IT Central Station is now PeerSpot: Here's why

Cisco Secure Email OverviewUNIXBusinessApplication

Cisco Secure Email is #2 ranked solution in top Email Security tools. PeerSpot users give Cisco Secure Email an average rating of 8.8 out of 10. Cisco Secure Email is most commonly compared to FireEye Email Security: Cisco Secure Email vs FireEye Email Security. Cisco Secure Email is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 23% of all views.
Cisco Secure Email Buyer's Guide

Download the Cisco Secure Email Buyer's Guide including reviews and more. Updated: August 2022

What is Cisco Secure Email?

Customers of all sizes face the same daunting challenge: email is simultaneously the most important business communication tool and the leading attack vector for security breaches. Cisco Email Security enables users to communicate securely and helps organizations combat Business Email Compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multilayered approach to security.

Cisco Secure Email was previously known as Cisco Email Security, IronPort, Cisco Email Security, ESA, Email Security Appliances.

Cisco Secure Email Customers

SUNY Old Westbury, CoxHealth, City of Fullerton, Indra

Cisco Secure Email Video

Archived Cisco Secure Email Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Phillip Collins - PeerSpot reviewer
Sr Infrastructure Engineer at Delta Plastics of the South
Real User
Stops the vast majority of email from getting in, across our multiple email domains
Pros and Cons
  • "It does a great job of preventing spam, malware, and ransomware. I can only go by what people have told me and what I've seen, but I have not seen spam in a year and a half to two years in my own company mailbox. And there are not a lot of catches where it's catching something that should have gotten through, either."
  • "It has the ability to tell us, after an email has been delivered, where else it went, once it got inside. Maybe it's something we wanted it to stop and it didn't stop it, but it notified us later that it was something that it should have stopped. It can give us a trajectory of all the other places that it went internally and it can tell us what files were transferred as well."
  • "Typically, in a phishing email, they try to use a name everybody's going to recognize, like the CEO's name or the CFO's name... With this appliance, the way it's designed at the moment, for us to really stop that with any level of confidence, we have to build a dictionary of all the names of the people we want it to check, and all the ways they could be spelled. My name would be in there as Phillip Collins, Phillip D. Collins, Phillip Dean Collins, Phil Collins, Phil D. Collins. There could be eight or 10 variations of my name that we'd have to put in the dictionary. There's no artificial intelligence to say "Phil Collins" could be all these other things, and to stop phishing from coming through in that way."

What is our primary use case?

The main use case is simply as a point of contact for all the emails to go through first, before they ever get into the Office 365 environment, so they can be scanned and checked for malware and spam, all before Office 365 even sees it.

We're currently on version 12. Our instance is in the cloud and we don't actually upgrade it, they do it for us. It should be upgraded to 13 in the next month or two.

How has it helped my organization?

The last time I checked, which was about a month ago, when I looked at all the emails sent to any of our domains — because we have about 10 email domains, and they all go through the appliance — by looking at a report the solution has, I saw that 84 percent of the email sent to those domains never got to our Office 365, because it was spam, malware, phishing, or there was something wrong with it. So it stopped 84 percent which was bad email. Based on my experience and talking to users, 99.8 or 99.9 percent of those emails that were stopped were spam or malware. There might've been 0.1 percent that was caught by the mistake. But that's 84 percent of email not even getting into our systems.

It has prevented downtime. The simple fact that 84 percent of them were stopped keeps people from having to look at those in their mailbox. If you take 1,000, out of that number 840 didn't even come through. That's less wasted time going through your mailbox and reviewing your messages. It also frees up the users, when they do see something that's not anywhere near normal, to clue in that there might be something wrong. We have had emails get through, phishing emails and things like that — it has happened — but I would say we probably get one through about twice a month, at most. The users will immediately shoot it right to the help desk. "Is this real? Is this spam? Is this something I should do?" There's no way to really put a number on it, because I've never really looked into it, but if nothing is coming through that you didn't want to see, then there's no downtime.

Only in a couple of cases have we had a user actually do something they shouldn't have done before they notified us, but that's training. You never have a perfect solution. Two a month is our average, over the last year, of emails that got through that we wished hadn't gotten through, but no harm came of it because the user notified us, and we just told them, "Delete it." We make sure everything is working right and that there was no malware involved and we let it go.

Also, as far as the IT department goes, it's made our lives a lot easier. We get emails if anything does happen. We've chosen to see any event. We only get notified of exceptions that we want to investigate or we want to look into. That makes things easier because we're not out looking all the time. We can wait for the email to come in.

We can look at the updates and the different changes Cisco makes to the system to see if any of those things is going to help us. We think about whether we want to invest any time in configuring those? And once it's configured, you're done. The most difficult part of that is remembering what you did. So we've learned to do our documentation that much better because we need to be able to go back and read what we did before, what we configured.

Our company might buy another company, so we have another domain to add our list of domains for email. In less than an hour we have all that set up and the whole system working, with emails going through the appliance. It's saved us a tremendous amount of time daily, just in terms of keeping track of things.

What is most valuable?

Their trajectory feature is the most valuable. What I mean is that it has the ability to tell us, after an email has been delivered, where else it went, once it got inside. Maybe it's something we wanted it to stop and it didn't stop it, but it notified us later that it was something that it should have stopped. It can give us a trajectory of all the other places that it went internally and it can tell us what files were transferred as well.

It does a great job of preventing spam, malware, and ransomware. I can only go by what people have told me and what I've seen, but I have not seen spam in a year and a half to two years in my own company mailbox. And there are not a lot of catches where it's catching something that should have gotten through, either. We have an email going out daily of everything it puts into quarantine for a user, so the user can release it if it was caught accidentally. In the last six months, I have probably have had to release six or seven emails. It's not catching them. It's doing a good job of striking a good balance.

That is partly due to how you configure it, but we used the standard, best practices when we configured it. We do go back to Cisco, when they offer a free evaluation to review our configuration every nine to 12 months. That helps us make sure that it's set up right and, if there are any new features, that we're aware of them. We do take them up on that every time they offer it.

What needs improvement?

When it comes to phishing, I would not give this appliance a perfect score by any means. It's hard to get a perfect score on phishing with any solution. But typically, in a phishing email, they try to use a name everybody's going to recognize, like the CEO's name or the CFO's name. They might spell it wrong, but they will try to get your attention so that you'll do something.

With this appliance, the way it's designed at the moment, for us to really stop that with any level of confidence, we have to build a dictionary of all the names of the people we want it to check, and all the ways they could be spelled. My name would be in there as Phillip Collins, Phillip D. Collins, Phillip Dean Collins, Phil Collins, Phil D. Collins. There could be eight or 10 variations of my name that we'd have to put in the dictionary. There's no artificial intelligence to say "Phil Collins" could be all these other things, and to stop phishing from coming through in that way. It is stopping a lot of phishing when we do use that dictionary. We essentially let the email come in, but we put a header at the top, in red, telling the user to be very careful, this may not be a real email, and let the user decide at that point, because it's looking at whether or not it came from a domain outside our domains.

If I have to send myself an email from my personal domain at home, it has my name in it, Phillip Collins. We want it to notice that Phillip Collins is a name that's in the company directory, but it's not coming from one of our domains. We want the user to understand that that is how they get around it. Phishing emails will come from the attacker's own email address, but they will set the display name, what you'll see, as something familiar. That's why I wouldn't give it anywhere near a perfect score, because the artificial intelligence just isn't there yet. You have to manually put these things. As you have people come and go in your organizations, you have to decide if you want these people in that dictionary or not. If they leave then you've got to take them out. There's a lot of work to doing that with this solution at the moment.

Another minor thing is the interface that you work with as an administrator. It is not as intuitive as I would like it to be. It's all there, if you understand what you're doing; what email is doing and how you detect certain things. It is not difficult at all to work with, but it could be more intuitive for somebody starting out.

Finally, they separate the email security appliance from the reporting appliance. It's the Cisco Secure Email Gateway and the SMA; they are two separate appliances. The reporting appliance just gets information from the email security appliance and helps you formulate reports. To me, that should all be one. It doesn't bother me that it's not, but sometimes I have to think, "Do I need to go to this appliance or this appliance to get that information?" It should all be in one place, but those are minor things.

Buyer's Guide
Cisco Secure Email
August 2022
Learn what your peers think about Cisco Secure Email. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,548 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Cisco Email Security for two-and-a-half years.

What do I think about the stability of the solution?

It's extremely stable. It hasn't gone down on us since we've had it. They made a major move, moving their appliances out of the AWS cloud into Cisco's cloud. They notified us they were moving and we talked about it. We really didn't have to do much of anything, and there was no downtime at all when that happened.

We do have two security appliances in the cloud, so if one went down, the other would pick up. There is redundancy at the hardware level, but we've never gone down.

What do I think about the scalability of the solution?

It's extremely scalable, especially with it being a cloud appliance, because you're not bound by the hardware like you might be if you bought from an on-prem installation. If we need to go from 500 to 1,000 users, they can just tweak the hardware settings on their end and we're ready to go. I don't think scalability is an issue at all with it being in the cloud.

There are approximately 425 email accounts that it's monitoring and when I last looked at the report about a month ago, there were 25,000 emails a day, on average, that it was analyzing for those 425 users. We're about to add another 50 to 60 new users from a company we just bought. We'll go up to nearly 500 in the next month or two, but I don't see any issues with that . We'll be adding their domain to our system and then adding the users.

How are customer service and support?

I've worked with Cisco support two or three times in the two-and-a-half years we've had it and it's been wonderful. Most of what I've done is through email because it hasn't been an issue where the system is down. It was just that I wanted to understand something better or I wanted to implement something and needed to know if it was included. And if it was included, how would I work with it and could they send me the documentation? Always, within two or three hours, I've gotten a response, which is very acceptable to me considering we're not down. They've always gotten back rather quickly, and resolved almost everything within one or two emails.

Which solution did I use previously and why did I switch?

Before this, we really didn't have a comprehensive email solution. We were simply using the antivirus on the machines. We didn't have anything to stop it from ever getting in, in the first place. Comparing it to other products I used before I came to this company, just about four years ago, it's done much better than any other product I've ever used.

I don't have any way to compare it to anything my current company had before because it didn't have much of anything before. When I came in, that was one of the tasks I was given —securing the email — along with moving us to Office 365. The company had been hit with ransomware before I got here. It had that experience of being attacked and being caught with ransomware, and it didn't have an IT department before I got there. I was the IT department for the first year. We've grown tremendously since then.

How was the initial setup?

On a scale of one to 10, with 10 being complex, the initial setup is about a four. It's not that complex. But that's what I meant about the interface. You've got to jump around from place to place to do it. It does have some good menus, but a quick wizard is something that would be nice, where you could just walk through it, and not have to jump between different sections of the menu.

The original deployment took about half a day, if that long. There were probably another eight hours' worth of work on my part going into it, getting familiar with it, and finishing some things here and there.

When they went through it with us, we hit the high points and the main things. I did most of the connecting it to Office 365. Once you do the main things, you always need to go back and you look for those little things that might help you. A little tweak here, a little tweak there — sensitivity settings. So I spent about another eight hours going back and reviewing everything and making myself feel comfortable that it was actually doing what it was supposed to do. There were probably another eight hours over the next couple of months after that, watching the reports and spending enough time with the reports to make sure that it was operating the way we wanted it to.

In terms of our staff involved in deploying and maintaining CES, it's me and there's a junior infrastructure engineer who works with me.

What was our ROI?

The simple fact that users don't get trashed by email means we're working a fraction of the time that we used to work on emails and dealing with the results. It's paid for itself twice over, in my opinion. It has to have done so, based on the time we were spending on it.

What's my experience with pricing, setup cost, and licensing?

You're going to get what you pay for. If you're not willing to pay the price of Cisco, you're not going to get a product that's as good as Cisco. I don't think Cisco is overpriced, because for the last two years I've been comparing it to Microsoft and Cisco has been cheaper and given us more features.

It really comes down to analyzing what you are actually getting. You might find something at half the price, but what are they not giving you that Cisco's giving you, and do you think that that matters to your company or not? It's an individual thing, but that was what we looked at. Does that make a difference to Revolution as a company or is it something we can do without? Cisco gave us the best overall package.

Which other solutions did I evaluate?

The only other vendor we really looked at seriously at the time was going with a Microsoft solution and Office 365. Even back then they had something, not that it was very good. But it's simply that we were a Cisco shop, in the sense that we've had Cisco firewalls and Cisco switches for the infrastructure. At that point we had already committed to their Firepower option on the firewalls that collected the information. We had been doing that for about a year. I went to one of their events in Little Rock and that's where they talked about it. I was intrigued and did some more research on my own and determined that this was something we couldn't pass up. 

We were a Cisco AMP shop for our antivirus already, which is part of Firepower in a sense. Everything was going to Talos already. The email just made sense because they would all talk to each other and they would get all the information from all the different angles, even across to web access through their Umbrella system. We used that for about a year. When we got our new SD-WAN, it had a lot of the same features the Umbrella system had and we dropped it at that point.

You can put all your eggs in one basket and that can be bad, but in this case it wasn't. It actually worked out well for us.

Everything goes through Cisco so we don't really see anything happening in Office 365. We do have the basic settings for this or for that set in Office 365, but we haven't gone in and fine tuned it the way we did Cisco, because Cisco's the main point of blocking things. When we chose the Cisco solution, there was no way Microsoft's Office 365 solution could have done what we needed it to do. There was no way it would have had any of these major capabilities we needed. It wouldn't have blocked a fraction of the email that the Cisco appliance does. I try to keep up on this and it could be that Microsoft's new ATP might be a game-changer. What I've read sounds a lot like the Cisco appliance. But Microsoft has thrown a kicker in there by adding artificial intelligence. With Microsoft, I wouldn't have had to put in all the name combinations because it would interpret all the names I need it to interpret, even with characters and symbols. I haven't tried it, and I don't have plans at the moment to do so, but from what I've read, Microsoft is catching up.

There are some issues with Microsoft with their integration, simply because you pretty much have to go all-in with Intune, Autopilot — all those features and tools they have to get Microsoft ATP to work. And then you've got to buy the Microsoft 365 E5 license to get all of those security features.

If things are similar, it all comes down to cost and we look at that every year when we renew. What are we paying Microsoft in subscription fees and what is Cisco costing us? So far, Cisco's been cheaper than upgrading Microsoft to the license level we need. Our contract renews in November, so we'll look at it again. That's when we really delve into Microsoft's capabilities. We would want to make sure it would do everything Cisco is doing, before we would make a change, if Microsoft were price-competitive.


What other advice do I have?

Take Cisco up on the offer to walk you through the implementation. It's not that it's a necessity, but it certainly gives you a good feeling, when you're done, that you've covered all your bases. It gave me a good feeling that we covered this and we covered that and they showed me where things were. They give you a copy of the recording where you were on with them and went through everything. You can go back and watch it again later to review it. The same thing is true with their reviews every nine to 12 months. They record them and send you a copy of the recording so you can go back and look at it.

Take them up on that and be willing to sit there and just ask pertinent questions and make sure you understand as you go through it.

As far as the threat assessment analysis goes, what they analyze is what that the appliance decides to send them. That is part of the way it works. When it thinks it has found something and it's not certain, it sends that to Talos first. We don't even know it happened. They get a chance to review it and make a decision of yes or no: this should be stopped or we should go ahead and let it through. We have not leveraged anything other than that from the Talos threat management. We lean on them to help us make sure the right things come through. There have been several times that I have gotten an email as an administrator — you get these emails about statuses — that says, "This has been quarantined in the cloud until we can make a decision," and it will hold it. And once they make the decision, it either stops it or lets it go.

Something else that we're going to begin this year is a training solution to help our users understand what to look for.

I would give Cisco Email Security a nine out of ten. I would give it a 10 if it had a more intuitive interface and the artificial intelligence so we didn't have to do some of that manual stuff.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Enrique Diaz Jolly - PeerSpot reviewer
Owner at Jolly Security Inc
Real User
Top 5
Protects our customers with URL and Reputation Filtering

What is our primary use case?

I have experience as an SE for IronPort as well as a private consultant. I have used this solution in multiple environments.

How has it helped my organization?

I have been able to help customers improve their email security, both new customers purchasing Cisco Secure Email Gateway, as well as long-time users. 

What is most valuable?

The most valuable features are Advanced Malware Protection, URL filtering, and of course Reputation Filtering.

What needs improvement?

The reporting functionality needs to be improved.

For how long have I used the solution?

I have been using Cisco Email Security for nearly 15 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Email
August 2022
Learn what your peers think about Cisco Secure Email. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,548 professionals have used our research since 2012.
Regional ICT Security Officer EMEA at a energy/utilities company with 10,001+ employees
Real User
Customized filtering has been very effective and useful for us
Pros and Cons
  • "Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number..."
  • "We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems."

What is our primary use case?

We use it to secure our email system, to cut down on all the bad emails that we would otherwise receive. 

The reason for implementing the product was the huge increase in spam and junk mail which occurred when we were adopting these devices. There have been some changes in the way that email is delivered since then, and one or two of the major spam sources have been taken down or prosecuted or jailed. Today, we have less blanket-spam, but we have more targeted phishing emails or spear phishing.

The combination of emails with links that encourage users to give away their user login information can cause problems. When someone's account is compromised it can result in access to our global address list and access to emails that the compromised user may have sent. Therefore, they have details of the format and the style emails that our company uses. We have communication threads that they can take advantage of because they can inject their fake emails into an existing communication thread and try to fool a supplier or client into giving more information or, worst-case, giving money to the wrong person.

How has it helped my organization?

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

  1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
  2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

What is most valuable?

Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. 

Since then, customized filtering has been very effective and useful for us.

In addition, Cisco has developed the product with its Talos product. They've developed the Cisco Secure Email Gateway systems so that instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they're now providing has a lot of attraction because it helps to prevent phishing emails.

Things such as Sender Domain Reputation, which is a relatively new feature, are attractive because when there's a pop-up domain, which might be a look-alike of your own company domain, or it might be a look-alike for some other company like Microsoft, it gets a bad reputation, and the Cisco Secure Email Gateway systems will reduce the possibility of these emails delivering to the recipient's desktop.

What needs improvement?

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The system is very stable. We have had very little downtime and the system is, in general, reliable. 

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems. In general, we have had a good experience with this product. The hardware, given occasional failures, has been very reliable. There is an upgrade process for keeping the system running with the most current, recommended version of AsyncOS. We have had very few problems where an upgrade has gone wrong. We've been very pleased with the solution.

What do I think about the scalability of the solution?

The scalability is good because when you have appliances such as we have, if you have the infrastructure and the available resources, you can install additional virtual appliances. From the point of view of scalability, if there were a problem with performance, it is possible to add other systems or devices, even though they are virtual, and they all fall under the same control interface. They are all a part of the same cluster so they are all relatively easy to manage.

We currently have 11,000 employees and a large number of those users hold email accounts and email addresses.

We have a 24-hour operation because our company is located in 62 countries, so we have to respond relatively quickly because email is important. We have a department that deals with IT security and likely, at a minimum, we would have six people who have the capability to work on these systems. But in reality, because the systems are very stable, we have three or four people who regularly work on them. All the people who maintain the system are currently in the same department as me and all of them are considered IT security officers. They deal with other systems as well as the email.

How are customer service and technical support?

Cisco's technical support is, perhaps, taking a different approach to the way that IronPort managed systems. Cisco tends to try and answer questions or problems by email more, initially, rather than talking to someone on the telephone. Sometimes that's not quite as good as IronPort was. 

But, in general, Cisco is good in that when we have a question they will respond quickly. But equally, because we've had these systems for several years, there is a good pool of experience in our security team so that we don't regularly have to ask questions of Cisco support.

Which solution did I use previously and why did I switch?

We switched to using IronPort because it gives us a second line of defense from spam, phishing, and all the other problem emails. One of the reasons was that there was a major spike in the number of spam and junk emails that people were sending from when we first got these systems. 

The other system that we had was suffering from performance problems because it was being overwhelmed by the volume of emails that were being delivered to Fugro. The other product was still a good product, but it didn't have the performance to handle the volume of email. With the IronPort system being used as a first line of defense, it probably would have done everything that our previous system did, and we could have just removed it from our email processing.

However, we wanted to retain the old system because it had some nice features to do with additional email filtering. Having IronPort as a first line of defense was really good, and then, it was possible to do special filtering and other email reaping on this other system. The other system could then perform at a good level because it was not being overwhelmed by the huge volume of spam, junk, etc.

How was the initial setup?

The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware.

This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco Secure Email Gateway 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed.

We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries.

What about the implementation team?

Because we had the systems before Cisco bought IronPort, we used some assistance from the then-IronPort company for the initial set up. But our own personnel were involved in training courses, so most of the configuration was done by Fugro people.

The IronPort consultants were very good. Because the company was keen for business, they were keen to assist us. At the time, we were, perhaps, one of the more unusual cases because of the quantity of junk, spam, and other types of emails that were being sent to Fugro recipients. IronPort, at that time, was very responsive, very helpful, easy to deal with and, usually, very knowledgeable about the product.

What was our ROI?

It would be fair to say we have seen return on investment using this solution, but I'm not the person who spends the money or places the orders so I do not have detailed information on it.

Which other solutions did I evaluate?

We did evaluate other options, but it was a long time ago so I'm not sure I can remember which other options we considered.

What other advice do I have?

Having a good understanding of the product helps in the implementation process, so do some upfront training before you adopt the product. Be closely involved with Cisco support or the Cisco implementation team which will help to make sure that configuration is well adjusted and suited to your company.

I've used the product for more than ten years. Prior to that, it was IronPort. Cisco bought IronPort. We were using the IronPort products before Cisco bought them. We're currently using AsyncOS version 12.

We've used this product for so long, and we've been very happy with it, that we do not have a direct comparison against other products that are available today. That said, and accepting the fact that email security systems are not cheap, this product is still a front-runner and, combined with the new things that Cisco is doing, it has a lot of scope and capability. I would suggest this product would be about a nine, if ten is the best.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Information Security Analyst at a energy/utilities company with 501-1,000 employees
Real User
While the tool does a good job of blocking malicious emails, it does have limitations with its sandboxing
Pros and Cons
  • "We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this."
  • "The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working."

What is our primary use case?

It is an anti-spam solution, and we primarily use it for email anti-spam. It removes the spam emails, and we have our own manual filters to remove unnecessary or unwanted emails. So, it is working just fine.

We have been using the solution for more than three years. We started on version 9 and are currently on version 11.1.

How has it helped my organization?

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

What is most valuable?

We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this.

The notifications about why the emails were blocked is a good feature.

What needs improvement?

Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated.

The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working.

While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We expect 95 to 98 stability (perfection) in the product. 

We have one person doing maintenance, which is me. I handle this product along with three other security products. 

What do I think about the scalability of the solution?

We are currently utilizing all the features in the product.

We have 1100 users.

How are customer service and technical support?

The support is great. They are very fast with their responses and are very knowledgeable. Its support is available 24 hours. These things are very good.

Which solution did I use previously and why did I switch?

We did not use a solution prior to this one.

We were looking to automate most of the stuff related to email filtering, so the solution bought from IronPort (now a part of Cisco) was to reduce our workload.

How was the initial setup?

The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. 

It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security.

It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. 

What about the implementation team?

An implementation partner, SecureLink, helped with the setup. They did a good job and were knowledgeable in the product. But, as an implementation partner, they do not take responsibility for any failures of the product.

Cisco helps with the day-to-day. 

We set up the filtering options ourselves.

What was our ROI?

We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company.

What's my experience with pricing, setup cost, and licensing?

It is not that costly. We pay for the solution through a contractor and pay an annual fee.

Which other solutions did I evaluate?

We are currently using two different email security products, which is how we are able to identify the pros and cons of Cisco Email Security. We use a similar product called FireEye. It can detect based on sandboxing. Anything bad that it sees, it will detect. It is not based on file extension or file types. Recently, we have been able to block with it using some type of file extensions or hash.

What other advice do I have?

I would recommend to use Cisco Email Security first as your email filtering solution, but do not rely on it as your only solution. 

I like the product because it is very easy to work with or we can make it complex if we want.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Muhammad Qureshi - PeerSpot reviewer
Network Security Consulting Engineer at a manufacturing company
Real User
Multiple content filters, such as DKIM, are among the key aspects of our email security
Pros and Cons
  • "The most valuable feature is the different content filters we are using, such as DKIM."
  • "We would like to see more options for the customization of content filters."

What is our primary use case?

We have around 500 to 600 users and we use it for services like Anti-Spam, Advanced Malware Protection (AMP), and scanning. We are also using also multiple content filters, and it's working pretty well for us. In combination with Cisco Secure Email Gateway, we are using Trend Micro.

How has it helped my organization?

Before we had Cisco Secure Email Gateway, so we had more spam emails. In fact, we had some other solutions in place, but there was more spam going to the Exchange Server when we compare between we didn't have Cisco Secure Email Gateway deployed and when we deployed it. We cannot say it's 100 percent, but we're covered for 90 to 95 percent of spam. No spam is going to the user right now.

What is most valuable?

We are using almost all the features because they are necessary to protect emails. The most valuable feature is the different content filters we are using, such as DKIM. 

The Anti-Spam feature is also valuable for us because, most of the time, we notice that what is coming in is spam, and the Anti-Spam filter works very well. That's one of the features we like most.

What needs improvement?

We would like to see more options for the customization of content filters.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability of the solution is very good. They always come out with very stable versions of firmware and it has never caused any issues.

What do I think about the scalability of the solution?

Cisco Email Security is working well for us, but we currently have no plans to increase usage.

How are customer service and technical support?

Technical support is very fast to respond. They are well-trained and experienced.

Which solution did I use previously and why did I switch?

We were using Trend Micro and we are still using it now that we have Cisco Secure Email Gateway. Cisco's solution is more efficient and provides more options. For us, it also creates one more layer of security.

How was the initial setup?

The initial setup was pretty straightforward. The basic mail policies were very easy to set up, but tuning the email flow and blocking certain things according to particular requirements takes time.

The initial deployment took about a week. Our implementation strategy was not to stop the mail flow while implementing adequate security features, including Anti-Spam, AMP, and AV.

Deployment and maintenance requires one engineer, maximum.

What about the implementation team?

We used an integrator. I was not involved directly.

What's my experience with pricing, setup cost, and licensing?

Licensing is done yearly, but I am not involved with purchasing side of things.

Which other solutions did I evaluate?

Cisco Secure Email Gateway was our first choice.

What other advice do I have?

This is a great product with wonderful support. You won't have any issues.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Information Security Analyst at a healthcare company
Real User
Black-listing and white-listing are highly intuitive and easy to do
Pros and Cons
  • "It has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked."
  • "It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance."

What is our primary use case?

It's our primary enterprise email gateway. It's the first stop for edge email security.

How has it helped my organization?

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

What is most valuable?

One of the nicest things is that parts of it are highly intuitive. For instance, black-listing, white-listing, and things of that nature are very easy to do and they're very intuitive. You wouldn't even need any training to be able to perform those actions straight out-of-the-box. 

Even though it's not perfect, it has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked. Again, it's not 100 percent, but out-of-the-box I didn't have to touch it, I didn't have to tune it, I didn't have to tweak it. I believe it leverages the threat-intelligence database and does what it needs to do in making sure that the bad stuff stays out and virtually all of the good stuff makes it through.

What needs improvement?

We find bugs, just like anyone else. We bring them to Cisco's attention. 

If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult.

But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment.

There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's been stable. I don't have to do anything with my email gateways. They chug along and they do what they do. They don't always get it perfect, but I have never had one fail on me. And I've never had a problematic appliance that I'm aware of. We had Proofpoint for a lot longer, but if I were to compare the percentages, I would have to say that the stability of Cisco appliances is superior to that of our previous Proofpoint environment.

What do I think about the scalability of the solution?

We haven't had to address scalability. The umbrella IronPort is broken down into two halves: email security and web security. I haven't had to deal with the scalability of the email security at all. But since they're both under IronPort, I have had to deal with scalability on the web security end. Relying on some of that experience, my assumption is that the way it worked for the Web Security Appliances is probably pretty similar to how it works for the Cisco Secure Email Gateway. With that in mind, I can say that scalability is not an issue. It's as easy as just bringing another Cisco Secure Email Gateway into the cluster.

In terms of plans to increase usage, if you ask any enterprise they're going to tell you, "Yes, of course, we're going to grow, and as we grow we're going to use more." And the reality is, any growing enterprise is going to utilize email more and more. As the landscape morphs and changes, so do your rule sets and the features available to you on these appliances. Will we be using it more and more? Absolutely. Will it be a daily thing? Absolutely. I'm in these appliances every single day, taking a look and tuning where necessary and trying to find more efficient ways to handle the email traffic flow. It's safe to say that for any enterprise that's going to be the case.

Which solution did I use previously and why did I switch?

We were using Proofpoint and then we switched to Cisco. As I mentioned above, reportability was one of the main reasons we switched, but the biggest one was cost. If you can get an equivalent functionality for a better price it's wise to do so. That's what our primary decision came down to: We could get equivalent functionality at a lower price point.

How was the initial setup?

There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. 

When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. 

Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do.

The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today.

In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was:

  • run in parallel
  • send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to 
  • and then we staged it a little bit more. 

We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over.

Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. 

In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. 

One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No.

What about the implementation team?

Since we are using Cisco cloud appliances, we had to have Cisco's involvement. They brought up the cloud appliances, where the initial configuration is done, and then we were the ones who started doing the final configurations, the moves and the migrations, as we entered the testing phase. We then moved more toward the final production move.

In terms of our experience with Cisco reps, I can speak on it more broadly as well, not just from a shear email-security perspective. When implementing a Cisco product, they're great in those initial stages. You get that expert help and it's a relatively smooth bring-up. For the things that go wrong, you have a Cisco person working with you who has the answer or knows who to go ping to get the answer. It's really nice.

That changes a little bit as time goes on. Once that expert is no longer helping you with your initial bring-up, then you rely more on the vendor's support matrix to get your solutions further tuned and to work out the little wrinkles as you experience them. Of course, it is universal - I haven't seen an example where this is exception - that this process is less smooth. 

As far as initial bring-up goes with Cisco, it's very smooth. Once that expert is no longer working with you on the bring-up and you run into issues and need to get help, that's less smooth. It's less smooth in that when you call any vendor's support line you get varying degrees of expertise. The same challenges are experienced with any international company where there could potentially be language barriers, based on where your call gets routed for support. That can slow the whole process down a bit.

That's just a reality of today's world, but it's workable. Unfortunately, it's a rather normal thing but there are different skillsets depending on the individual you're talking to, and then, depending on what the issue is and how complex the issue gets, your time to resolution may end up dragging out a lot longer than you had originally anticipated.

Which other solutions did I evaluate?

Our top-three choices were considering staying with Proofpoint, as well as Cisco, and Microsoft. We were looking at the bigger names.

What other advice do I have?

In retrospect, I would probably want to talk to someone like myself. I'm now using Cisco security appliances and I can see how someone like me in another agency would benefit from talking to me about: "Hey what do you see? How's it going? What have your experiences been with the product?" If you can, find someone who is actually using it and talk to them.

In addition, it really depends on where you're coming from. The learning curve is going to be there regardless, because it's a new product. But if you're coming from a smaller email security platform up to this one, the learning curve is going to be steep. You may actually want to invest the time and the money into some additional training. Don't neglect that because if you just try to rely on Cisco support you're going to notice pretty consistent slowdowns. If that's okay, then it won't be an issue. Of course, it's always okay until something urgent comes up. If you're trained up, you can handle it yourself. Nobody knows everything, but it's in your best interest to know as much as possible. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Information Security Administrator at a tech vendor
Real User
The logs, configuration, and monitoring were all key features for me
Pros and Cons
  • "There were detailed logs available. That was a seriously good feature... It turns out these were actually spoof emails that came into our environment. I got to know about them from the log system."
  • "They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters."

What is our primary use case?

We used Cisco Secure Email Gateway to filter spam. My overall experience with Cisco Secure Email Gateway was pretty good. No major issues were reported in my time. It worked fine for me.

What is most valuable?

One of the most valuable features would be the logs. There were detailed logs available. That was a seriously good feature. There were cases in which some spam mails penetrated through Cisco Secure Email Gateway; users reported that these were spam. The support was also good from Cisco. I got in touch with support and they helped us. It turns out these were actually spoof emails that came into our environment. I got to know about them from the log system. I was able to create a filter as a result.

For me, the ease of use was good. From the logs, from the configuration, from the monitoring perspectives, it was all good.

What needs improvement?

They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters. They can definitely work more on that.

They can also work on the updating of the appliance. We had to do it once, when I was part of the engineering team. We had to update to a later version. It was complicated for me. I had to follow the instructions without understanding anything. Maybe there was pressure that caused me to not and understand them properly, but it was still complicated. The documentation was not there when we tried to update it. It may also have been due to my lack of experience. If I had done it twice or three times, I might have become accustomed to it and have done it more easily.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It was very stable. My experience with that version of it was really great. Apart from the improvement needed to the filters, it was all good.

What do I think about the scalability of the solution?

We added one appliance to the platform and upgraded one to a newer version. The company did it quite easily. I was not part of that implementation, but the another guy told me that it was quite easy to do.

There were no plans to increase usage of it in that company at the time I was there. It was used by about 800 users and, since all of the users were using it and the organization was limited, everybody was already onboard. We had licenses for all of the users. It was all well designed from before. Apparently, they had to procure licenses for 200 to 300 more people, but that was after I left the organization. I didn't see what happened at that point.

How are customer service and technical support?

Technical support was really good. There were two cases where we raised priority tickets and they responded well. They even helped us on Saturdays. Support was good.

Which solution did I use previously and why did I switch?

When I got there, Cisco Secure Email Gateway was already implemented. We were only tuning it. Before my organization took over the operations for that bank, it was being taken care by someone else. I don't know what was implemented before that.

How was the initial setup?

In terms of updating the appliance, once we set it up, it completed by itself. It was automatic mostly, but we took one night's worth of downtime. It completed in one to two hours. There were two people involved in doing the update.

We had a cluster set up, one to five devices, three in the DC and two in DR. It took only two people. For me, it was complicated. The other guy was very experienced on it. He had so much implementation experience on the appliance and he was able to guide me through it.

We did the DC first and failed over to the DR. Then we failed back and did the DR.

What was our ROI?

I don't know directly, but since there was nothing major that happened, I don't think the ROI was bad. What we're looking for is value. There should be no hampering of production and there was nothing like that, so the ROI should have been good.

What other advice do I have?

Implementing it and support are good. Using it is also good. What remains is the technical expertise of the people who would be administering it. The thing you should have in mind when implementing it is that you have adequate resources, trained and skilled on this appliance so they can manage it. I was not that good. I was not that good with it at the time I started working on it. I had a few difficulties. I was lucky that nothing major happened during my time. Apart from that, the appliance itself was really good.

Considering the support and all the parameters I have talked about, I would give Cisco Secure Email Gateway a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MichaelLawrence - PeerSpot reviewer
Network Security Engineer at Konga Online Shopping Ltd
Real User
Helped with mail filtering and load balancing between Exchange servers
Pros and Cons
  • "Users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification."
  • "One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances."

What is our primary use case?

The primary use case was for email security and load balancing between Exchange mail servers.

How has it helped my organization?

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

What is most valuable?

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

What needs improvement?

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the Cisco Secure Email Gateway in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if Cisco Secure Email Gateway and WSA could be brought together, it would make a better appliance, one wholesome appliance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

From my perspective, it's pretty stable. We didn't have any issues.

What do I think about the scalability of the solution?

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two Cisco Secure Email Gateway boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

How are customer service and technical support?

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

How was the initial setup?

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

What was our ROI?

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

What's my experience with pricing, setup cost, and licensing?

There were no other costs in addition to the standard licensing fees.

What other advice do I have?

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco Secure Email Gateway at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
John Agunbiade - PeerSpot reviewer
Network Security Engineer at a tech services company with 11-50 employees
Consultant
Enabled us to set rules to block spam, and the user interface was easy to use
Pros and Cons
  • "The user interface was quite friendly, it was quite easy to use, unlike some other Cisco products. Anybody could use it. You don't have to be familiar with IT to be able to handle navigating it."
  • "We didn't get any malware, but a few phishing emails, maybe one or two, slipped in."

What is our primary use case?

My primary use case was email security, to protect against phishing mails, spam, malware, and viruses. 

How has it helped my organization?

We used to get emails with viruses that would impact the business or we would get emails with malware. We were able to scan the email and clear it or block emails with viruses. That was the business justification. On a weekly basis, it was blocking about 2,000 or 2,500 emails.

It protects you, it protects your network, it protects you from phishing emails and malicious content and the like.

What is most valuable?

The most valuable feature was the anti-spam feature. You could set rules to block emails based on specific words like "pornography," "sex," "guns," "violence." That was one thing I liked about it. With the anti-spam, we didn't get all those emails.

Also, Cisco was scanning our emails with their own intelligence. I liked that.

Finally, the user interface was quite friendly, it was quite easy to use, unlike some other Cisco products. Anybody could use it. You don't have to be familiar with IT to be able to handle navigating it.

What needs improvement?

There were a couple of access issues.

Also, they need to keep their intelligence top-notch. I remember a particular phishing email that came through to my then-CEO. So they could improve on their intelligence.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's quite stable. We didn't have issues because, when I think about the issues, they were from us. The two boxes were in cluster, so when the guys at the other site would start without telling us, we would get cluster error messages. Apart from that, it was fine.

What do I think about the scalability of the solution?

In terms of scalability, I'm pretty much sure we could go as high as 1,500 users.

How are customer service and technical support?

The support is great. It's one of the best, if not the best. If you have a particular issue, Cisco can SSH tunnel into your box and help you fix it. As long as we had a running contract, their response time was five minutes, tops. 

If you don't have a running contract but there is a security issue, say malware, for example, they'll respond. But if it has to do with hardware, they don't respond. They'll tell you to get a contract before they'll respond. It depends on what the issue is.

How was the initial setup?

The deployment was quite easy. We wanted it with high-availability. It wasn't a greenfield, it was just an upgrade. The initial deployment had been done before.

The GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is. It's pretty simple, a very easy-to-use GUI. If you want to buy licenses, you want to check the status of your licenses, you want to check the status of your box, you want to check the environment, it's very simple.

The upgrade took me about 30 minutes for each box. It was just me involved in the upgrade.

What was our ROI?

The ROI is about business continuity. If you get hit by malware through an email, you'll understand. Email security is a must-have; not necessarily Cisco Secure Email Gateway, but email security. It can come from any vendor, as far as I'm concerned.

What's my experience with pricing, setup cost, and licensing?

The licensing was not per user, the licensing model was per feature. You could choose anti-virus, anti-spam, etc. It was feature-based and charged yearly. Aside from the standard licensing fees, you have to pay for support.

Which other solutions did I evaluate?

After using Cisco Secure Email Gateway we used Trend Micro. The difference between them is just the vendor. There's really no difference. Same approach. It's the same technology. I would say Trend Micro is more granular. But overall, It's the same technology. I don't think one is better than the other. Who you buy from depends on marketing.

What other advice do I have?

Email security is a must-have, and as much as the cloud providers will tell you they have security, from our own experience, the vendors' security products are a bit superior. The reasons I chose Cisco Secure Email Gateway are the interface is - it's easy to use - and the support is great. Also, it's nice to have another gateway, not just the Cisco Secure Email Cloud Gateway because it has proven not to be enough.

The organization I was working in where Cisco Secure Email Gateway was implemented had about 700 staff members, roughly 700 email boxes. There were no plans to increase usage of Cisco Secure Email Gateway at that organization. The reality now is that if your emails are on O365, O365 offers you some form of Cisco Secure Email Cloud Gateway. For most organizations, they're looking for business justification to keep Cisco Secure Email Gateway when Microsoft, for example, is offering cloud protection for your mailboxes on O365. In a case like that, you really don't expand business on Cisco Secure Email Gateway. Now that mailboxes are no longer on-prem, and the cloud provider is offering you email security, the way they sell is that you cannot say have your email on the cloud without paying for cloud security. There is really not much expansion on Cisco Secure Email Gateway from a business standpoint, if your mailbox is with a cloud provider.

I would give Cisco Secure Email Gateway an eight out of ten. We didn't get any malware, but a few phishing emails, maybe one or two, slipped in. There is really no vendor, in my experience, that I would rate at ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ed Dallal - PeerSpot reviewer
Founder, CEO, & President at Krystal Sekurity
Consultant
Adds another security layer without slowing down the business or network performance
Pros and Cons
  • "The most valuable features are protection against ransomware and spam."
  • "The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user."

What is our primary use case?

Our main deployment is for a shipping company. We're protecting their local Exchange Server and their online Exchange email.

How has it helped my organization?

It means less malicious email, fewer interruptions, and less risk. It actually circumvents malicious emails; rather than getting to the users, the users don't see them. End of story. There's a risk without it. The user might get the email and might click on the link. Once that happens, they are toast, as is the network.

The number of malicious emails it blocks differs from one company to another. It depends on the volume of email they get. I would say on average, depending on how many users there are, it could block 1,000 emails a day.

What is most valuable?

The most valuable features are protection against ransomware and spam. Those are the main two features. It also adds an additional layer to your networks. Cybersecurity isn't a comprehensive solution. You have to keep on adding layers without disrupting the flow of the business. The Cisco Secure Email Gateway does that, where it adds another layer without slowing down the business or the performance of the network.

What needs improvement?

The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user.

The solution has flexibility. I think they are working on improving it as we speak. They're responsive to the feedback we give.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's very stable. We haven't had any issues or downtime.

What do I think about the scalability of the solution?

It's very scalable, especially the cloud version. You can get up to about 100,000 users on the appliance but the cloud version is more flexible. When you do scale it up you don't see slower performance.

In the largest environment in which we've implemented it, there are 200-plus users. It's utilized by 100 percent of the users. It's not at 100 percent capacity.

How are customer service and technical support?

Their technical support is very good. We haven't had any issues. Their response is very prompt and they are very knowledgeable.

How was the initial setup?

The initial setup is straightforward. There are two flavors. There's the cloud-based and the appliance. With the cloud-based solution you just point your email server to the IP address in the cloud. With the appliance, you just install it into your rack and connect it to the Exchange Server. The cloud deployment takes about ten to 15 minutes, and the appliance, because you have to install it, takes about 60 minutes.

It requires just one person for deployment. It doesn't require anybody for maintenance. You just set it and go.

What was our ROI?

The return here is more security and fewer interruptions. It's more stability and productivity versus less productivity, although I'm not sure how you can quantify it.

It's a time-saver. If you get interrupted by ransomware or a hack, it could be costly. Every breach, just the cybersecurity breach, on average costs at least $65,000 to fix, let alone the interruption in work and retrieving data, according to industry sources. You could say that you're minimizing your costs by $65,000.

What's my experience with pricing, setup cost, and licensing?

Licensing costs depend on how many users there are. It could range between $5 and $7 per month, per user. There are no costs other than the standard licensing fees.

What other advice do I have?

There is no totally comprehensive solution in cybersecurity. I find Cisco Email Security to be comprehensive, but it's not 100 percent. There is no silver-bullet solution when it comes to cybersecurity. You better keep on adding protection layers to your network. Don't think you're not going to be a target. As a small or medium business, you will be targeted. It's so easy to get through a firewall nowadays. One layer of cybersecurity is not going to do it. You need to add two, three, four layers. 

It's just like going to the airport. The first thing you see is the check-in desk. They check who you are, that you have valid credentials, where you're going and why. Then you go through the scanners. Then you go through another layer of security. Once you get through, you're also being watched to make sure that you don't become "malicious." There are a lot of layers.

I would rate the solution at nine out of ten. What comes to mind when giving it that rating is ease of use. Just set it and go. A better UI would make it a ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Setu Bandhan Saha - PeerSpot reviewer
System Administrator at a financial services firm with 1,001-5,000 employees
Real User
Because we can customize policies with it, we have good documentation
Pros and Cons
  • "I can customize the configuration and policies."
  • "The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI."

What is our primary use case?

It's pretty normal daily incoming and outgoing emails. We have customized policies based on our security measures using this tool to scan the emails in our inboxes. We also check all incoming emails.

How has it helped my organization?

Because we can customize policies with it, we have good documentation.

What is most valuable?

I can customize the configuration and policies.

What needs improvement?

There should be some type of help section that can help us configure clients' emails. Sometimes, we just need to customize the quality. 

The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI. 

It's very difficult to configure at that time. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I have had no complaints with the stability.

What do I think about the scalability of the solution?

The scalability is quite good. We have three administrators using it. The product is serving around 2000 to 3000 people in our environment.

How are customer service and technical support?

The technical support is quite good. Whenever I need them, I just raise a case, then someone responds. I have no complaints.

How was the initial setup?

The implementation is quite straightforward, but the customization can is a bit difficult. It took us three hours to implement and three to seven days to configure.

Before implementing, we had to design a new program.

What about the implementation team?

We had a partner who did the deployment and customization, who was very good. Also the Cisco support was there, so anything that we felt uncomfortable with, or when we could not understand policy, we just raised the case, and they helped us with it.

From our end, three to four people were involved in the deployment.

Which other solutions did I evaluate?

We are also using Sophos Email Appliance in conjunction with Cisco Email Security. We use them both together as a solution.

What other advice do I have?

Overall, it is a very good product, and I'm very happy with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rizwan Siddiqi - PeerSpot reviewer
Network Security Consultant at a tech services company with 51-200 employees
Real User
Blocks bulk marketing messages and spam
Pros and Cons
  • "It blocks bulk marketing messages, graymail, spam, and provides advanced malware protection."
  • "I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services."

What is our primary use case?

We use it for email filtering, spam filtering, for phishing attacks, malware, and forged-email detection. We also use it for outbound message control, to filter attachments that are allowed to be sent and attachments that are not allowed to be sent. It's for data loss protection.

How has it helped my organization?

It saves a lot of time wasting. For example, phishing attacks distract a user's attention, and forged emails waste a lot of time. A user can lose data. This solution helps protect user data.

What is most valuable?

It blocks

  • bulk marketing messages
  • graymail
  • spam

and provides advanced malware protection.

What needs improvement?

I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services. Some vendors, like Fortinet, have this feature in their firewalls, the FortiSandbox.

What do I think about the stability of the solution?

It's a very stable product. We hardly have any issues. Issues are mostly around license activation and the like. It's a reliable product and very popular here in the Middle East.

What do I think about the scalability of the solution?

It's scalable. A medium-sized business would go with a C370 while a small business would use a C190. We are able to migrate users from lower-level to higher-level products. Scalability is not a big issue for this product. The same configuration can run 500 users and 3,000 users.

How are customer service and technical support?

The few times we have contacted technical support we have received very good performance from them. This is one of the strong points. They have very good technical support. They provide timely responses. Technical support is very good from Cisco for every product.

How was the initial setup?

The setup is very straightforward. It's very simple to install. It hardly takes 30 minutes.

There is a strategy for deploying, like determining how many users' emails do you want to pass through it. There is a long document, we call it High-level/Low-level deployment. And after that we, pass emails through from the Exchange Server, incoming and outgoing, to configure the kinds of emails the product should filter.

A deployment requires a maximum of two people: One is a network engineer and one is an Exchange system administrator, so if he wants to he can configure rules according to his requirements.

What's my experience with pricing, setup cost, and licensing?

Pricing depends on your environment and which model you want to buy.

What other advice do I have?

You need redundancy. If you have a standalone setup there is a risk of failure. If that goes down you lose email communication.

We have deployed this product for multiple customers in the Middle East, in the UAE, particularly in Dubai. We have many customers using this product, mostly medium-sized enterprises.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Network Engineer at a hospitality company with 10,001+ employees
Real User
Integrates with Active Directory and we can limit specific users to specific applications
Pros and Cons
  • "It integrates with Active Directory and we can limit specific users to using specific applications."
  • "The hardware is not up to the mark. Two to three times a year we have complete downtime."

What is our primary use case?

We are using two security appliances. One is a web security appliance, IronPort, as well as the Cisco Secure Email Gateway. They are used for web surfing.

How has it helped my organization?

We need to differentiate among users with specific boundaries. Some users have full access and some users only have limited access. That is what we are using it for.

What is most valuable?

It integrates with Active Directory and we can limit specific users to using specific applications. 

What needs improvement?

I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side.

Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now.

For how long have I used the solution?

Three to five years.

What do I think about the scalability of the solution?

The scalability is really good for multiple users. There is no issue with the scale. We have 300 to 400 users.

How are customer service and technical support?

Technical support is really good. As far as I know, whenever we need it, they help us very well. Within half an hour or an hour of our call, we get technical support to WebEx us, depending on the situation or the issue. That's pretty quick.

How was the initial setup?

The initial setup was straightforward. There was nothing complicated. It doesn't take more than two engineers. When it comes to the software, if there is good coordination between a Cisco guy and an email-server guy, the two of them would be enough to implement it.

It was really easy to implement. Even a newcomer joining the company could easily implement it. There is nothing complicated in the device. It can be easily implemented without headaches.

What's my experience with pricing, setup cost, and licensing?

We took a three-year license. In addition to the standard licensing, there is a cost for SMARTnet as well. That is necessary because the hardware device is not stable at all. So if anything goes wrong we have two appliances to use. With SMARTnet, Cisco will send a new device within a week.

Which other solutions did I evaluate?

We are looking for a solution. We are in communication with other vendors to integrate with Email Security or to provide us a new solution.

What other advice do I have?

The Cisco Secure Email Gateway, in my opinion, is a really good device. In terms of configuration of the software, it's just click, click, and you are done. If you have redundancy then you are in safe hands. It's a very good solution for email security.

We could be changing the appliance. I have heard from someone that Cisco has released some appliances for email security. I believe we need to try this. We may change our existing device and move to a new Cisco technology. We would keep the software. We usually upgrade it based on the newest versions.

Until now, I haven't seen any breach or any attack on the Cisco Secure Email Gateway.

Overall, I would rate this solution at nine out of ten. I could give it a ten if the hardware was better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sofiane Medhkour - PeerSpot reviewer
Head System /Solution Architect at sorfert
Real User
This product has made my on-premise messaging platform more secure
Pros and Cons
  • "Because we scan products, and there is a lot of critical data, security is very important in these cases."
  • "It sends us reports, where we can see if there have been attacks, e.g. DDoS. If so, we can switch to a clean IP."
  • "The initial setup was complex because I have two sites with physical clusters."

What is our primary use case?

i'm usining it as frontal gateway for controlling and securing the mails flows to my on-premises exchange servers

How has it helped my organization?

This product has made my messaging platform more secure. it contain and extended security feature ,policy rules for filtering , and multiple engine for scaning add to that encription , security is very important for critical business with data inhouse.

What is most valuable?

after doing a third party pentesting, they found the security at a high level regarding the messaging security part testing,and the only recommendation they gave and need improvement is adding the sendboxing, for those attack ranked at zero day attack, which can't be detected.

knowing i'm using premium licensing, i checked the Advanced Malware Protection (AMP), which is on-demand feature, i found that, this feature act like a sendboxing

What needs improvement?

With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is currently stable. I will upgrading next year, but the current version has been working great for six year.

We have two people (system administrators) performing maintenance for the system and security part for the company.

What do I think about the scalability of the solution?

Everything is fine with the scalability.

We have 400 users on this product, with two site, 2 physical appliance in one site and one physical appliance in the second site the three working as a cluster, and next year, we plan to increase our usage and move to the newer physical appliance version. because those we're using , are arriving to them end of life soon.

How are customer service and technical support?

The technical support is good.

Right now, I am paying for it, but I don't use it because the solution is stable.

Which solution did I use previously and why did I switch?

I have previously used McAfee, Kaspersky, TrendMicro, barracuda, websense.

How was the initial setup?

The initial setup was complex because I have two sites with physical clusters. and i made it alone during the working hour without interruption.

The length of deployment will depend on the complexity of your infrastructure and your knowledge.

What other advice do I have?

This product is the complete solution and the real deal.

I am using the on-premise version.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Email Engineer at a legal firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
The most valuable feature is the policies or rules that you can put on it
Pros and Cons
  • "At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage."
  • "I would like them to add some clustering or high availability features."

What is our primary use case?

It is just another level of protection that we use, as far as email is concerned. We use it for different policies or as another scanning engine, e.g., on the desktop or for data coming through another email gateway.

How has it helped my organization?

At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage.

What is most valuable?

The most valuable feature is the policies or rules that you can put on it. This definitely helps with routing specific things to different destinations within our organization, or even potentially blocking when something is coming in and out, to where you can't do this on an email server or on our other email gateway. It's just not possible.

What needs improvement?

On their roapmap, they are looking to integrate with different cloud features, like Office 365.

I would like them to add some clustering or high availability features.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is very stable. I haven't had any issues with memory or CPU. I haven't had any unstable performances from any of the appliances. Initially, we had physical appliances, then we went and upgraded to virtual appliances at some point. However, even the physical appliances were pretty stable.

I did run into one issue at one time where I had to shut something off. It was a bug, but being down for an hour or two is just two costly for our firm.

Deployment and maintenance is handled by two people (email engineers).

What do I think about the scalability of the solution?

Scalability is good. We have four appliances total clustered, two in one data center and two in the other. The ability to increase is definitely doable, and it's helpful if you need to do that.

We are a legal firm with close to 2000 employees.

How are customer service and technical support?

Technical support is definitely good. The turnaround time to speak to someone is very good, as well.

Which solution did I use previously and why did I switch?

We had another appliance (Axway MailGate) and switched because it was outdated. Also, their support model wasn't that great. They were difficult to get a hold of after six or seven in the evening.

How was the initial setup?

The initial product setup was easy. However, it was a bit more complex on our side because of some of the rules that we had set up on a previous appliance, which was not Cisco. Trying to match some of those to Cisco was a little complex. We had some consultants help us out with that. Overall, it wasn't too bad.

The deployment took three to five days.

What about the implementation team?

We worked with a partner consulting firm, Presidio, who very useful and helpful.

We did a proof of concept first off, then did a hard cut over on the weekend.

What was our ROI?

For what you get for the product, the support, and the overall stability, it is definitely a good return on investment.

What's my experience with pricing, setup cost, and licensing?

We do annual licensing for Cisco Secure Email Gateway and SMA together, and possibly SmartNet support. Packaged together, the cost is just under $38,000.

Which other solutions did I evaluate?

We looked at two or three different vendors. One of the solutions that we looked at was a virtual Linux-based appliance. We did evaluate that and a proof of concept around it. However, it wasn't as robust as Cisco, as far as features and high availability.

What other advice do I have?

Give it a chance. If you can do a proof of concept somehow to rate it against other competitors which are out there, look into it because it is a good product.

I haven't upgraded to version 12 yet.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Senior Network Administrator at a tech services company
Real User
We use it to receive, send, scan, and filter our incoming and outgoing email
Pros and Cons
  • "The system enables end users to manage their own whitelists/blacklists."
  • "The system provides our service desk with the means to troubleshoot email delivery issues with ease."
  • "Administration of the email domains and custom filters are easily done via the web interface."
  • "The user interface could be updated."
  • "Better dashboards and more interactive overviews would be nice, but the current functionality is sufficient."

What is our primary use case?

The Cisco Email Security Appliance is being used as the primary email gateway for our datacenter. We use the Cisco Email Security Appliance to receive, send, scan, and filter our incoming and outgoing email.

We use the Talos Threat intelligence to filter out known 'bad' email sender. The Sophos Antivirus plugin for antivirus scanning and the DKIM signing for our outgoing mails.

How has it helped my organization?

The system enables end users to manage their own whitelists/blacklists and provides our service desk with the means to troubleshoot email delivery issues with ease.

What is most valuable?

On-box DKIM and DMARC features let us secure our email flows and reduce the risk of our domains being used for spamming.

Administration of the email domains and custom filters are easily done via the web interface.

What needs improvement?

The user interface could be updated. Better dashboards and more interactive overviews would be nice, but the current functionality is sufficient.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

The Cisco Email Security Appliance has enabled us to reduce spam by at least 30% compared to our previous solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user404388 - PeerSpot reviewer
Head of Department IT Security & Network at a energy/utilities company with 1,001-5,000 employees
Real User
We're now protected against spam emails.​ The CLI needs to be improved.

Valuable Features:

  • Facility of management
  • Documentation

Improvements to My Organization:

We're now protected against spam emails.

Room for Improvement:

We use the CLI for management, but it's not very good. It's based on Java and it's very difficult to use.

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

It's very stable. We've had no issues with instability.

Scalability Issues:

The scalability has been OK.

Initial Setup:

We had to configure it, but it wasn't complex.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user433407 - PeerSpot reviewer
it_user433407IT Infrastructure Engineer at a tech company with 11-50 employees
Real User

FortiMail advantages:
no per user mailbox pricing;
three modes of deployment (Server mode--fully featured e-mail server & e-mail protection, Gateway mode-- e-mail protection and Transparent mode--No changes required to existing MX records and MUA/MTA configurations );
not need for third party antivirus licensing
higher spam detection percentage based tests and certifications by Global Third-Party Certification Authorities

it_user6381 - PeerSpot reviewer
Manager of Infrastructure at a manufacturing company with 51-200 employees
Vendor
Solid 1U appliance, but we had problems with the XML file rule not working

Valuable Features:

We chose Cisco Iron Port as it delivers strong email security protection and our company needed it to protect the company's email systems from spam, email viruses, .exe files, unwanted email from unwanted sender etc. For this, we choose Cisco Iron Port c160. Cisco Iron Port is a solid 1U appliance, no need for additional hardware, easy to plug into existing network. Email channel protection worked across the board without regard for which email client we used. When Cisco engineers became aware of the XML file rule not working as designed they immediately recorded this in their internal issues database and provided us with an issue ID. More significantly, they quickly supplied a workaround that allowed us to block XML files using a different type of rule.

Room for Improvement:

More than a few steps are required to apply rules and these are not essentially intuitive. Even though we were able to get real-time event information from the email logs, it would be nice if the higher-level journalism tools could synchronize more quickly. Price might be an obstacle for smaller networks. Need to reduce the price so that small organizations can use this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user3882 - PeerSpot reviewer
IT Administrator at a tech services company with 501-1,000 employees
Consultant
Simple to add to our network and efficient to troubleshoot

Valuable Features:

• Cost-effective since they do not require extra hardware • They are simple to plug into the available network • Protection of mail channel works well regardless of the email client used • Efficient to troubleshoot

Room for Improvement:

• Requires several actions to employ rules • It takes time to harmonize information from the email log events with higher level reporting tools

Other Advice:

Security risks presented by web-based malware, spyware and web traffic exposes organizations to compliance and productivity dangers introduced by improper usage of the web within the organization. IronPort allows visibility into the problem and an easy way to pinpoint policy offenders. It includes a user friendly interface and easy content incorporation, filtering and reporting infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user386826 - PeerSpot reviewer
it_user386826Distribution Systems Analyst at a pharma/biotech company with 1,001-5,000 employees
Vendor

I would not suggest Cisco Ironport to anyone, just installed a 40mb circuit and it's not going well pings to 108.171.131.161 are just sad. We are reviewing the configuration but overall it is just a waste of our time and money. I'm not impressed at all...

See all 2 comments
it_user2871 - PeerSpot reviewer
Network Engineer at a university with 51-200 employees
Vendor
Cisco IronPort is a powerful device that adds more to traditional Cisco NAC appliances the capability to defend against application and operating system attacks

Valuable Features:

Our company was facing a problem of user complaints with network performance despite the fact that we used Cisco ASA and Cisco IPS. When we scanned the mail server with antivirus we found a lot of threats that couldn't be treated, so we need to use IronPort. Cisco IronPort mail security was very helpful by blocking threats, viruses, worms and Trojans from attacking the mail accounts and user PCs.

Room for Improvement:

-Added cost and delay to the network traffic, but performance did remain stable. -Requires knowledge and operation time to manage an added security device to the network devices besides IPS and ASA.

Other Advice:

Cisco IronPort is Cisco's new network access controller (NAC). Cisco IronPort email and web security products are used online with the firewall Cisco ASA and Cisco IPS to filter attacks, threats, phishing and data loss.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Email Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Product Categories
Email Security
Buyer's Guide
Download our free Cisco Secure Email Report and get advice and tips from experienced pros sharing their opinions.