Cisco Secure Email Reviews

We have a number of different types of customers and organizations who need to secure their environment. These range from healthcare professionals to financial organizations to very small organizations. They have a number of security requirements, whether it's just to secure the actual environment where they're working and also to provide additional services, such as VPNs and remote access for their remote workers.

Most of the customers that I work with tend to be on-prem, and a lot of them go with the centralized management system, FMC, purely because it has larger memory and larger hard disk space, and it can hold reports for a much longer period of time. Also, as their network infrastructure scales, FMC can manage more and more of their devices, and they're not having to manage individual devices. It's all centralized for them. 

A lot of our customers use another Cisco product already, so they have confidence in Cisco products. The firewalls they are currently deploying and using have evolved from their older ASA products. They are now moving to the new Firepower Threat Defense, which incorporates many more features and allows them to get the latest ALOFT download and feeds for any security vulnerabilities and they're able to react very quickly to any vulnerabilities that have been highlighted.

Initially, when the firewalls were first marketed and came onto the market, the visibility wasn't very good. But as the software evolved over time, that visibility has increased a lot more, and that is giving customers a lot more competence in the traffic and the traffic flows that they're seeing through the actual devices, so they can better understand the types of applications that they have on their network.

The good thing about the actual firewall itself is that it can integrate with other Cisco products, such as Cisco ISE so that it allows full end-to-end visibility of connectivity. It gives very good visibility. It's that integration with other products, not just what that individual firewall can do itself.

Talos is obviously fundamental to the actual firewall, reporting on vulnerabilities that are happening day to day. And the regular downloads, obviously, give customers confidence that their products are as secure as they can actually be.

There are a number of valuable features because we have that sort of single product that can do a number of different things, but remote access for users is very important, and visibility of the types of traffic that are passing through the actual appliances is very good, and the reporting of the devices is very good. 

It's not just the firewalls themselves, but one thing I think, where certainly firewalls and other products could actually improve, is in the licensing. Licensing is quite complicated for a number of customers, including ourselves. The licensing appears to be changing on a regular basis depending on the product and the software versions, so we are constantly having to keep up to speed with the different licensing types.

I have been using Cisco Secure Email for over ten years.

When most software evolves, the software becomes more stable and feature-rich. As we're seeing with the latest version from seven onwards, it's a lot more resilient and a lot more robust. The actual GUI interface is also a lot slicker now, whereas before it was a little bit clunky. We've definitely seen improvements with the latest version of Secure Firewall.

We typically work with customers to price space. We don't typically work with customers in the service provider realm where they would typically have very large scaling of firewalls. They would do clustering and things like that. We know that these features are available, but that's not a particular area that we would actually work in. But, obviously, there's a breadth of Firepower products and platforms, and we can actually scale or arrange the correct firewall for the particular needs of that customer.

As with most Cisco products, we typically find Cisco and their support very good. In the unlikely case, we have to raise a tech issue, they're very responsive, and they generally always provide a quick resolution to any encountered problems.

The tech engineers are very knowledgeable. The tech engineers who pick up cases know the product very well. And they always dive deep into the problem and provide regular updates to us or to the customer. If there are any other problems that are noticed after we've had an issue, the case can be reopened and investigated further.

Positive

We and our customers use a variety of different firewall manufacturers, not just Cisco. And as with all vendors, some have better properties or better features than others. Cisco Firewalls for Firepower had to use the centralized management system, FMC, but where some customers prefer just an On-Box GUI to configure the device, Cisco was playing catch up with other vendors who were operating in that same area. But what we found is that with later versions of Firepower and also FDM which is the On-Box management, those features have now come leaps and bounds. They are now on par with the centralized FMC to the FDM, allowing customers an easier way to deploy these products not only on-premise but also in the cloud.

I would give Cisco Secure Firewall an eight out of ten. We're expecting that with later versions of software, again, more features will become available.

We have approximately 2000 employees and we sell a variety of Cisco solutions and products. 

Our primary use case for Cisco Secure Email is placing it at the edge and then passing it off to another service, like, for example, Postfix. We have security policies that allow certain clients to email.

The user interface massively improved our organization. The device itself works perfectly fine and it's not too complicated to write policies.

What I find the most valuable about Cisco Secure Email is that the logs are not that difficult to see even if you're not used to them. The logs are reasonably readable and diagnosing the problem is not too hard with them.

Cisco Secure Email could rename features in the menus. They could also show a flow of how things go and where the policies sit in conjunction with the actual application.

I have been using Cisco Secure Email for about seven years.

I would say that we hardly had any issues with the stability of this solution.

Tech support can be a bit of a hit-and-miss. Depends on what type of engineer you get when you contact them. Whenever we had an issue, we would either go to the account manager or another engineer.

Positive

My opinion on the licensing of this solution is that it is a mess that needs sorting out. I am not particularly bothered by pricing as I administer it and make recommendations for people to buy or not to buy.

We would use multiple vendors to secure our infrastructure from end to end so that we can detect and remediate threats. We would take everything through email. Email Security Appliance has antivirus and IDS and IPS on anyway. We've got policies in place that only we can receive from certain domains and certain emails within those domains from the customers that they were a part of. We would then pass that on to another service like Postfix. They would then sort out anything that needs to do attachment-wise or anything similar. Eventually, it would go through the Palo Alto firewall as well for the traffic, so anything malicious is picked up across all sets of vendors in that solution.

This solution did not save time for our IT staff, not particularly. It was something we had to deal with and as a network engineer, I had to deal with that aspect of it.

This solution did not save our organization's time because it was a new product that we were selling, so we had more work.

This tool did not help us consolidate our tools because it was a new solution.

We chose Cisco Secure Email because, as the phrase goes, you can't get fired for buying Cisco. We are used to the Cisco product stack as we used the Cisco suite in previous companies.

We use the solution for endpoint protection, including email protection, such as antivirus, anti-phishing, content filtering, outbreak filtering, and greymail protection.

An important feature is retrospective analysis, which allows the solution to retrieve emails sent even a week ago, even if they have already been delivered. This is done by analyzing emails for malicious content after they have been sent.

Cisco Secure Email focuses on cloud-based threat intelligence and endpoint security. The current version improves on the on-premises version by integrating Threat Grid and Advanced Malware Protection, which helps users quickly identify malicious emails.

The product is stable. We never had issues. If everything is configured right, it's something you can easily forget about.

The solution is scalable.

1300 users are using this solution.

We used it once when the appliance was acting up and then realized that an upgrade was needed. We follow up on the requirements upgrades and patching. It doesn't require much patching.

The initial setup is straightforward.

Cisco Secure Email can be integrated in-house, but we are too busy. Therefore, we have decided to use an integrator.

Even though Cisco Secure Email is not cheap, it offers a good return on investment. Cisco needs to ensure that its products are functional and have a long support timeline.

The solution is not cheap.

Cisco Secure Email is a fast data service. Because of this, most of its features are already pre-configured. All clients need to do is customize and tailor the service to their specific use cases.

I would recommend anyone using the on-premise ports move to the cloud.

Overall, I rate the solution a ten out of ten.

We use Cisco Secure Email for email security, aiming to safeguard email communications. It plays a crucial role in protecting the integrity of email integrations, particularly as many companies now opt for Microsoft email services. It's designed to secure email activities and interactions within such systems.

Cisco Secure Email is part of Cisco's extensive efforts and investments in technology, especially in the realm of cyber security. The product is one among many security solutions offered by Cisco. 

While Cisco offers excellent solutions and innovations, the pricing may not be suitable for everyone. The cost of the software is relatively high. In the current market, there are numerous competitive alternatives that focus on security, enterprise networks, and various other aspects. Cisco, being a comprehensive provider, extends its expertise across data, servers, storage, and security, making them a preferred choice for many enterprises. However, when it comes specifically to security solutions, there are other vendors that specialize solely in this domain, offering competitive options.

I've personally been working with Cisco Secure Email for the past three to four years. However, in a professional capacity, I've been dedicated to the field of security for about one year and eighteen months.

I will rate it 8 out of 10.

They were helpful.

Positive

Migrating to cloud systems could be challenging. 

We handle end-to-end implementation and also provide support services.

It is expensive. I would rate it 2 out of 10, where 1 is the most expensive and 10 is the cheapest. 

I consider Cisco Secure Email to be a top-notch product and would rate it as a ten out of ten.

It is like a gateway for email. They receive all your email traffic. They send over your email traffic, and it is the first incoming point and the last outgoing point. They deliver the traffic to the destination. Whatever it is, you want to be informed of what is happening. Depending on the site's deployment, if you have a single device, then you have all the information on the device. And if you have several devices, you have all the information on every single device for each device. However, for consolidation, you need another device called Security Management Appliance (SMA).

It has no real interaction with other stuff. It does not interact with a gateway beyond the networking level. You have a router and that router provides IP addresses for a switch, etc. You don't have to integrate Cisco Secure Email with something specific since it is standalone and only requires basic essential networking. You can integrate it with a firewall, like ASA, but that firewall has to allow traffic. To do that, you would open port 25.

It is available to be deployed as on-premises, on the cloud, and hybrid cloud.

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

• For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
• DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

The most valuable feature is reputation filtering. In the beginning, it was based on just the IP source. but it has now evolved to domain reputation. It allows you to classify different IP sources and different sender groups, where you can reject to throttle to whitelist from any IP sources, domains, etc. Based on the reputation gathering, the reputation is powered by Talos security. It is a super powerful feature. That alone gets rid of more than 50% of the crap from the traffic flow, before even hitting the anti-spam or antivirus.

If you have some knowledge about email, it is a pretty simple solution that has many controls on different levels, from the gateway part to accepting messages from certain sources to stringent filtering. It is state of the art with anti-spam, antivirus, and different threat prevention features. 

SecureX is powered by Talos, Sourcefire, etc. Today, it is the largest, richest threat intelligence on the market. SecureX is quite standalone in regards to integration since you put it into the network, whether it is on your own cloud or a third-party cloud.

If you go to the filtering level, you can have very accurate features or filters since it is programmatic. At a certain point, you can define sets of rules, such as where the email is coming from, whether it has this content, or to apply this policy. For example, if it has the same considerations, but the content is different, apply this another policy. It is super flexible and very customizable to your needs. It is not difficult to use.

It provides information, reporting, logging, and tracking. It has powerful tracking, so you can know exactly and accurately where an email came from, for which specific device, etc. It shows the emails which were:

• Dropped
• Rejected
• Quarantined
• Accepted by which policies.

It also shows the rule sets applied for that email and considers

• The source
• The Offender
• Anything else that you may consider in an email.

It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure. 

You can consolidate on SMA if you want to spam or threats quarantined for multiple devices. It is not advisable for a single device, because if it fails, you are left without any email.

I would like to see a few changes to the UX. 

There is space for improvement with data loss prevention, particularly with third-parties integration. Data loss prevention is quite important, though most customers have some third-party or other elements in their network doing data loss prevention, specifically for email. However, if it could be possible to integrate with other solutions, not only on the email flow, but on analysis for a connector or something like that, then that would be ideal.

The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear.

I have been using it since 2004.

It does not add anything to the potential downtime for a corporation, unless everything fails. If all your email exchanges fail, then you don't have email, but this solution does not affect the performance of your whole network. 

At the minimum, you need two devices. If you have two devices and one fails, then the other one can handle the work, though you might have some email delays.

You should keep track of what is going on. It does need some daily administration, fixes, and policy changes.

In general, their technical support is really good. There are a few who are still learning, e.g., not providing enough help, but there is always the option to escalate.

It was the IronPort before Cisco acquired it in 2007. It is the same appliance and software. This solution has been upgraded by several versions, but it is basically the same, they just changed the name. 

I have done the architecture for a company in China.

It is a super big router that costs a few hundred thousand dollars.

These days, the first tiers of this market have good enough anti-spam, antivirus, etc. These have become routine. There are some other not-so-good solutions, like Barracuda and Fortinet, but it depends on how much you are willing to pay as this solution is not cheap.

The best other solution is Proofpoint. They have been long-time competitors who have also been evolving. The big difference is it is more fancy because it has more bells and whistles. The solution is good as well. However, they are super expensive, not cheap.

If you want a multi-tiered deployment, you could perhaps have Secure Email on the cloud and Proofpoint on-premises. Then, you have the two best solutions in the market working together. I have customers who have done this and are satisfied. Very few solutions can compete with Secure Email and Proofpoint outside of the price. If your budget is a problem, then you have a problem.

Along with Proofpoint, this is the best solution in terms of preventing spam, malware, and ransomware.

Check Point has fancy graphics and an interface where you can do a lot. The Cisco Secure gateway has both, though not as fancy as Check Point, but a big majority of the tasks can be done on the graphical interface level.

It is not so difficult to us, but neither is it easy, particularly if you don't have some knowledge about email.

Whatever you are looking for with an email security appliance or device, you mostly have it, though nobody is perfect.

The solution’s ability to prevent phishing and business-email compromise is fairly good. DKIM, DMARC, and SPF integration are the best way to prevent phishing, spoofing, etc. However, they still have room to work in this area.

We are using it as our email firewall. It's our first line of email defense.

Overall, the ease of migration to Cisco's cloud email security from the on-prem solution was a positive experience. We are very happy with the change. It makes security easy. The cloud solution is doing a great job. We are stopping more emails, and in a better way, than we did in the past. It's also not stopping as many good emails, but I think this is because Talos has gotten better, rather than something to do with the cloud technology. But the numbers over the past year are significantly better compared to the past.

We like 

• AMP
• Threat Grid
• Sandboxing

The spam protection is also very good and the solution is very configurable. It has enabled us to configure some specific filters to stop emails that general configurations didn't stop. 

It's a powerful solution. It can analyze a lot of emails simultaneously, with no problems in terms of capacity or system load. It seems that machines on the cloud are more powerful than the ones that we had, in the legacy solution, on-premises.

They can do it better with web links, with the URLs. They have a technology called Outbreak but it doesn't work as well as we would like. It does have a new feature called Cloud URL Analysis, but we can see enough information about detection, information that helps us to properly configure the technology.

We have been using the cloud solution for one year, but before that we were using it on-premises for three years.

It's very stable. We haven't had any issues with the stability. It hasn't gone down, and it has managed the flow of our email volume really well.

The technical support is excellent. They are proactive. They are monitoring things and helping us every step of the way. The technical support is at an excellent level.

The migration to the cloud email security was complex because we have a lot of customization. We needed to reevaluate some of the policies that we were applying via the email security. But technically we had more difficulty previously because we didn't have the premium support. We had to read a lot of documentation and experiment. Now, with the premier support, it's easier.

We re-created everything in the cloud solution. We re-evaluated everything when we migrated. There were some things we didn't migrate, while some new things were created.

It took us nearly one year for all the integrations and the migration to be complete, from the initial evaluation of the new product to the end of the migration to CSE, when it assumed all the email traffic for our organization. We didn't have any particular problems with downtime during the migration. That time includes analyzing, configuring, and improving things in production.

Our team that works directly with Secure Email consists of five people who are configuring the tool.

We used consulting from Cisco the whole time during our migration. With the premium support we now have one person who knows our configuration, our needs, and who can help us more than in the past when we didn't have that level of support.

ROI is difficult to determine. We think we have seen ROI, but we need to have an incident to evaluate whether the investment has really paid off. But no incidents means it's a good investment.

We haven't saved money by moving from on-prem to the cloud email security because we acquired the premium support. But we are happy with it, as they help us not only with issues that have happened, but also with configuration and with learning the technology. This is a very important factor, which we value.

Cisco Secure Email and the support are priced well. It's not cheap, but there are other solutions that offer less and cost so much. For example, Microsoft is more expensive than Cisco.

We know there are some solutions that have a higher level of protection for email, but we're very happy with the price of this one and with the way it is working.

We have Microsoft email security too, but not as the first line of defense. Microsoft's email security has its advantages but it is less secure, less configurable, and less powerful than Cisco's solution.

It's a great solution for big enterprises that need a higher level of security than is offered by Microsoft solutions. Other solutions are targeted at smaller enterprises, that are without a security administrator and without people monitoring and supervising the technology. But for a big enterprise, Cisco Secure Email is a great option.

We have integrated the solution with SecureX and Threat Grid, and we already had Talos, of course. The Sandboxing is needed, it's a basic functionality for us. As for the rest of the integrations, they are less important. We integrate with some external feeds, but Talos is good enough for the technology not to need additional feeds.

When migrating from on-prem to the cloud email security, the interfaces are basically the same. The new interface was developed only for the cloud solution, but the classic interface, when it comes to the configuration of the machine, is basically the same for both the on-premises and cloud solutions.

Overall, it's a very configurable technology. We think it has all the weapons we need to fight against threats.

My company operates as a service provider, and we use Cisco Secure Email so that we can secure the endpoints, systems, and emails in our data center.

The most valuable feature of the solution is the ease of use. It is easy to set up and manage the tool.

There are some concerns in the way the architecture is set up, making it an area where improvements are required. When you set up the tool, the way you put your SMTP routes should be possible through an easier process.

I have been using Cisco Secure Email for ten years. I am a customer of the tool.

The product is stable. The only challenge is the IPs get easily blacklisted. The IP addresses of IronPort devices easily get blacklisted. Cisco should make items to contact the companies whose IP addresses get blocked. During the configuration of the tool, there should be some provision in the product to indicate which IP addresses are from IronPort devices and not from the server.

It is a scalable solution.

My company uses three Cisco Secure Email solutions in parallel. In my company, we have set the product for different segments or networks, but all three sync well with each other and work fine.

For administration purposes, there are five people who use the product. As end users, there are over 2,000 to 3,000 people who use the product.

I am happy with the responses and the solutions provided by the solution's technical support.

The product's initial setup phase was easy.

The product's price falls on the higher side when compared to the other products on the market.

Whether the product would be worth the money for a business is something that depends on what a company is trying to do with the solution. If you are looking at the profitability angle, the new can get cheaply priced solutions in the market. I work in a government organization where profit alone is not our goal, and we need a product that offers security.

I recommend the product to those who plan to use it.

The DLP feature in the product is not a functionality that we have configured yet, but we do have access to its settings.

A beginner can learn to use Cisco Secure Email through a straightforward process.

Cisco Secure Email has integrated with our company's existing email gateway in a very straightforward manner through a configuration process involving IronPorts, and then URLs on IronPorts are set up.

Though it is easy to set up the product, the cost of the solution is not favorable for everybody.

I rate the tool a seven out of ten.

We use Cisco email security against threats such as phishing and malware and block weaponized URLs. Cisco provides a cloud solution, along with the appliance, and a hybrid solution is also there. We deploy the solution as per the customer's requirements.

The solution is very robust because it talks to Cisco Talos. Talos is the number one threat detection engine, the most trustworthy and used globally. That's one strong reason we back our products. Not only do we use it on our premises, but this is the product's main USP when we sell it.

Cross-platform is one major pain point. Many of our clients use an open-source Linux system. These components cannot provide for any Ubuntu or any Linux open-source system, and that's where we get stuck most of the time. Previously, we were doing a POC for Cisco Umbrella, and we got stuck at the point where the customer had almost 200 to 300 of his endpoints, almost 80% of his workforce, working on Linux. This was both on the server and roaming user sides, and Cisco has no solution for Ubuntu. We have raised this suggestion many times when interacting with Cisco during seminars and webinars we've attended. However, we only got feedback from them that they will introduce that feature very soon with their Cisco AnyConnect agent. But it's still only available for Windows and Mac.

I've used this solution for one year.

The product is stable. There have been no complaints from the customers. Fine-tuning is important, which will come whenever you go live, especially for larger domains where customers have 1,000 or 2,000 email IDs and multiple domains. That is the only challenge where we have to fine-tune the policies. But the product is stable.

Cisco Email Security's scalability is good. We have had a couple of cases where the user increased the licenses. There is no challenge to scalability. For the past year, there have been four to five customers to whom we have sold the product.

Cisco's technical support is excellent. Whenever we contact tech support, the hierarchy starts with our regional ACs. If they cannot resolve our issue, we contact TAC, and TAC is a ten-on-ten. They're well versed with their technology. They know the capabilities of their product and how it works. The one thing we expect when we contact an OEM technical person is clarity on the subject and the issue. There should not be a gray area. When we reach out to them with any issue and when the customer is also on the call and has already purchased the product or is about to purchase the product, the most important thing is for there not to be a gray area in figuring out whether the product will work or not. That's more important than providing a prompt solution. Cisco's tech support always clarifies whether a feature will work before proceeding with the solution. If it is possible, they always provide the solution. If it is impossible, they provide the proper documentation explaining why it is impossible.

Positive

The initial setup is straightforward. That's one of the main USPs, the deployment of these products. It takes hardly 20 minutes to deploy Umbrella over a network. And with email security, it's less than a one-hour job. After deploying, the fine-tuning part comes. That comes under the policies, so I don't count that under deployment. The next step will take another one or two hours, but not more than that.

When deploying the solution, we first go on a call with the customer, understand their pain points, and understand their existing network. We have to analyze the scope of work before deploying. Depending upon the existing setup the customer has, we make our steps. "Is there any prerequisite required? Are there any virtual appliances needed in the network to be deployed?" Accordingly, we will plan our activities. In a two or three-hour call for the first session, we have to define what we have to cover, and in the second session, we have to define the success criteria. The deployment is not a template. It changes from customer to customer.

Cisco's price point is good. When we talk about Cisco to our customers, they already have the mindset that Cisco has a particular price point. It beats other competitors when it comes to the quality of the product.

I rate Cisco Secure Mail a nine out of ten. Cisco is improving. We had a session where we asked them to improve their GUI. They have improved it and the end-user experience because it was too mechanical a dashboard earlier, where it was difficult to find mail logs. We recommend the solution.

We use Umbrella for our DNS layer security, blocking all the DNS layer threats. For endpoint security, we are using Cisco Amp. Whenever there is a requirement, we hunt for greenfield opportunities where no Cisco solution is present. We can then create a window where we can reach in. We deploy one product and then explain the single vendor advantages to customers. That mostly goes with the Cisco Umbrella, which goes hand in hand with Meraki. Once the user gets his ecosystem on Cisco, giving a single vendor solution is possible.

Similarly, XDR is there. XDR is one of the key products we're pitching these days. It's a simple single glass pane where we can orchestrate all the customer's products from a single dashboard. That's a major concern we hear these days from security personnel and IT teams. They have several products from several OEMs, and whenever it comes to orchestration or finding a glitch, they have to access all the products independently on different tabs or screens.

As far as policies and security with the components are concerned, Cisco is the perfect product.