scalable.

They are very good. I would rate them a nine out of 10. If possible, I would rate them a 10, but I just want to be a little bit reserved. 

They've really been very knowledgeable and very patient, and they've always ensured that for any issue, any ticket, or any case that is opened with them, they are prompt. They are quick to ensure that they resolve an issue as soon as possible.

It has always been ESA from the onset.

I wasn't part of the team from the beginning to the end. I came when they were almost done. It was complex but also very interesting. It took two weeks or so if I'm not mistaken.

For the setup, you need to look at the low-level design and the architecture, and then you look at the network interfaces, listeners, routes, default routes, etc. If there is a way they can come up with step-by-step information about configuring it, that would really be nice. The guide right now is too cumbersome and bulky. If there is more straight-to-the-point and procedural information, it would be better. 

Cisco service engineers were the ones in charge. 

We have seen an ROI.

At times, we feel the pricing is a bit too high, but then, there is also room for discounts. We enjoy a lot of discounts, and that is why we are still with them. There are no costs in addition to the standard licensing fees.

We have evaluated other solutions, such as FortiMail from Fortinet, but we stuck with Cisco ESA. ESA's pricing and licensing were what led to us trying to see how we can bring it all together.

It is stable and credible. I would always tell someone else to try it out. Of course, before you try it out, you can look at what Gartner is saying. Gartner has always placed the Cisco Email Security Appliance up there along with Mimecast and other top players. 

It is well-secured. Security is everyone's concern, so I will always tell people to go for it. It is very secure. Its pricing has been a little bit high, but you can always ask for a discount from your account managers, country manager, or whoever is in charge in your region.

I would rate this solution an eight out of 10.

We are an internet service provider with a few hundred customers. All our customers need a reliable solution for email security and this solution from Cisco helps us to implement the customers' needs and to offer the security the customers want.

We are using all the appliances on premises. They are virtual appliances only. We are not using the cloud because we own our data center.

With Talos threat intelligence we are protected. I cannot guarantee, 100 percent, that the protection will always be there because something new can appear on the market, something that Talos doesn't know, but we are confident that Talos assures us of all the security we need. We are happy to be using it.

We have customers who was looking at our product catalog, what we offer, and they said, "I don't need the email security appliance because at my company things are secure without that." The prices are quite expensive for the security appliance and the customer wanted to manage his business without it. After some weeks, we get a feedback from the same customer that the malware is already in his company and now all the data are compromised." After that, the customer chose to buy this email security appliance because his security was as important as anything else. We have more examples like that, that have happened in the last year. You are never secure without some solution from Cisco.

When it comes to preventing downtime, the Cisco Security Email appliance protects our customers so that they don't lose their information and can continue working. I am sure that many of our customers have been attacked with ransomware and with malware and this solution protects them.

• We are using Advanced Malware Protection since a few years and It works very well. 
• Our customers are safe now using the AMP sandboxing solution. 
• The appliance has more security such as SPF, DKIM, DMARC, and encryption. 

There are a lot of security features that we can implement.

All the appliances are connected with Cisco Talos and they check, in real time, with Cisco Talos. AMP is using Cisco Talos, and we have other products from Cisco, such as web security and AMP for Endpoints, that are using Cisco Talos too. Talos is a very important tool that speaks with all Cisco products.

We have been struggling in the last month with Cisco encryption and with the S/MIME encryption. I don't know if it is an issue on our side or if these features of the solution are not working very well. The documentation is good but I'm not sure if the functionality in these areas of the solution is implemented very well. We are evaluating the situation.

I've been using Cisco Secure Email for between eight and 10 years.

The stability of the solution has made a very good impression. In the last two or three versions, I haven't found bugs or anything that could affect the stability.

The scalability has been fine so far. We are very happy to use the cluster functionality in the ESA. 

The same type of clustering in the ESA has not been implemented for Cisco web security and we have been waiting for years for that functionality for the web security. But in the Secure Email it's working very well and we are happy with it.

Sometimes the customer support for Germany is good and sometimes it's very bad. We have over 200 technicians and we have been working with Cisco products for 15 to 20 years. We have a lot of knowledge. If someone in customer support knows less than us, it is difficult to get them to understand what we are looking for or what our needs are. Sometimes we need to escalate, to ask for another technician who can help us. There are times when it takes days or weeks until we receive good customer support from Cisco or from this company that supports Cisco. And when there is an issue for our customer, a few days or a few weeks could result in a disaster.

I have deployed some 100 email security appliances, so from my side the deployment is very intuitive and simple. We don't have difficulty deploying it in our data center.

We create our own template in our virtual environment, and from this template we are deploying further security measures. To deploy it virtually takes about 30 minutes and after that the customization for our customer could take from half an hour to a few hours, depending on how complex it is.

We have five to 10 people involved in deployment of the solution. The people who work with it are technicians, the system administrators, administrators, and people in IT SecOps.

We tested only two other solutions, the Trend Micro product and the Check Point product, so I can't compare Cisco with all the solutions out there, but it's all the solution we need. For phishing and malware it's doing a good job.

We didn't like the instability with Trend Micro. Check Point was complicated to use; it was a very complex system. The Cisco system is intuitive, simple to use and simple to understand. I am a technician in our company, so I don't know which solution is cheap or which is expensive. But for the functionality we stay with Cisco because Cisco is our partner and this email appliance can connect with other Cisco products. They work together and that gives us confidence in using Cisco Secure Email.

When it comes to preventing phishing and business-email compromise, in the last year the efficacy has been improved. For four or five years this solution didn't work as well, but last year and this year we have seen that with every new version, the efficacy is there, and the solution is working better and better. Our customers are happy to use it. It has made a great impression in this area.

Similarly, regarding spam, malware, and ransomware, in the last few years the solution was not so good but there was not so much malware. However, these days, the email solution from Cisco does a real good job of preventing malware.

About half of our customers use Office 365. A lot of customers, if they are migrating to Office 365 from an on-premises Exchange server, choose to increase their security with Cisco. The combination of Cisco Secure Email and Office 365 is working very well. Since this migration to Office 365 started, over the last two to three years, we have had no complaints from our customers.

We have trusted Cisco's email security for eight or nine years and we are going to use it in the future. We recommended it to our customers. We are happy with how it works, with the stability, features, and functions.

We migrated from Cisco ESA to Cisco CES, we went from the on-premise solution to the cloud solution.

Our primary use case is for email security. Every email is scanned by an antivirus engine and every attachment is also sandboxed before it gets back to the real person. This is an additional Cisco CES module.

On top of this module, we have also subscribed for the Cisco Cloud Secure Email Encryption Service (CRES).

Our other use cases are all about the functionality of the Cisco Email. We are using it as a relaying system for incoming and outcoming mail. External exposed webservices are using the Cisco CES in order to send mails out as our domains.

Another feature we use is the possibility to combine the Cisco CRES together with Cisco CES. All our documents are labelled and are obliged to be sent either through TLS (encrypted channel) or either through Cisco CRES (encrypted mail) for GDPR-compliancy. If the destination domain doesn't support TLS, it is sent by Cisco CRES, otherwise we use TLS. This conditional check isn't (yet) available at Microsoft.

We already used this system on-premise. So there is no real difference except for the encryption plugin that is used. That's beneficial value. You also don't need to invest in physical hardware, location, and physical connections, and an on-premise data center.

The added value of it is that every migration to a new version is initiated by the Cisco personnel, so that is a bunch of work that you don't have to do on the Cisco ESA system on-premise. As it becomes a SAAS-platform, you don't need to invest anything in your own data center or in your upgrade path. 

There was no downtime involved in the migration from Cisco's on-premise to the Cloud Secure Email. It was important to have this business continuity going on and not to lose any emails. We have implemented everything first in a test environment. We had the test Cisco CES in the cloud together with the test exchange system and so forth. Such a smooth transition was possible because we could test everything in a test environment.

If you have the knowledge of the Cisco on-premise solution, it was more like a copy-paste of the settings on the Cisco cloud solution. So the learning curve is rather low if you have the knowledge already of the Cisco system on-premise.

The pricing is more or less the same, but you have to take into consideration all the work that the people have to do. If they need to patch the new system, if they need to do the patching cycle on the ESA itself, and so forth, that's where the money goes.

It's not out-of-pocket money that you gain, but you gain time from people to focus on other systems.

The most valuable features of the Cisco ESA have to do with the intelligence they provide us. They respond quickly to any phishing attacks and threats on the system. 

I also like the pay module, sandbox, and attachments.

The vendor's free migration services ensure that your on premise licenses are transferred when you migrate. It's just a matter of money at that moment. It's good to know that they take into account your old key and give you the new keys on the new machine.

We have Microsoft and we have the E5 licenses, they have more EDR responses on certain emails. That's something that Cisco ESA on the cloud doesn't have. They don't do anything about MITRE attacks. They only detect if there is a malicious email or a threat and they remove it.

If there is an email that has passed through, there is no way to have a global system delete that email from every mailbox. You have to look up the malicious files yourself.

With Microsoft, you can look it up, you can hunt for that in their compliance dashboard. You can hunt that email and then delete that email in one step. That's something that Cisco doesn't have.

I have been using Cisco Secure Email for more than ten years. 

The solution has proven that it's very stable. I only recall three real problems with the system. And I've been working at the same company for 15 to 16 years. It is very stable.

The scalability is fine. 

We have around 1500 users. 

There are two system engineers that support it right now.

Emails grow in numbers. So sometimes we need to alter our system to hold that amount of emails or to grab all those emails and transfer them. 

I don't think we have opened a call at Cisco itself. For the encryption plugin, we opened several support tickets for the implementation. Their support was helpful. It was more technical advice.

I would rate their support an eight out of ten. They are very responsive and they quickly come up with the right answer, which is important. I never give nine and 10. So sometimes they are, sometimes they come quick with responses, but within all the years, sometimes it takes a while until they find a good response. Like that book is something that took a while to find out.

The initial setup was simple and easy. You open one screen of your on-premise Cisco ESA configuration and you copy-paste it to the other screen of your Cisco ESA system in the cloud. So the transition was very easy.

It took around one month to implement. 

The strategy was to get rid of the physical servers and move to the cloud.

We worked with Cameo to do the integration.

Pricing is okay. There are no additional charges. 

We looked at some competitors, like Proofpoint but in comparison, we chose Cisco ESA because we kept the same technology. We knew that the migration path would be less effort than the migration part if we went to another solution or Barracuda.  

Proofpoint was very good at creating general DLP policies, in that you could create policies and you apply them on different platforms, like Teams.

Cisco is a state-of-the-art product. I think Microsoft is catching up really quickly when you take the E5 license builder with it. I think Microsoft can take over the competition from Cisco but it could take a while.

It's a very mature product.

I would rate it a nine out of ten. 

We are using it as our email firewall. It's our first line of email defense.

Overall, the ease of migration to Cisco's cloud email security from the on-prem solution was a positive experience. We are very happy with the change. It makes security easy. The cloud solution is doing a great job. We are stopping more emails, and in a better way, than we did in the past. It's also not stopping as many good emails, but I think this is because Talos has gotten better, rather than something to do with the cloud technology. But the numbers over the past year are significantly better compared to the past.

We like 

• AMP
• Threat Grid
• Sandboxing

The spam protection is also very good and the solution is very configurable. It has enabled us to configure some specific filters to stop emails that general configurations didn't stop. 

It's a powerful solution. It can analyze a lot of emails simultaneously, with no problems in terms of capacity or system load. It seems that machines on the cloud are more powerful than the ones that we had, in the legacy solution, on-premises.

They can do it better with web links, with the URLs. They have a technology called Outbreak but it doesn't work as well as we would like. It does have a new feature called Cloud URL Analysis, but we can see enough information about detection, information that helps us to properly configure the technology.

We have been using the cloud solution for one year, but before that we were using it on-premises for three years.

It's very stable. We haven't had any issues with the stability. It hasn't gone down, and it has managed the flow of our email volume really well.

The technical support is excellent. They are proactive. They are monitoring things and helping us every step of the way. The technical support is at an excellent level.

The migration to the cloud email security was complex because we have a lot of customization. We needed to reevaluate some of the policies that we were applying via the email security. But technically we had more difficulty previously because we didn't have the premium support. We had to read a lot of documentation and experiment. Now, with the premier support, it's easier.

We re-created everything in the cloud solution. We re-evaluated everything when we migrated. There were some things we didn't migrate, while some new things were created.

It took us nearly one year for all the integrations and the migration to be complete, from the initial evaluation of the new product to the end of the migration to CSE, when it assumed all the email traffic for our organization. We didn't have any particular problems with downtime during the migration. That time includes analyzing, configuring, and improving things in production.

Our team that works directly with Secure Email consists of five people who are configuring the tool.

We used consulting from Cisco the whole time during our migration. With the premium support we now have one person who knows our configuration, our needs, and who can help us more than in the past when we didn't have that level of support.

ROI is difficult to determine. We think we have seen ROI, but we need to have an incident to evaluate whether the investment has really paid off. But no incidents means it's a good investment.

We haven't saved money by moving from on-prem to the cloud email security because we acquired the premium support. But we are happy with it, as they help us not only with issues that have happened, but also with configuration and with learning the technology. This is a very important factor, which we value.

Cisco Secure Email and the support are priced well. It's not cheap, but there are other solutions that offer less and cost so much. For example, Microsoft is more expensive than Cisco.

We know there are some solutions that have a higher level of protection for email, but we're very happy with the price of this one and with the way it is working.

We have Microsoft email security too, but not as the first line of defense. Microsoft's email security has its advantages but it is less secure, less configurable, and less powerful than Cisco's solution.

It's a great solution for big enterprises that need a higher level of security than is offered by Microsoft solutions. Other solutions are targeted at smaller enterprises, that are without a security administrator and without people monitoring and supervising the technology. But for a big enterprise, Cisco Secure Email is a great option.

We have integrated the solution with SecureX and Threat Grid, and we already had Talos, of course. The Sandboxing is needed, it's a basic functionality for us. As for the rest of the integrations, they are less important. We integrate with some external feeds, but Talos is good enough for the technology not to need additional feeds.

When migrating from on-prem to the cloud email security, the interfaces are basically the same. The new interface was developed only for the cloud solution, but the classic interface, when it comes to the configuration of the machine, is basically the same for both the on-premises and cloud solutions.

Overall, it's a very configurable technology. We think it has all the weapons we need to fight against threats.

We started using Cisco Secure Email because we had a lot of junk emails, phishing, and things like that. We wanted to secure the email sites for the end users.

It has had an impact on the awareness of the employees. Previously, a lot of employees were complaining about junk emails, phishing, etc. After using Cisco Secure Email, spam, and other things have been reduced drastically. I'm not sure how it filters them out, but it just learns based on the email subject and other factors. It just filters them and sends them to the junk box. There is an add-on, and if you think that an email is suspicious, you just add it to the add-on or move it to the junk box.

It saves time. Previously, we had to filter the emails and see which ones are junk and if it has been reported or not. There was a daily checking of the mailboxes to see what was going on and what had been blocked, but with Cisco Secure Email, all of that is just in one tab. You see all the emails that have been blocked and the reason they have been blocked. It saves a lot of time for us. It does the job that we need it to do. 

It's flexible. There are a lot of rules and policies that can be easily applied for certain employees or certain mailboxes.

If you are not a technical guy, it is hard to maneuver, but as soon as you work on it, it gets better and better. If there was a better way to know how to do things or how to find things, it would be good.

We have been using Cisco Secure Email for two and a half to three years.

It's stable. We haven't had any issues with it.

After moving from Exchange to Office 365, we thought that we needed to upgrade the license or do a couple of changes, but it was already a part of the plan from the product itself. So, it was easily scalable.

We didn't have to contact them. Our partner did all the jobs that were needed. It was part of the AMC, and since they set it up, it needed just a couple of tweaks when we shifted from Exchange to Office 365. All the support has always been through the partner. Our experience with them has been good. 

Based on my knowledge, its implementation was fast, and there were no issues when it was implemented.

We did a couple of PoC, and it was leading at that time in the market. We compared it to Barracuda and a couple of others. Its ability had set it apart from others. The partner was good, and the PoC was on point. It did what needed to be done. 

I would rate Cisco Secure Email an eight out of ten.