Cisco Secure Email Reviews

It is like a gateway for email. They receive all your email traffic. They send over your email traffic, and it is the first incoming point and the last outgoing point. They deliver the traffic to the destination. Whatever it is, you want to be informed of what is happening. Depending on the site's deployment, if you have a single device, then you have all the information on the device. And if you have several devices, you have all the information on every single device for each device. However, for consolidation, you need another device called Security Management Appliance (SMA).

It has no real interaction with other stuff. It does not interact with a gateway beyond the networking level. You have a router and that router provides IP addresses for a switch, etc. You don't have to integrate Cisco Secure Email with something specific since it is standalone and only requires basic essential networking. You can integrate it with a firewall, like ASA, but that firewall has to allow traffic. To do that, you would open port 25.

It is available to be deployed as on-premises, on the cloud, and hybrid cloud.

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

• For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
• DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

The most valuable feature is reputation filtering. In the beginning, it was based on just the IP source. but it has now evolved to domain reputation. It allows you to classify different IP sources and different sender groups, where you can reject to throttle to whitelist from any IP sources, domains, etc. Based on the reputation gathering, the reputation is powered by Talos security. It is a super powerful feature. That alone gets rid of more than 50% of the crap from the traffic flow, before even hitting the anti-spam or antivirus.

If you have some knowledge about email, it is a pretty simple solution that has many controls on different levels, from the gateway part to accepting messages from certain sources to stringent filtering. It is state of the art with anti-spam, antivirus, and different threat prevention features. 

SecureX is powered by Talos, Sourcefire, etc. Today, it is the largest, richest threat intelligence on the market. SecureX is quite standalone in regards to integration since you put it into the network, whether it is on your own cloud or a third-party cloud.

If you go to the filtering level, you can have very accurate features or filters since it is programmatic. At a certain point, you can define sets of rules, such as where the email is coming from, whether it has this content, or to apply this policy. For example, if it has the same considerations, but the content is different, apply this another policy. It is super flexible and very customizable to your needs. It is not difficult to use.

It provides information, reporting, logging, and tracking. It has powerful tracking, so you can know exactly and accurately where an email came from, for which specific device, etc. It shows the emails which were:

• Dropped
• Rejected
• Quarantined
• Accepted by which policies.

It also shows the rule sets applied for that email and considers

• The source
• The Offender
• Anything else that you may consider in an email.

It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure. 

You can consolidate on SMA if you want to spam or threats quarantined for multiple devices. It is not advisable for a single device, because if it fails, you are left without any email.

I would like to see a few changes to the UX. 

There is space for improvement with data loss prevention, particularly with third-parties integration. Data loss prevention is quite important, though most customers have some third-party or other elements in their network doing data loss prevention, specifically for email. However, if it could be possible to integrate with other solutions, not only on the email flow, but on analysis for a connector or something like that, then that would be ideal.

The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear.

I have been using it since 2004.

It does not add anything to the potential downtime for a corporation, unless everything fails. If all your email exchanges fail, then you don't have email, but this solution does not affect the performance of your whole network. 

At the minimum, you need two devices. If you have two devices and one fails, then the other one can handle the work, though you might have some email delays.

You should keep track of what is going on. It does need some daily administration, fixes, and policy changes.

In general, their technical support is really good. There are a few who are still learning, e.g., not providing enough help, but there is always the option to escalate.

It was the IronPort before Cisco acquired it in 2007. It is the same appliance and software. This solution has been upgraded by several versions, but it is basically the same, they just changed the name. 

I have done the architecture for a company in China.

It is a super big router that costs a few hundred thousand dollars.

These days, the first tiers of this market have good enough anti-spam, antivirus, etc. These have become routine. There are some other not-so-good solutions, like Barracuda and Fortinet, but it depends on how much you are willing to pay as this solution is not cheap.

The best other solution is Proofpoint. They have been long-time competitors who have also been evolving. The big difference is it is more fancy because it has more bells and whistles. The solution is good as well. However, they are super expensive, not cheap.

If you want a multi-tiered deployment, you could perhaps have Secure Email on the cloud and Proofpoint on-premises. Then, you have the two best solutions in the market working together. I have customers who have done this and are satisfied. Very few solutions can compete with Secure Email and Proofpoint outside of the price. If your budget is a problem, then you have a problem.

Along with Proofpoint, this is the best solution in terms of preventing spam, malware, and ransomware.

Check Point has fancy graphics and an interface where you can do a lot. The Cisco Secure gateway has both, though not as fancy as Check Point, but a big majority of the tasks can be done on the graphical interface level.

It is not so difficult to us, but neither is it easy, particularly if you don't have some knowledge about email.

Whatever you are looking for with an email security appliance or device, you mostly have it, though nobody is perfect.

The solution’s ability to prevent phishing and business-email compromise is fairly good. DKIM, DMARC, and SPF integration are the best way to prevent phishing, spoofing, etc. However, they still have room to work in this area.

It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

The bulk of the email stopped would be marketing. Spam-related email tends to be our biggest issue. The most dangerous contain malicious content, and those tend to be the worst.

The biggest issues are the social engineering and phishing. A lot of the spammers are actually quite good at spear phishing attacks and social engineering our emails. We obviously do checks. We run some simulations for our staff, where we try and train them so they are aware of what not to click on. Also, we have installed Umbrella and had it for a long time as well. Therefore, if something was malicious, and one of our users had clicked on it, Umbrella would usually stop anything outgoing. The combination of the two solutions has really helped secure our organization.

I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does.

The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have.

Over seven years.

We really haven't seen any issues on the stability side of it being cloud-based. We also have three virtual hosts that run in our environment. in the event that we lose one, there are two others. We have never seen any issues with the environment, which Cisco proactively monitors. They'll come back to us and indicate if there are any hardware performance issues and schedule appropriate restarts to appliances, if required. This happens occasionally. 

Given a lot of people target hospitals, we tend to be attacked more than other corporations because there are health records, health information, financial information, and research information. Cisco Secure Email Cloud Gateway and some other products have definitely allowed us not to have the downtime that we may have had if our previous products and solutions were in place. As far as I'm aware, we haven't had any downtime since we put in Cisco Secure Email Cloud Gateway and Umbrella several years ago, which has been fantastic. 

We have our security analyst who gets feeds out of Cisco Secure Email Cloud Gateway into our other products. We also get feeds into AMP for Endpoints, so we see what happens because we have our Cisco Secure Email Cloud Gateway integrated with AMP for Endpoints. That goes into our Threat Grid and Threat Response. 

Our server team might get queries about messages that might have been quarantined or someone having trouble receiving external emails. That's usually where a domain might be rated above our parameters and gets blocked. With something like 3,000 mailboxes, we spend at most an hour a day checking on the Cisco Secure Email Cloud Gateway environment. 

Our environment is scalable, and we monitor that with Cisco. When we do our periodic Health Checks, we look at the performance of the appliances and how they're doing. They're handling the 10 to 12 million emails that we do receive through Cisco Secure Email Cloud Gateway a month. There are about 90 percent which are not even forwarded onto us. Therefore, it's handling the capacity that we have at the moment. At this stage, there's no need for any increase in our hardware.

It's an invisible service where every piece of email going in and out of the organization goes through CES.

We are doing more integrations with other security products, like Threat Grid, Threat Response, and AMP, along with SecureX. Getting the Cisco Secure Email Cloud Gateway feed into that and have one pane of glass to see the threats of the organization through both emails, firewalls, routers and VPN is fantastic. 

We have a team of resources at Cisco that we can call on, if we need things escalated. Having great customer-centered service and support is one of the reasons why going with Cisco has been such a fantastic decision for both organizations that I've been at.

Positive

Prior to using Cisco Secure Email Cloud Gateway and my being at the organization, they had a Qbot massive issue. I don't know a lot of the detail, but at the time, we had a lot of machines that had to run certain versions of software. Because of it being older software, legacy-type applications, they were more susceptible to issues. Qbot just went through the organization and took out a lot of that equipment/machines. Cisco actually came in and assisted to get rid of all the issues that we saw with Qbot, etc. It took several weeks spent by Cisco and other organizations trying to resolve our issues with Qbot to get things operational and back to normal. That was really the catalyst to get Cisco Email Secuity into the organization.

We were previously using McAfee for both their Endpoint Protection as well as for Email Servers. The difference was the volume of emails hitting our email servers. The servers had to deal with 10 million emails a month. Having to process those additional emails and pushing them onto users took a massive amount of infrastructure and resources at a server level. Whereas, at the moment, our servers are not having to deal with that because we have Cisco Secure Email Cloud Gateway right outside of our perimeter.

One of the reasons that we switched away from McAfee is that we moved to an enterprise agreement with Cisco. Under that, we get the Cisco Advanced Malware Protection (AMP) for Endpoints. Once we went down that path and install it, there was no point in having McAfee as well when the AMP for Endpoints already has some of the different engines. Plus, there was a duplication of costs and applications, such as the support costs as well as to maintain multiple antivirus and endpoint protection software.

At my previous organization, we were using the standard Office 365 controls and Email Gateway before we put in CES. The amount of email and spam that we got, even malicious emails, through Microsoft was horrendous. We ended up having four different massive outages because of getting some viruses in the organization and some of our file servers along with encrypted user hard drives. We had four instances of major outages where we were down for probably 24 hours each time, and that was only because we had the backups. We also had some other measures where as soon as we saw any change in the root directory (as that data encrypts our file shares), we'd automatically shut the services down. However, this was an inconvenience for the users. You would end up getting the initial malware, then also having to do remediation to get it back to normal. When you have potentially hundreds of staff who are offline for 24 hours, it's a very big cost to the organization when you don't have your systems up and running. 

When the malware got through Office 365 on four different instances, that was directly attributable to the difference between Office 365 and CES. Our users still had to get their email through our on-prem server, but we did not let staff get their emails directly from the Microsoft 365 Server.

Once we put in CES, these issues disappeared altogether, and we were thankful that the volume of spam emails decreased considerably. Office 365 is a good second check to CES, but there's nothing that I've ever seen which has gotten through Cisco Secure Email Cloud Gateway that Office 365 has picked up.

The initial setup is straightforward. Cisco does a very good job of onboarding customers and setting it up so it's very much ready to go based on some fairly standard settings from Cisco's point of view. 

The deployment took only a few hours. Even at my previous organization, it was very quick. Once it was done, we changed our MX records to go to Cisco Secure Email Cloud Gateway instead of Office 365. From there, email went from Cisco Secure Email Cloud Gateway to Office 365. It was pretty simple. We had control of our DNS so it was very quick and easy for us to change the records and get our email flowing through Cisco Secure Email Cloud Gateway. We could see the benefits straightaway. We could see just how much volume was coming in, e.g., in my previous organization, we had something like a million emails per month, of which eight percent would be delivered to our end users.

In terms of switching from one solution to another, it's seamless for the user. They are not seeing the downtime because they're connected to the local Exchange Server. Therefore, they're not seeing the upstream components. There might be a slight delay in terms of the MX records globally, but that is, at worst, 24 hours. So, there might be some delayed emails, but that's probably the only thing. Once we had switched over, we received positive feedback saying, "Hey, what have you done? It's been fantastic. You've reduced the amount of spam messages we used to get."

It was easy enough to do the implementation with Cisco and their support because we had adopted an enterprise agreement with them. Therefore, we had the support of Cisco implementing both Cisco Secure Email Cloud Gateway and Umbrella into our organization. They were very good at helping getting up and running.

There was one of my other staff who assisted me in setting up Cisco Secure Email Cloud Gateway with Cisco. It was relatively simple and easy. 

Doing Health Checks with Cisco have been fantastic. Being able to do those every few months and going through what other options that we might want to lock down or change gives us an opportunity to ask them questions, see what we could be doing better, or what new measures/features have been deployed, furthering securing our organization. The Health Checks are an invaluable service that Cisco provides to CES.

In my previous organization, avoiding four instances of CryptoLocker within an estimated six month period is approximately $600,000 in lost time and effort. Our five year cost was about a million dollars, and the four outages that we had equated to 65 percent of that five year cost. It ended up being a very simple decision to go with the security enterprise agreement with Cisco, which included Cisco Secure Email Cloud Gateway and all their other cybersecurity products.

Office 365’s native security controls to protect your organization compared to this solution are terrible. With Office 365, unless you actually pay for the advanced options with email security, they're actually quite useless. You've no control over the standard offering.

My previous organization did look at the Symantec Cloud solution. At both organizations, it didn't really make any economical sense to look at other vendors. If we had an enterprise agreement with Cisco, then you get the support from Cisco that's second to none, where you get somebody on the phone straightaway to work through your issue until it's resolved. My previous dealings with Symantec and McAfee are that they're not as customer-focused in terms of their support. Cisco has been.

Don't have an organization that doesn't have this sort of protection in place. If I was to be in another organization, and they didn't have this sort of protection, I would definitely be advocating that they get something in very quickly.

Don't hesitate: The benefits are there. It can be seen as being a large cost. However, if you've ever had any instances where you've been affected by malware or CryptoLocker, there are a number of things that you should be doing as an organization: perimeter email security, DNS protection, and removing USB access on devices. These are probably the top three things that I'd be advising people to do.

We don't use Office 365 (which is now Microsoft 365) at the moment, but it's something that we are looking at. Being a large hospital, we're looking at aligning ourselves with our Department of Health so Office 365 is something that we will be using that to a certain extent. However, we would still be using Cisco Secure Email Cloud Gateway if we did move to that. We would deliver emails from Cisco Secure Email Cloud Gateway into Office 365. That way, we would still have the security. That's how I've set it up at previous organizations: Going from Cisco Secure Email Cloud Gateway into Office 365, delivering to our on-prem Exchange Server, and then onto our users.

The amount of traffic that it stops is massive. I would rate it a 10 out of 10.

The main use case is simply as a point of contact for all the emails to go through first, before they ever get into the Office 365 environment, so they can be scanned and checked for malware and spam, all before Office 365 even sees it.

We're currently on version 12. Our instance is in the cloud and we don't actually upgrade it, they do it for us. It should be upgraded to 13 in the next month or two.

The last time I checked, which was about a month ago, when I looked at all the emails sent to any of our domains — because we have about 10 email domains, and they all go through the appliance — by looking at a report the solution has, I saw that 84 percent of the email sent to those domains never got to our Office 365, because it was spam, malware, phishing, or there was something wrong with it. So it stopped 84 percent which was bad email. Based on my experience and talking to users, 99.8 or 99.9 percent of those emails that were stopped were spam or malware. There might've been 0.1 percent that was caught by the mistake. But that's 84 percent of email not even getting into our systems.

It has prevented downtime. The simple fact that 84 percent of them were stopped keeps people from having to look at those in their mailbox. If you take 1,000, out of that number 840 didn't even come through. That's less wasted time going through your mailbox and reviewing your messages. It also frees up the users, when they do see something that's not anywhere near normal, to clue in that there might be something wrong. We have had emails get through, phishing emails and things like that — it has happened — but I would say we probably get one through about twice a month, at most. The users will immediately shoot it right to the help desk. "Is this real? Is this spam? Is this something I should do?" There's no way to really put a number on it, because I've never really looked into it, but if nothing is coming through that you didn't want to see, then there's no downtime.

Only in a couple of cases have we had a user actually do something they shouldn't have done before they notified us, but that's training. You never have a perfect solution. Two a month is our average, over the last year, of emails that got through that we wished hadn't gotten through, but no harm came of it because the user notified us, and we just told them, "Delete it." We make sure everything is working right and that there was no malware involved and we let it go.

Also, as far as the IT department goes, it's made our lives a lot easier. We get emails if anything does happen. We've chosen to see any event. We only get notified of exceptions that we want to investigate or we want to look into. That makes things easier because we're not out looking all the time. We can wait for the email to come in.

We can look at the updates and the different changes Cisco makes to the system to see if any of those things is going to help us. We think about whether we want to invest any time in configuring those? And once it's configured, you're done. The most difficult part of that is remembering what you did. So we've learned to do our documentation that much better because we need to be able to go back and read what we did before, what we configured.

Our company might buy another company, so we have another domain to add our list of domains for email. In less than an hour we have all that set up and the whole system working, with emails going through the appliance. It's saved us a tremendous amount of time daily, just in terms of keeping track of things.

Their trajectory feature is the most valuable. What I mean is that it has the ability to tell us, after an email has been delivered, where else it went, once it got inside. Maybe it's something we wanted it to stop and it didn't stop it, but it notified us later that it was something that it should have stopped. It can give us a trajectory of all the other places that it went internally and it can tell us what files were transferred as well.

It does a great job of preventing spam, malware, and ransomware. I can only go by what people have told me and what I've seen, but I have not seen spam in a year and a half to two years in my own company mailbox. And there are not a lot of catches where it's catching something that should have gotten through, either. We have an email going out daily of everything it puts into quarantine for a user, so the user can release it if it was caught accidentally. In the last six months, I have probably have had to release six or seven emails. It's not catching them. It's doing a good job of striking a good balance.

That is partly due to how you configure it, but we used the standard, best practices when we configured it. We do go back to Cisco, when they offer a free evaluation to review our configuration every nine to 12 months. That helps us make sure that it's set up right and, if there are any new features, that we're aware of them. We do take them up on that every time they offer it.

When it comes to phishing, I would not give this appliance a perfect score by any means. It's hard to get a perfect score on phishing with any solution. But typically, in a phishing email, they try to use a name everybody's going to recognize, like the CEO's name or the CFO's name. They might spell it wrong, but they will try to get your attention so that you'll do something.

With this appliance, the way it's designed at the moment, for us to really stop that with any level of confidence, we have to build a dictionary of all the names of the people we want it to check, and all the ways they could be spelled. My name would be in there as Phillip Collins, Phillip D. Collins, Phillip Dean Collins, Phil Collins, Phil D. Collins. There could be eight or 10 variations of my name that we'd have to put in the dictionary. There's no artificial intelligence to say "Phil Collins" could be all these other things, and to stop phishing from coming through in that way. It is stopping a lot of phishing when we do use that dictionary. We essentially let the email come in, but we put a header at the top, in red, telling the user to be very careful, this may not be a real email, and let the user decide at that point, because it's looking at whether or not it came from a domain outside our domains.

If I have to send myself an email from my personal domain at home, it has my name in it, Phillip Collins. We want it to notice that Phillip Collins is a name that's in the company directory, but it's not coming from one of our domains. We want the user to understand that that is how they get around it. Phishing emails will come from the attacker's own email address, but they will set the display name, what you'll see, as something familiar. That's why I wouldn't give it anywhere near a perfect score, because the artificial intelligence just isn't there yet. You have to manually put these things. As you have people come and go in your organizations, you have to decide if you want these people in that dictionary or not. If they leave then you've got to take them out. There's a lot of work to doing that with this solution at the moment.

Another minor thing is the interface that you work with as an administrator. It is not as intuitive as I would like it to be. It's all there, if you understand what you're doing; what email is doing and how you detect certain things. It is not difficult at all to work with, but it could be more intuitive for somebody starting out.

Finally, they separate the email security appliance from the reporting appliance. It's the Cisco Secure Email Gateway and the SMA; they are two separate appliances. The reporting appliance just gets information from the email security appliance and helps you formulate reports. To me, that should all be one. It doesn't bother me that it's not, but sometimes I have to think, "Do I need to go to this appliance or this appliance to get that information?" It should all be in one place, but those are minor things.

I have been using Cisco Email Security for two-and-a-half years.

It's extremely stable. It hasn't gone down on us since we've had it. They made a major move, moving their appliances out of the AWS cloud into Cisco's cloud. They notified us they were moving and we talked about it. We really didn't have to do much of anything, and there was no downtime at all when that happened.

We do have two security appliances in the cloud, so if one went down, the other would pick up. There is redundancy at the hardware level, but we've never gone down.

It's extremely scalable, especially with it being a cloud appliance, because you're not bound by the hardware like you might be if you bought from an on-prem installation. If we need to go from 500 to 1,000 users, they can just tweak the hardware settings on their end and we're ready to go. I don't think scalability is an issue at all with it being in the cloud.

There are approximately 425 email accounts that it's monitoring and when I last looked at the report about a month ago, there were 25,000 emails a day, on average, that it was analyzing for those 425 users. We're about to add another 50 to 60 new users from a company we just bought. We'll go up to nearly 500 in the next month or two, but I don't see any issues with that . We'll be adding their domain to our system and then adding the users.

I've worked with Cisco support two or three times in the two-and-a-half years we've had it and it's been wonderful. Most of what I've done is through email because it hasn't been an issue where the system is down. It was just that I wanted to understand something better or I wanted to implement something and needed to know if it was included. And if it was included, how would I work with it and could they send me the documentation? Always, within two or three hours, I've gotten a response, which is very acceptable to me considering we're not down. They've always gotten back rather quickly, and resolved almost everything within one or two emails.

Before this, we really didn't have a comprehensive email solution. We were simply using the antivirus on the machines. We didn't have anything to stop it from ever getting in, in the first place. Comparing it to other products I used before I came to this company, just about four years ago, it's done much better than any other product I've ever used.

I don't have any way to compare it to anything my current company had before because it didn't have much of anything before. When I came in, that was one of the tasks I was given —securing the email — along with moving us to Office 365. The company had been hit with ransomware before I got here. It had that experience of being attacked and being caught with ransomware, and it didn't have an IT department before I got there. I was the IT department for the first year. We've grown tremendously since then.

On a scale of one to 10, with 10 being complex, the initial setup is about a four. It's not that complex. But that's what I meant about the interface. You've got to jump around from place to place to do it. It does have some good menus, but a quick wizard is something that would be nice, where you could just walk through it, and not have to jump between different sections of the menu.

The original deployment took about half a day, if that long. There were probably another eight hours' worth of work on my part going into it, getting familiar with it, and finishing some things here and there.

When they went through it with us, we hit the high points and the main things. I did most of the connecting it to Office 365. Once you do the main things, you always need to go back and you look for those little things that might help you. A little tweak here, a little tweak there — sensitivity settings. So I spent about another eight hours going back and reviewing everything and making myself feel comfortable that it was actually doing what it was supposed to do. There were probably another eight hours over the next couple of months after that, watching the reports and spending enough time with the reports to make sure that it was operating the way we wanted it to.

In terms of our staff involved in deploying and maintaining CES, it's me and there's a junior infrastructure engineer who works with me.

The simple fact that users don't get trashed by email means we're working a fraction of the time that we used to work on emails and dealing with the results. It's paid for itself twice over, in my opinion. It has to have done so, based on the time we were spending on it.

You're going to get what you pay for. If you're not willing to pay the price of Cisco, you're not going to get a product that's as good as Cisco. I don't think Cisco is overpriced, because for the last two years I've been comparing it to Microsoft and Cisco has been cheaper and given us more features.

It really comes down to analyzing what you are actually getting. You might find something at half the price, but what are they not giving you that Cisco's giving you, and do you think that that matters to your company or not? It's an individual thing, but that was what we looked at. Does that make a difference to Revolution as a company or is it something we can do without? Cisco gave us the best overall package.

The only other vendor we really looked at seriously at the time was going with a Microsoft solution and Office 365. Even back then they had something, not that it was very good. But it's simply that we were a Cisco shop, in the sense that we've had Cisco firewalls and Cisco switches for the infrastructure. At that point we had already committed to their Firepower option on the firewalls that collected the information. We had been doing that for about a year. I went to one of their events in Little Rock and that's where they talked about it. I was intrigued and did some more research on my own and determined that this was something we couldn't pass up. 

We were a Cisco AMP shop for our antivirus already, which is part of Firepower in a sense. Everything was going to Talos already. The email just made sense because they would all talk to each other and they would get all the information from all the different angles, even across to web access through their Umbrella system. We used that for about a year. When we got our new SD-WAN, it had a lot of the same features the Umbrella system had and we dropped it at that point.

You can put all your eggs in one basket and that can be bad, but in this case it wasn't. It actually worked out well for us.

Everything goes through Cisco so we don't really see anything happening in Office 365. We do have the basic settings for this or for that set in Office 365, but we haven't gone in and fine tuned it the way we did Cisco, because Cisco's the main point of blocking things. When we chose the Cisco solution, there was no way Microsoft's Office 365 solution could have done what we needed it to do. There was no way it would have had any of these major capabilities we needed. It wouldn't have blocked a fraction of the email that the Cisco appliance does. I try to keep up on this and it could be that Microsoft's new ATP might be a game-changer. What I've read sounds a lot like the Cisco appliance. But Microsoft has thrown a kicker in there by adding artificial intelligence. With Microsoft, I wouldn't have had to put in all the name combinations because it would interpret all the names I need it to interpret, even with characters and symbols. I haven't tried it, and I don't have plans at the moment to do so, but from what I've read, Microsoft is catching up.

There are some issues with Microsoft with their integration, simply because you pretty much have to go all-in with Intune, Autopilot — all those features and tools they have to get Microsoft ATP to work. And then you've got to buy the Microsoft 365 E5 license to get all of those security features.

If things are similar, it all comes down to cost and we look at that every year when we renew. What are we paying Microsoft in subscription fees and what is Cisco costing us? So far, Cisco's been cheaper than upgrading Microsoft to the license level we need. Our contract renews in November, so we'll look at it again. That's when we really delve into Microsoft's capabilities. We would want to make sure it would do everything Cisco is doing, before we would make a change, if Microsoft were price-competitive.

Take Cisco up on the offer to walk you through the implementation. It's not that it's a necessity, but it certainly gives you a good feeling, when you're done, that you've covered all your bases. It gave me a good feeling that we covered this and we covered that and they showed me where things were. They give you a copy of the recording where you were on with them and went through everything. You can go back and watch it again later to review it. The same thing is true with their reviews every nine to 12 months. They record them and send you a copy of the recording so you can go back and look at it.

Take them up on that and be willing to sit there and just ask pertinent questions and make sure you understand as you go through it.

As far as the threat assessment analysis goes, what they analyze is what that the appliance decides to send them. That is part of the way it works. When it thinks it has found something and it's not certain, it sends that to Talos first. We don't even know it happened. They get a chance to review it and make a decision of yes or no: this should be stopped or we should go ahead and let it through. We have not leveraged anything other than that from the Talos threat management. We lean on them to help us make sure the right things come through. There have been several times that I have gotten an email as an administrator — you get these emails about statuses — that says, "This has been quarantined in the cloud until we can make a decision," and it will hold it. And once they make the decision, it either stops it or lets it go.

Something else that we're going to begin this year is a training solution to help our users understand what to look for.

I would give Cisco Email Security a nine out of ten. I would give it a 10 if it had a more intuitive interface and the artificial intelligence so we didn't have to do some of that manual stuff.

Cisco Secure Email is a budget-friendly solution.

I am not satisfied with the solution's reporting and logging.

I have been using Cisco Secure Email for the last five years.

I like Proofpoint's reporting, management, and interface. It has a single dashboard, very simple configuration and integration, and a very user-friendly GUI.

The solution's initial setup is not difficult. However, it has the management's separate interface and email security's separate interface, which we need to manage.

It was not difficult to integrate Cisco Secure Email with other products in our infrastructure, but it has many complicated options. Sometimes, we need to go to the command line to check the debugging. The solution's DLP (data loss prevention) feature is partially for compliance. DLP needs a full-fledged solution with the agent implementation. Until the agent is not there, you cannot implement DLP.

The solution's email encryption feature works fine. Cisco Secure Email is not a single platform. The engineer has to be a little technical to understand the command line, which is different from the firewall. There are different types of command lines. You have to check the mail log using different command lines.

Overall, I rate the solution eight and a half out of ten.

I use the solution for email security. 

The tool comes with AI features. It is good for clients who already use Cisco products due to integration. 

Cisco Email Secure's pricing needs to be less. We have vendors who provide cheaper solutions with the same features. 

I have been using the product for half a year. 

I rate the solution's stability an eight out of ten. 

I rate Cisco Secure Email a nine out of ten. 

The tool's technical support team answers queries quickly. 

Positive

Comparing Microsoft Defender and Cisco's Email Secure service, partners have noted that while Microsoft Defender offers email security, the tool's additional layer of protection provides further defense against threats like spam and phishing emails. The AI features filter out phishing emails. I have worked with FortiMail and Barracuda before Cisco Secure Email. 

The product's deployment is easy in a cloud environment. You don't need to install it for the Office 365 product. 

Cisco Secure Email is more expensive than other products. I rate it a five out of ten. There are no additional costs. You only need to pay the subscription amounts. 

I rate the overall product a seven to eight out of ten. 

Cisco Secure Email has strong inbound services. 

The solution does not have a strong outbound service. It should also integrate DLP. 

I have been working with the solution for five to six years. 

I rate the tool's stability seven to eight out of ten. 

I rate Cisco Secure Email's scalability a five out of ten. 

Cisco Secure Email's installation is neither difficult nor simple. I rate it a seven out of ten. The tool's deployment takes around an hour to complete. 

You need to look for more options before finalizing Cisco Secure Email. It does not get in touch with us regularly for feedback. I rate it a seven out of ten. 

It is easy to use. It is not widely used, but it is not tough to understand. Usually, it takes five to six months to become an expert in that particular product because there is not much in it.

The Cisco database is more bug-prone and less accurate than the databases of other email security solutions. Whenever we get a phishing email, Microsoft email server, TruePoint, or Barracuda, they have a much better database. Because Cisco is using Talos, which is not a good database, they do not have much information in the database. So that is really lagging very much behind.

So that is not much recommended by the customers. Every time, customers get frustrated by using them.

There's room for improvement in the DevOps database. It has many spam emails. Usually, we have to report to the Telos team for samples, whether it's spam or a legitimate email. If that is done, then the customer environment won't get compromised easily because more than 80% of cyber-attacks are through emails. So email is like sanitizer it was used in hospitals before COVID, but after, it's provided widely to users.

I used this solution for a year. 

I would rate the stability a six out of ten. We had multiple issues with the stability. Usually, the customer complains that there's an email coming from an outside sender, and it enters our environment, and our email gets multiple emails from a single sender. There might be suspicious emails or multiple things that we usually get from customers.

I would rate the scalability a seven out of ten. Cisco has to improve its database because email security is something like DNS servers. So we have to improve the database and put more information initially in it. 

The initial setup is easy. It starts with the VLS for Open IT. Initially, the host access table is there in the front end. Based on that, we can filter out traffic with IPs from the scale of -10 to +10 if it applies. If you want to whitelist an IP, you need to check the IVRX code. If that code is okay, then we provide a list based on the organization. 

It's a bit easy to handle Cisco Secure Email; it's not that difficult. For the logs, which are in PDF format, it's not hard to read them. We don't need Wireshark much to analyze the logs.

Usually, it's GUI-friendly, and also, the Relics are there on the GUI. We can create some relics, or it's automated from the backend by the development team. We just put in our initial setup requirements, and based on that, we create a red x rule. Then we can implement it into the message filter, and we can handle whatever we want, whether it's blocking emails coming from spam or anything else.

Overall, I would rate the solution a seven out of ten. Once you have hands-on experience with it over a period of time, you will get hands-on experience, and you will be able to understand it. It's easy to use, not that much complicated.

Cisco Secure Email's most valuable is email certification.

The product's GUI for the dashboard needs improvement.

We have been using Cisco Secure Email for one year.

I rate the product's stability a ten out of ten.

One administration executive in our organization uses Cisco Secure Email. I rate its scalability a ten out of ten.

The initial setup has medium complexity. I rate the process a five out of ten. We follow the Cisco guidelines for deployment. It requires two executives to conduct the process.

It is an expensive product. I rate its pricing an eight or nine.

I recommend Cisco Secure Email and rate it a ten out of ten.