Cisco Secure Email Reviews

It is easy to use. It is not widely used, but it is not tough to understand. Usually, it takes five to six months to become an expert in that particular product because there is not much in it.

The Cisco database is more bug-prone and less accurate than the databases of other email security solutions. Whenever we get a phishing email, Microsoft email server, TruePoint, or Barracuda, they have a much better database. Because Cisco is using Talos, which is not a good database, they do not have much information in the database. So that is really lagging very much behind.

So that is not much recommended by the customers. Every time, customers get frustrated by using them.

There's room for improvement in the DevOps database. It has many spam emails. Usually, we have to report to the Telos team for samples, whether it's spam or a legitimate email. If that is done, then the customer environment won't get compromised easily because more than 80% of cyber-attacks are through emails. So email is like sanitizer it was used in hospitals before COVID, but after, it's provided widely to users.

I used this solution for a year. 

I would rate the stability a six out of ten. We had multiple issues with the stability. Usually, the customer complains that there's an email coming from an outside sender, and it enters our environment, and our email gets multiple emails from a single sender. There might be suspicious emails or multiple things that we usually get from customers.

I would rate the scalability a seven out of ten. Cisco has to improve its database because email security is something like DNS servers. So we have to improve the database and put more information initially in it. 

The initial setup is easy. It starts with the VLS for Open IT. Initially, the host access table is there in the front end. Based on that, we can filter out traffic with IPs from the scale of -10 to +10 if it applies. If you want to whitelist an IP, you need to check the IVRX code. If that code is okay, then we provide a list based on the organization. 

It's a bit easy to handle Cisco Secure Email; it's not that difficult. For the logs, which are in PDF format, it's not hard to read them. We don't need Wireshark much to analyze the logs.

Usually, it's GUI-friendly, and also, the Relics are there on the GUI. We can create some relics, or it's automated from the backend by the development team. We just put in our initial setup requirements, and based on that, we create a red x rule. Then we can implement it into the message filter, and we can handle whatever we want, whether it's blocking emails coming from spam or anything else.

Overall, I would rate the solution a seven out of ten. Once you have hands-on experience with it over a period of time, you will get hands-on experience, and you will be able to understand it. It's easy to use, not that much complicated.

Cisco Secure Email's most valuable is email certification.

The product's GUI for the dashboard needs improvement.

We have been using Cisco Secure Email for one year.

I rate the product's stability a ten out of ten.

One administration executive in our organization uses Cisco Secure Email. I rate its scalability a ten out of ten.

The initial setup has medium complexity. I rate the process a five out of ten. We follow the Cisco guidelines for deployment. It requires two executives to conduct the process.

It is an expensive product. I rate its pricing an eight or nine.

I recommend Cisco Secure Email and rate it a ten out of ten.

I use the solution for spam filtering.

The solution works well. Cisco claims to have the biggest threat intelligence database in the world. We trust them because they are enterprise-level products. If we are protected, then it is working well. I am satisfied with the overall performance of the solution.

The management features of the product are not up to date. It does not match the features provided by the new vendors in the market. The solution does not offer features to protect workloads on the cloud.

My organization has been using the solution for the last 20 years.

Support is not good. The support team provides a slow response. I rate the support team a six or seven out of ten.

Neutral

We pay at least 25% more for Cisco Secure Email than Trend Micro. Cisco’s support is better than that of Trend Micro.

The solution is expensive. Every additional workload or feature has an additional cost. The product should provide a single bundle for protecting both on-premises and cloud solutions. We do not have to pay for support.

We do not have the resources to review the product technically. It is very difficult to analyze these weaknesses. As an end user, we need something to defend us and block threats. If any product works with 95% efficiency, we can say that it works well. Email protection is very critical. No one should take risks.

Cloud protection apps are very critical to the business. They should be easy to configure and easy to manage. These days, there are hundreds of products available. It's very difficult to find a good solution. Just because a tool is popular, it does not mean that it will always be the best solution. The backend technique is very important. Machine learning, artificial intelligence, and threat intelligence are very important.

If we have more knowledge, we can have more protection. If we don't have the knowledge, we can't. The solution does not offer a complete bundle for on-premise and cloud protection. If we need more features, they charge us more. They do not offer all features together.

Overall, I rate the tool a seven out of ten.

It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

The bulk of the email stopped would be marketing. Spam-related email tends to be our biggest issue. The most dangerous contain malicious content, and those tend to be the worst.

The biggest issues are the social engineering and phishing. A lot of the spammers are actually quite good at spear phishing attacks and social engineering our emails. We obviously do checks. We run some simulations for our staff, where we try and train them so they are aware of what not to click on. Also, we have installed Umbrella and had it for a long time as well. Therefore, if something was malicious, and one of our users had clicked on it, Umbrella would usually stop anything outgoing. The combination of the two solutions has really helped secure our organization.

I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does.

The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have.

Over seven years.

We really haven't seen any issues on the stability side of it being cloud-based. We also have three virtual hosts that run in our environment. in the event that we lose one, there are two others. We have never seen any issues with the environment, which Cisco proactively monitors. They'll come back to us and indicate if there are any hardware performance issues and schedule appropriate restarts to appliances, if required. This happens occasionally. 

Given a lot of people target hospitals, we tend to be attacked more than other corporations because there are health records, health information, financial information, and research information. Cisco Secure Email Cloud Gateway and some other products have definitely allowed us not to have the downtime that we may have had if our previous products and solutions were in place. As far as I'm aware, we haven't had any downtime since we put in Cisco Secure Email Cloud Gateway and Umbrella several years ago, which has been fantastic. 

We have our security analyst who gets feeds out of Cisco Secure Email Cloud Gateway into our other products. We also get feeds into AMP for Endpoints, so we see what happens because we have our Cisco Secure Email Cloud Gateway integrated with AMP for Endpoints. That goes into our Threat Grid and Threat Response. 

Our server team might get queries about messages that might have been quarantined or someone having trouble receiving external emails. That's usually where a domain might be rated above our parameters and gets blocked. With something like 3,000 mailboxes, we spend at most an hour a day checking on the Cisco Secure Email Cloud Gateway environment. 

Our environment is scalable, and we monitor that with Cisco. When we do our periodic Health Checks, we look at the performance of the appliances and how they're doing. They're handling the 10 to 12 million emails that we do receive through Cisco Secure Email Cloud Gateway a month. There are about 90 percent which are not even forwarded onto us. Therefore, it's handling the capacity that we have at the moment. At this stage, there's no need for any increase in our hardware.

It's an invisible service where every piece of email going in and out of the organization goes through CES.

We are doing more integrations with other security products, like Threat Grid, Threat Response, and AMP, along with SecureX. Getting the Cisco Secure Email Cloud Gateway feed into that and have one pane of glass to see the threats of the organization through both emails, firewalls, routers and VPN is fantastic. 

We have a team of resources at Cisco that we can call on, if we need things escalated. Having great customer-centered service and support is one of the reasons why going with Cisco has been such a fantastic decision for both organizations that I've been at.

Positive

Prior to using Cisco Secure Email Cloud Gateway and my being at the organization, they had a Qbot massive issue. I don't know a lot of the detail, but at the time, we had a lot of machines that had to run certain versions of software. Because of it being older software, legacy-type applications, they were more susceptible to issues. Qbot just went through the organization and took out a lot of that equipment/machines. Cisco actually came in and assisted to get rid of all the issues that we saw with Qbot, etc. It took several weeks spent by Cisco and other organizations trying to resolve our issues with Qbot to get things operational and back to normal. That was really the catalyst to get Cisco Email Secuity into the organization.

We were previously using McAfee for both their Endpoint Protection as well as for Email Servers. The difference was the volume of emails hitting our email servers. The servers had to deal with 10 million emails a month. Having to process those additional emails and pushing them onto users took a massive amount of infrastructure and resources at a server level. Whereas, at the moment, our servers are not having to deal with that because we have Cisco Secure Email Cloud Gateway right outside of our perimeter.

One of the reasons that we switched away from McAfee is that we moved to an enterprise agreement with Cisco. Under that, we get the Cisco Advanced Malware Protection (AMP) for Endpoints. Once we went down that path and install it, there was no point in having McAfee as well when the AMP for Endpoints already has some of the different engines. Plus, there was a duplication of costs and applications, such as the support costs as well as to maintain multiple antivirus and endpoint protection software.

At my previous organization, we were using the standard Office 365 controls and Email Gateway before we put in CES. The amount of email and spam that we got, even malicious emails, through Microsoft was horrendous. We ended up having four different massive outages because of getting some viruses in the organization and some of our file servers along with encrypted user hard drives. We had four instances of major outages where we were down for probably 24 hours each time, and that was only because we had the backups. We also had some other measures where as soon as we saw any change in the root directory (as that data encrypts our file shares), we'd automatically shut the services down. However, this was an inconvenience for the users. You would end up getting the initial malware, then also having to do remediation to get it back to normal. When you have potentially hundreds of staff who are offline for 24 hours, it's a very big cost to the organization when you don't have your systems up and running. 

When the malware got through Office 365 on four different instances, that was directly attributable to the difference between Office 365 and CES. Our users still had to get their email through our on-prem server, but we did not let staff get their emails directly from the Microsoft 365 Server.

Once we put in CES, these issues disappeared altogether, and we were thankful that the volume of spam emails decreased considerably. Office 365 is a good second check to CES, but there's nothing that I've ever seen which has gotten through Cisco Secure Email Cloud Gateway that Office 365 has picked up.

The initial setup is straightforward. Cisco does a very good job of onboarding customers and setting it up so it's very much ready to go based on some fairly standard settings from Cisco's point of view. 

The deployment took only a few hours. Even at my previous organization, it was very quick. Once it was done, we changed our MX records to go to Cisco Secure Email Cloud Gateway instead of Office 365. From there, email went from Cisco Secure Email Cloud Gateway to Office 365. It was pretty simple. We had control of our DNS so it was very quick and easy for us to change the records and get our email flowing through Cisco Secure Email Cloud Gateway. We could see the benefits straightaway. We could see just how much volume was coming in, e.g., in my previous organization, we had something like a million emails per month, of which eight percent would be delivered to our end users.

In terms of switching from one solution to another, it's seamless for the user. They are not seeing the downtime because they're connected to the local Exchange Server. Therefore, they're not seeing the upstream components. There might be a slight delay in terms of the MX records globally, but that is, at worst, 24 hours. So, there might be some delayed emails, but that's probably the only thing. Once we had switched over, we received positive feedback saying, "Hey, what have you done? It's been fantastic. You've reduced the amount of spam messages we used to get."

It was easy enough to do the implementation with Cisco and their support because we had adopted an enterprise agreement with them. Therefore, we had the support of Cisco implementing both Cisco Secure Email Cloud Gateway and Umbrella into our organization. They were very good at helping getting up and running.

There was one of my other staff who assisted me in setting up Cisco Secure Email Cloud Gateway with Cisco. It was relatively simple and easy. 

Doing Health Checks with Cisco have been fantastic. Being able to do those every few months and going through what other options that we might want to lock down or change gives us an opportunity to ask them questions, see what we could be doing better, or what new measures/features have been deployed, furthering securing our organization. The Health Checks are an invaluable service that Cisco provides to CES.

In my previous organization, avoiding four instances of CryptoLocker within an estimated six month period is approximately $600,000 in lost time and effort. Our five year cost was about a million dollars, and the four outages that we had equated to 65 percent of that five year cost. It ended up being a very simple decision to go with the security enterprise agreement with Cisco, which included Cisco Secure Email Cloud Gateway and all their other cybersecurity products.

Office 365’s native security controls to protect your organization compared to this solution are terrible. With Office 365, unless you actually pay for the advanced options with email security, they're actually quite useless. You've no control over the standard offering.

My previous organization did look at the Symantec Cloud solution. At both organizations, it didn't really make any economical sense to look at other vendors. If we had an enterprise agreement with Cisco, then you get the support from Cisco that's second to none, where you get somebody on the phone straightaway to work through your issue until it's resolved. My previous dealings with Symantec and McAfee are that they're not as customer-focused in terms of their support. Cisco has been.

Don't have an organization that doesn't have this sort of protection in place. If I was to be in another organization, and they didn't have this sort of protection, I would definitely be advocating that they get something in very quickly.

Don't hesitate: The benefits are there. It can be seen as being a large cost. However, if you've ever had any instances where you've been affected by malware or CryptoLocker, there are a number of things that you should be doing as an organization: perimeter email security, DNS protection, and removing USB access on devices. These are probably the top three things that I'd be advising people to do.

We don't use Office 365 (which is now Microsoft 365) at the moment, but it's something that we are looking at. Being a large hospital, we're looking at aligning ourselves with our Department of Health so Office 365 is something that we will be using that to a certain extent. However, we would still be using Cisco Secure Email Cloud Gateway if we did move to that. We would deliver emails from Cisco Secure Email Cloud Gateway into Office 365. That way, we would still have the security. That's how I've set it up at previous organizations: Going from Cisco Secure Email Cloud Gateway into Office 365, delivering to our on-prem Exchange Server, and then onto our users.

The amount of traffic that it stops is massive. I would rate it a 10 out of 10.

We migrated from Cisco ESA to Cisco CES, we went from the on-premise solution to the cloud solution.

Our primary use case is for email security. Every email is scanned by an antivirus engine and every attachment is also sandboxed before it gets back to the real person. This is an additional Cisco CES module.

On top of this module, we have also subscribed for the Cisco Cloud Secure Email Encryption Service (CRES).

Our other use cases are all about the functionality of the Cisco Email. We are using it as a relaying system for incoming and outcoming mail. External exposed webservices are using the Cisco CES in order to send mails out as our domains.

Another feature we use is the possibility to combine the Cisco CRES together with Cisco CES. All our documents are labelled and are obliged to be sent either through TLS (encrypted channel) or either through Cisco CRES (encrypted mail) for GDPR-compliancy. If the destination domain doesn't support TLS, it is sent by Cisco CRES, otherwise we use TLS. This conditional check isn't (yet) available at Microsoft.

We already used this system on-premise. So there is no real difference except for the encryption plugin that is used. That's beneficial value. You also don't need to invest in physical hardware, location, and physical connections, and an on-premise data center.

The added value of it is that every migration to a new version is initiated by the Cisco personnel, so that is a bunch of work that you don't have to do on the Cisco ESA system on-premise. As it becomes a SAAS-platform, you don't need to invest anything in your own data center or in your upgrade path. 

There was no downtime involved in the migration from Cisco's on-premise to the Cloud Secure Email. It was important to have this business continuity going on and not to lose any emails. We have implemented everything first in a test environment. We had the test Cisco CES in the cloud together with the test exchange system and so forth. Such a smooth transition was possible because we could test everything in a test environment.

If you have the knowledge of the Cisco on-premise solution, it was more like a copy-paste of the settings on the Cisco cloud solution. So the learning curve is rather low if you have the knowledge already of the Cisco system on-premise.

The pricing is more or less the same, but you have to take into consideration all the work that the people have to do. If they need to patch the new system, if they need to do the patching cycle on the ESA itself, and so forth, that's where the money goes.

It's not out-of-pocket money that you gain, but you gain time from people to focus on other systems.

The most valuable features of the Cisco ESA have to do with the intelligence they provide us. They respond quickly to any phishing attacks and threats on the system. 

I also like the pay module, sandbox, and attachments.

The vendor's free migration services ensure that your on premise licenses are transferred when you migrate. It's just a matter of money at that moment. It's good to know that they take into account your old key and give you the new keys on the new machine.

We have Microsoft and we have the E5 licenses, they have more EDR responses on certain emails. That's something that Cisco ESA on the cloud doesn't have. They don't do anything about MITRE attacks. They only detect if there is a malicious email or a threat and they remove it.

If there is an email that has passed through, there is no way to have a global system delete that email from every mailbox. You have to look up the malicious files yourself.

With Microsoft, you can look it up, you can hunt for that in their compliance dashboard. You can hunt that email and then delete that email in one step. That's something that Cisco doesn't have.

I have been using Cisco Secure Email for more than ten years. 

The solution has proven that it's very stable. I only recall three real problems with the system. And I've been working at the same company for 15 to 16 years. It is very stable.

The scalability is fine. 

We have around 1500 users. 

There are two system engineers that support it right now.

Emails grow in numbers. So sometimes we need to alter our system to hold that amount of emails or to grab all those emails and transfer them. 

I don't think we have opened a call at Cisco itself. For the encryption plugin, we opened several support tickets for the implementation. Their support was helpful. It was more technical advice.

I would rate their support an eight out of ten. They are very responsive and they quickly come up with the right answer, which is important. I never give nine and 10. So sometimes they are, sometimes they come quick with responses, but within all the years, sometimes it takes a while until they find a good response. Like that book is something that took a while to find out.

The initial setup was simple and easy. You open one screen of your on-premise Cisco ESA configuration and you copy-paste it to the other screen of your Cisco ESA system in the cloud. So the transition was very easy.

It took around one month to implement. 

The strategy was to get rid of the physical servers and move to the cloud.

We worked with Cameo to do the integration.

Pricing is okay. There are no additional charges. 

We looked at some competitors, like Proofpoint but in comparison, we chose Cisco ESA because we kept the same technology. We knew that the migration path would be less effort than the migration part if we went to another solution or Barracuda.  

Proofpoint was very good at creating general DLP policies, in that you could create policies and you apply them on different platforms, like Teams.

Cisco is a state-of-the-art product. I think Microsoft is catching up really quickly when you take the E5 license builder with it. I think Microsoft can take over the competition from Cisco but it could take a while.

It's a very mature product.

I would rate it a nine out of ten. 

We are an internet service provider with a few hundred customers. All our customers need a reliable solution for email security and this solution from Cisco helps us to implement the customers' needs and to offer the security the customers want.

We are using all the appliances on premises. They are virtual appliances only. We are not using the cloud because we own our data center.

With Talos threat intelligence we are protected. I cannot guarantee, 100 percent, that the protection will always be there because something new can appear on the market, something that Talos doesn't know, but we are confident that Talos assures us of all the security we need. We are happy to be using it.

We have customers who was looking at our product catalog, what we offer, and they said, "I don't need the email security appliance because at my company things are secure without that." The prices are quite expensive for the security appliance and the customer wanted to manage his business without it. After some weeks, we get a feedback from the same customer that the malware is already in his company and now all the data are compromised." After that, the customer chose to buy this email security appliance because his security was as important as anything else. We have more examples like that, that have happened in the last year. You are never secure without some solution from Cisco.

When it comes to preventing downtime, the Cisco Security Email appliance protects our customers so that they don't lose their information and can continue working. I am sure that many of our customers have been attacked with ransomware and with malware and this solution protects them.

• We are using Advanced Malware Protection since a few years and It works very well. 
• Our customers are safe now using the AMP sandboxing solution. 
• The appliance has more security such as SPF, DKIM, DMARC, and encryption. 

There are a lot of security features that we can implement.

All the appliances are connected with Cisco Talos and they check, in real time, with Cisco Talos. AMP is using Cisco Talos, and we have other products from Cisco, such as web security and AMP for Endpoints, that are using Cisco Talos too. Talos is a very important tool that speaks with all Cisco products.

We have been struggling in the last month with Cisco encryption and with the S/MIME encryption. I don't know if it is an issue on our side or if these features of the solution are not working very well. The documentation is good but I'm not sure if the functionality in these areas of the solution is implemented very well. We are evaluating the situation.

I've been using Cisco Secure Email for between eight and 10 years.

The stability of the solution has made a very good impression. In the last two or three versions, I haven't found bugs or anything that could affect the stability.

The scalability has been fine so far. We are very happy to use the cluster functionality in the ESA. 

The same type of clustering in the ESA has not been implemented for Cisco web security and we have been waiting for years for that functionality for the web security. But in the Secure Email it's working very well and we are happy with it.

Sometimes the customer support for Germany is good and sometimes it's very bad. We have over 200 technicians and we have been working with Cisco products for 15 to 20 years. We have a lot of knowledge. If someone in customer support knows less than us, it is difficult to get them to understand what we are looking for or what our needs are. Sometimes we need to escalate, to ask for another technician who can help us. There are times when it takes days or weeks until we receive good customer support from Cisco or from this company that supports Cisco. And when there is an issue for our customer, a few days or a few weeks could result in a disaster.

I have deployed some 100 email security appliances, so from my side the deployment is very intuitive and simple. We don't have difficulty deploying it in our data center.

We create our own template in our virtual environment, and from this template we are deploying further security measures. To deploy it virtually takes about 30 minutes and after that the customization for our customer could take from half an hour to a few hours, depending on how complex it is.

We have five to 10 people involved in deployment of the solution. The people who work with it are technicians, the system administrators, administrators, and people in IT SecOps.

We tested only two other solutions, the Trend Micro product and the Check Point product, so I can't compare Cisco with all the solutions out there, but it's all the solution we need. For phishing and malware it's doing a good job.

We didn't like the instability with Trend Micro. Check Point was complicated to use; it was a very complex system. The Cisco system is intuitive, simple to use and simple to understand. I am a technician in our company, so I don't know which solution is cheap or which is expensive. But for the functionality we stay with Cisco because Cisco is our partner and this email appliance can connect with other Cisco products. They work together and that gives us confidence in using Cisco Secure Email.

When it comes to preventing phishing and business-email compromise, in the last year the efficacy has been improved. For four or five years this solution didn't work as well, but last year and this year we have seen that with every new version, the efficacy is there, and the solution is working better and better. Our customers are happy to use it. It has made a great impression in this area.

Similarly, regarding spam, malware, and ransomware, in the last few years the solution was not so good but there was not so much malware. However, these days, the email solution from Cisco does a real good job of preventing malware.

About half of our customers use Office 365. A lot of customers, if they are migrating to Office 365 from an on-premises Exchange server, choose to increase their security with Cisco. The combination of Cisco Secure Email and Office 365 is working very well. Since this migration to Office 365 started, over the last two to three years, we have had no complaints from our customers.

We have trusted Cisco's email security for eight or nine years and we are going to use it in the future. We recommended it to our customers. We are happy with how it works, with the stability, features, and functions.

All of our inbound and outbound emails flow through the CES environment and we leverage it for spam filtering, phishing filtering, malicious URL detection, attachment scanning, and data leak protection. It basically covers all of the security layers for email.

It's cut down quite a bit on the amount of false-positive spam that we get. The spam engine that's utilized by CES, we found to be pretty effective. It's rare that things end up in a quarantine when they aren't supposed to be there, which is very beneficial. I believe that was one of the reasons that we moved from the previous hosted solution that we were utilizing to CES.

The malicious URL scanning, as well as the anti-malware features, have been really useful for us in our environment. Specifically, the URL scanning has helped to knock down quite a few phishing attempts that come into the organization. The broader blanket automated attempts get knocked down pretty quickly since those URLs typically get flagged early on, and then the appliance just picks up on those URLs and knocks them down. It is the same with malicious attachments. The malware scanning that's done via AMP, which is deployed elsewhere in the organization as well, just grabs all of that before it hits the inboxes.

We have our email security feeding into the SecureX solution and it's nice to have all of our security platform statistics in one place. We leverage quite a bit of the Cisco security stack and having all of that feed into the SecureX dashboard is great. The dashboard continues to evolve, but it is at least nice to be able to see everything at once.

Integrating this product with SecureX was pretty quick and easy. Both of the solutions are cloud-hosted and the SMA, which is the reporting module that feeds the data into SecureX, was done via the API. The documentation on the SecureX portal walks you through exactly how to add the various integrations.

We leverage the AMP functionality that exists in CES, and it also ties into threat response, which is the threat-hunting platform that Cisco has. The benefits of these integrations were pretty important in the decision to stay within the Cisco product family. The threat hunting and threat response are really nice because we're able to see if something malicious makes it into the environment. Once that happens, we are able to trace that back and find out if that was done via an email, and then grab the information for that specific message. This will tell us if there have been any other indications of compromise on any other hosts. When it comes to being able to do that, having it all in a uniform environment is pretty important.

The UI is definitely one area of improvement because it doesn't match other interfaces and the navigation can be a little clunky. Generally speaking, it is just dated, and I know that they're working on enhancing it for later versions.

They should continue to develop their integration with Office 365 or Hosted Exchange since a lot of organizations, ours included, are moving primary Exchange services to the Microsoft Cloud. Being able to integrate tighter with that environment is important.

I have been using Cisco Secure Email since joining the company.

We haven't had any issues at all with the stability of the platform.

With it being cloud-hosted, it can scale as wide as you need to.

We have roughly 1,000 employees and all of our inbound and outbound emails go through this system. This means that there are several tens of thousands of messages a day flowing through it. We haven't had any sort of performance issues at all with our environment.

Cisco's technical support is very good. We've just recently had a couple of tech cases that we needed help with. We were researching why some of our partner's messages weren't getting through intact. Because this is a hosted solution and they have quite a bit of visibility, it has always been great.

We've never had any issues with support on this platform.

In previous organizations, we've leveraged Postini, which was a cloud-based solution that was acquired by Google. I've also worked in environments that have leveraged Microsoft's Office 365 email spam filtering, and they've been good, but generally, usability is sometimes a problem. It goes back to the UI and then the accuracy.

The amount of spam that is stopped has not always been great. As such, I feel that CES has a pretty good balance in that regard.

As this solution is hosted on Cisco's cloud, we don't manage the underlying infrastructure.

We probably have about eight individuals who work with it. Some of them are within our support organization, there are messaging or Exchange admins, and there are network engineers.

Return of investment is something that is difficult to measure because you're essentially trying to prove a negative. It is difficult to say what it has prevented or what has been stopped from happening. That said, I think the overall satisfaction, at least from the user perspective, is good.

When you consider the spam and anti-phishing components, in addition to the IT benefit of the anti-malware and antivirus, I think we definitely get an appropriate return. Nobody questions the expenditure on the solution as being ineffective.

With respect to transferring policies and licenses, Smart Licensing has really improved the overall licensing model for Cisco. We've been really happy with Smart Licensing.

There are additional fees for adding features. For example, things like AMP are additional licenses. Because it's all done via the Smart Licensing portal, when new licenses are acquired they're dropped in our bucket, so to speak, and then the solution just grabs those licenses. There is no back and forth required. The license ends up in the bucket and then the solution syncs with Smart Licensing and we're good to go.

For the future, we are looking at moving to newer versions that allow for additional advanced phishing protection. That's something that we're targeting. Also, we're trying to figure out how to streamline our mail flow with the majority of our inbound and outbound email that is now flowing through Office 365. Essentially, we're figuring out how we can tighten up that integration and lessen our dependence on on-premises Exchange for our mail flow.

With respect to versioning, it is controlled by Cisco. I believe that version 13.5 is when they introduced the advanced phishing protection. We're notified when new versions are released and we can ask for earlier versions, but we get adopted once those versions become generally available.

My advice for anybody who is implementing this product is to leverage the Cisco Validated Design (CVD) documents that exist. They're super helpful. Cisco has done a lot of work with Microsoft in figuring out integrations and documenting those. There is quite a bit of really good documentation, both within Microsoft and Cisco on building those integrations and configuring them.

We have also leveraged Cisco's adoption services around renewal times to make sure that we're using the platform to the fullest extent. They offer health checks for their hosted solutions, so on a yearly basis, you can sit down with an engineer and walk through and make sure you're on a good version of the code. You can make sure that you've again implemented from a high level, those feature sets correctly, and that you're leveraging things properly. Cisco does a lot of things to make sure that it's an easy renewal conversation to have, specifically with leadership.

The biggest lesson that I have learned from working with this product is to make sure that you're engaged with your Cisco teams to guarantee that you're getting the most benefit out of the platform. Again, you should be taking advantage of the health check services and adoption services because they're really unique.

In summary, this is a good solution but I think there's always room for improvement. I don't think that anything is perfect and they've definitely got some work to do on tightening up the UI and the configuration presentation. From a functionality perspective, the platform is great. 

I would rate this solution an eight out of ten.

The big use case is filtering inbound messages for spam and malicious messages. Obviously, it's a huge issue for everyone to keep as much of that stuff out as possible.

Users are getting a lot fewer malicious and nuisance messages. When we moved to the cloud product, we added in a service for graymail unsubscribe which we didn't have before. That makes it very easy for people to safely unsubscribe from mailing lists, especially the sort that they have been added to without knowing what the company is. That has reduced the amount of time users waste going through that process and the amount of time IT has to spend responding to questions about what they can do about things like that. In general, it's enabled us to spend less time addressing user issues regarding junk mail. It has also been better about not blocking legitimate messages, which again comes down to saving time for both users and IT.

The migration from the on-prem email security to its cloud email security saved us money, versus where we would have been if we had kept the on-prem with them. Versus the Microsoft service, it was basically a wash. But compared to Cisco's on-prem service, the cost is the same, but you don't have to pay for the hardware and you don't have to maintain the system, as far as upgrades and hardware failures are concerned. It is cheaper to operate on their cloud service than it is to operate with their on-prem service. The hardware savings are from whatever level of hardware we ended up not having to buy. If we had stayed on-prem with it, we would have needed to buy two new appliances that year, appliances which would have cost $10,000 or $12,000. I don't have a good figure on how much manpower we spent maintaining upgrades with the on-prem. It wasn't huge, but we probably save an hour a month, on average, on maintenance.

For maintenance, it depends on what's going on, but there may be a few hours a month for reviewing, reporting, and for addressing any user issues. User issues mainly revolve around things like, "Okay, the user hasn't gotten an email from so-and-so. Check and see whether or not they've got it." But as far as actually maintaining it, to ensure it keeps functioning, it's pretty minimal; maybe an hour a month. The people who handle the maintenance are from our infrastructure group, which is a combination of systems and network functions.

A few of the big features are ones that we found that we missed terribly when we moved over to Microsoft. One of them is simply the logging that they have in the reporting. For example, if I wanted to get logs about emails since last week, from a certain address, with native Office 365 I would have to submit the search requests and I would get an email a few hours later with the results. With Cisco, it's not only a lot more detailed information, but it's nearly instantaneous. So if you have to do any sort of research into an issue, whether it's security or something is missing, it makes that much less labor intensive.

The filtering is definitely better at catching both spam and malicious messages, and there's a lot of extremely granular ability for setting up rules. You can do it the way you want to. The Microsoft solution tends to be pretty limited in how it allows some of that to be done. It forces you into doing it a certain way, even if it's not good for your business process.

The interface is dated. It has looked pretty much the same for 15 years or so. It would be helpful to be able to do everything from one spot. The centralized quarantine and reporting are completely separate from policy administration.

We used it consistently from 2007 to the beginning of 2020, and when we went off of it, it was about three months before we started back up with the cloud option.

We haven't had any stability issues with it. It seems to be good.

I haven't seen any scalability issues. I'm not quite sure how scaling would be handled if we had a truly immense increase, but I haven't seen any challenges with it. We're on the small side so we may not be a good example.

We don't really intend to change our usage much. We use it for all of our inbound and outbound email.

I haven't talked with their technical support much in the last few years. The only issue I've had was a support case for getting command-line access set up. That was fine, but there was virtually no contact about it.

We have had two runs with Cisco Secure Email. We initially ran it on-prem and that started in 2007. It was the same year, or a little bit before, Cisco bought the old IronPort product. And last year, we initially ended up dropping the on-prem, when we were moving into Office 365. Although we were happy with it, the thought was, "Okay, if we move everything to Office 365, Microsoft can handle that. We have their full-blown mail filtering products." We thought it would probably save us some workload, not having an extra product to deal with.

The intent was that we were going to consolidate to a single product when we moved to the cloud for email, and we found out that it didn't work as well as we had expected. We didn't do a direct conversion from the on-prem to the cloud solution. There were a couple of months between it during which we tried the Microsoft option.

We then found out that they were not nearly as good as one would expect from a market leader in corporate email. I then contacted Cisco about what it would cost to do it in the cloud with their products. I was rather surprised to find out that they don't charge anything more to host it, than they do to have you run it on your own equipment. We ended up jumping back into it with their hosted solution, without really planning to. When the cost came back and was as attractive as it was, we decided, "Okay, this Microsoft filtering is not working out. Let's go back to Cisco." We went back to it and it's been working really well, better than it did when it was on-prem, because we don't have to maintain as much of it.

We had been using encryption on Cisco before, but we did end up leaving that with Microsoft, just because it integrates with their Outlook browser better. I'm at something of a toss-up on which one I prefer. Because the Microsoft solution integrates directly with the Outlook client, it is a bit easier for users to manage. But the encryption on it seems to work fairly decently, although it has the same problem that all of them do. There are tons of standards for that. Everyone has their own. It would be great if there was some sort of multi-vendor standard for that but, without it, we moved it over to the Microsoft solution and that seemed that to be a little easier for users.

Because we had those few months in between, we didn't qualify for a license transfer. We had let the initial service lapse and then we brought on the cloud service.

It ended up being a really easy setup for the Cisco cloud product. I was pleasantly surprised how much was already ready for you out-of-the-box.

I found the setup to be straightforward, as someone who was familiar with the management environments. If I had not had the experience with it, there would have been areas that could use more documentation to explain what different sections of the product do. But I had been using it for a long time, so that was not an issue. But I could see that is an area they could put more into. We also had a technical contact available to us for when getting started, to whom we could reach out. But it would be good to add in some more entry-level documentation.

As far as the policy setup goes, our equipment was end-of-life and we weren't at a version that we could migrate from. So we decided to do greenfield for the setup and we're actually happy we did because Cisco's default setup on its cloud product, when they brought up a new blank instance for us, had a really good framework for rules, et cetera. We copied in exception lists and the like from our existing setup and we were up and running in an afternoon.

When we went in, we initially did it as a trial, because they offered a 30- or 60-day trial. We did that to see if this was what we wanted to do. We ended up poking around in the environment a little bit first, because the whole thing was an unbudgeted change for us. When we moved over to Microsoft we found we were having all these issues. We put some resources into trying to resolve them but we saw there were deficiencies in Office 365, when it comes to the filtering of email. We started the trial with Cisco to see if going back to them and their cloud would solve things. We liked what we saw and decided to move everything over. The grass really was greener on that side.

The downtime involved in the migration from Cisco's on-prem solution to the cloud email security was minimal, about 15 minutes. The downtime aspect wasn't especially important since we did it after hours. It's emails, so it's not like anybody was going to notice that it was down for that amount of time.

The learning curve involved in migrating from the on-prem to the cloud email security was pretty easy. The environment really is very similar to manage in the cloud. If you look at the management consoles that you're used to seeing on-prem, and you look at the ones in the cloud, about 99 percent is the same. There are some things that are unavailable because Cisco is handling the software upgrades, but almost all of it that you had on-prem is the same. There are a few extra steps to getting into the command line, they're a little bit weird, but all the policies are identical to the on-prem method. There's not much learning curve involved in switching.

Overall, the migration was massively easier than I expected it to be. We did it on a Sunday afternoon and it only took about three hours.

We were in touch with the technical contact from Cisco for some basic stuff, for getting started.

We were just evaluating between Cisco and Microsoft's advanced threat protection.

We decided not to evaluate anyone else when we saw that Cisco was going to be less expensive than we thought it was going to be. My expectation going in was that the cloud service would cost more than the licensing for on-prem would, because they're hosting it. But that wasn't actually the case. It ended up costing about the same as what the on-prem cost, except that we didn't have to buy hardware anymore, which obviously saves some money.

It's definitely worth looking at Cisco's cloud email security offering. It's surprisingly simple to get going with, and it really is easier to use than the on-prem because of everything they have built into it. It is surprisingly cost-effective.

It's integrated with their AMP product, although that's sold as a part of it. We haven't integrated it with other Cisco stuff at the moment. We've got third-party stuff that we have it integrated with.