Cisco SecureX Reviews

We use a lot of different Cisco security products to protect different areas of our entire infrastructure. SecureX basically gives us a single pane to all those products. We were trying to avoid going from product to product to product to product, either to research security events or just look at overall performance of those. SecureX covers every security product that we have. 

There are integrations into third-party products, such as Office 365 and Azure, as well as Virus Turtle to do some research. This solution was mostly initially implemented to help us with researching events and has grown since then.

SecureX makes it easier for me to present to management, i.e., our leadership team, how these security products are working and how well they are doing. We can look at things like our email statistics and realize that more than 50% of all inbound email is actually rejected because it is either spam, malware, or something else. They never would have understood that the percentage was that high until we had a product which actually tracked these things. We could show leadership basically what was happening. 

When we need to investigate something, we only need to go to one place. So if I need to look, then I can see an event which occurred. Maybe it is an event that occurred on an endpoint device, but I need to check the firewall. I might need to check Umbrella. I might need to check Stealthwatch, Email Security, and all of those other products to see what else was happening at the same time. SecureX does that for me. I can go into the threat response part of SecureX, put in that endpoint device or indicators of compromise, then it searches those products for me. I don't have to do that. Not only do I not have to do that, but we can now give that over to someone else who isn't as an expensive resource as I am.

The two biggest things that are great about SecureX: Orchestrator and visibility. 

We initially implemented it when it was first introduced because of the visibility piece. We could look at the performance and statistics associated with our entire security portfolio. 

When they introduced Orchestrator, it was a game changer because now we can actually develop Orchestrator scripts to handle a lot of the investigations that we were previously doing manually ourselves. We can actually set up Orchestrator to do things like investigations. If it discovers something that we need to look deeper into, it can just send us an email or text message for whatever we need to do, which has been huge.

It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place.

They could expand into more areas. The more third-parties that we have tied into it, the better. The capabilities are there. As they just continue to involve the product, the more things that you can look into, then the more analytics that you can get. Also, the more data that we can get, then the better off we will be.

We have been using SecureX pretty much since its inception. How long has that been? Three or four years, something like that.

It is great. We receive notifications from SecureX. When there are any issues on the back-end, they immediately notify us if it is affecting North America, Europe, or PAC Asia. We are constantly being updated. If they are working on an issue, then we get notifications when those issues are resolved. Most of the things that we have seen in the past usually happen, from our perspective, in the middle of the night. So, it doesn't impact us as much. It has been very reliable.

I haven't seen a product that we couldn't integrate with. It scales all the way up the whole Cisco product line plus all of this stuff that is non-Cisco. I haven't seen anything that indicates that there is a limit to what you can do.

It was something that we never even thought of. It is one of those things where they introduced the SecureX product when it first came out, and it was like, "What do we need this for?" Then, once we saw it, I was like, "How did we ever live without it?" It is one of those things now where there is all this talk about EDR and all these other products, and SecureX fits in that area. 

It was the first thing that we ever saw that was anything like it. We just tried it out. It was available. We contacted Cisco who configured it all for us. We tied it into the products that we had at the time, and thought, "Well, this is really neat." 

It is in the cloud, and there are integrations with devices. We did all the integrations ourselves. It was very straightforward. There are step-by-step instructions in the portal on how to get the different products integrated. I was able to do it all, so it wasn't hard at all.

Not only did they save us time, but as a small organization, we have a very small group of people who need to look into these things. Because we are a financial institution, every event and alarm needs to be investigated. You can't assume that something is a false positive until you have verified it. You can't take the risk. The ability to be able to have Orchestrator handle some of that for us, and even be a little proactive, e.g., go out to the Talos blog sites where they talk about the most recent attacks. They talk about the most recent indication of compromise and take that information to go ahead and run it against all our security systems to find out if any of those things show up. This saves me days of work, easily days within a week, because now I can do more from an architect's perspective instead of having to investigate all the events.

It is free. It can't get any better than that.

I would rate it 10 out of 10. It is one of my favorite things that has ever been built. It gives me the opportunity to be able to build orchestration so things can be handled in an automatic way. It gives visibility to me in one place. It is an all-around, outstanding product.

When it comes as a business bundle, we come to customers [to provide] a one-stop shop, and we provide a return of value on human resources. We come with an angle of EDR, Umbrella, and email security. We provide one-stop management that provides the visibility, enrichment, the ticketing system, and the Rockwell playbook that integrates out-of-the-box. That's amazing value for our customers, and this is why we like it so much. 

Today we're not selling just EDR or just Umbrella or just a firewall anymore. We're coming with an XDR SecureX platform offer and that's it, and customers love it.

One of the examples is related to forensics. The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever. With just one click you have information from email, from the endpoint, from the web.

Let's say that tomorrow morning, you have a ransom[ware] attack in your organization and you would like to know from which email it came, or where the customer saved the file, even though the incident didn't occur at the same moment. With SecureX, you have Cisco Threat Response inside. [With] one click, you get all of the flow. That's amazing value. 

That also releases resources for our customers. The customers don't have to connect many systems and try to register the event on each system, or to go to the SIEM and do a correlation. That's the one-stop shop for the customers, and that's amazing.

The visibility and the fact that customers don't have to go anymore to each one of the management consoles [are the most valuable features]. They have consolidation, and that's the best value.

Every solution can be improved. That's obvious. They could put in more third-party [integrations]. Unlike other solutions, here you have out-of-the-box support with third-party integrations, for example, with VirusTotal, with Sumo Logic, and AlienVault. But they can always improve themselves and put more and more, including the playbooks.

The automation, not just third-party integration, but also more playbooks, out-of-the-box, for automation [would be helpful].

I'm from Rockwell Automation. This is a huge corporation from the US. And in Israel, we have a bunch of cyber solution softwares. My department is responsible for being resellers of Cisco. We are a Cisco platinum partner. I'm the CTO and the vice president of Rockwell in Israel.

I have been using Cisco SecureX from the first moment it was released, something like two and a half or three years ago.

It just works.

[The scalability is also] the same, it just works. We have no issues.

[The support is] working very well. We have no issues. When we need them, they provide excellent service. The TAC support is a nine out of 10.

Positive

It's on the cloud. It's very easy. You just do the registration. They also pull Duo inside for multi-factor identity and that's it. It's really working very easily, in one click.

We have more than 40 to 50 customers with different variants of solutions and all of them [were done] in one click. We provide [it for] them out-of-the-box and we don't charge money for that. We say to the customer, "I will give you the XDR integration with all of the systems. I will not charge for that." Why? Because it's very easy. One click, remove the API keys, and that's it. It's working. And that's amazing.

There is a huge value, as we said. [There are] less resources to manage, good value for money when you take the business bundle. So why not? The ROI, it's very simple to prove. This is crazy.

I have used competitors in the past but it's not the same. First of all, Cisco is a giant. They have a lot of different varieties of solutions in the market. Other vendors only have firewall and EDR, or they only have EDR and deception and firewall. They don't have the concept of the full XDR out-of-the-box and free of charge. I must remind everyone that SecureX, out-of-the-box, is free for any customer. You don't pay for it. And that's amazing value when you buy solutions from Cisco security.

We would like to see from Cisco: more out-of-the-box playbooks and even more third-party [integrations]. It's an eight or nine out of 10. I [also] wish that the interface would be more sexy.

SecureX is a dashboard that aggregates all of the reporting from the Cisco stack into a central location. It's hosted on a public cloud.

ESA has a portal that has all their data, Cloudlock has a portal, and Umbrella has a portal. It basically aggregates them all into the same place so you have a widget or a section of the screen, depending on what you want to focus on. You can customize the dashboard to show all of those inputs in the same place at the same time.

We were just given the APIs, and you basically plug in the API coming out of your Cisco stack into the SecureX portal. It starts sending all the data from those products into Cisco's portal. There's no insight into the backend.

We had a handful of users using this solution. It's giving a readout of very sensitive metrics on our security stance, so we only had it pointing to a handful of users like top cyber security engineers and two or three people in management.

If management wants to ingest reports at a high level from all of the different products, they would only need one login to SecureX to view this information as opposed to separate logins for each of the integrated products.

It consolidated and streamlined viewing of metrics and high level data from our security stack.

I like that I don't have to jump around to five different products and log into five different places to view the data that it returns.

The documentation can be improved and the on-prem integration. The set of applications that it was integrated with wasn't comprehensive. There were still some gaps. I think Cloudlock said that it was able to ingest it, but any time we tried to configure it, it didn't actually pull over anything. I think it was just new. You need maturity.

There could be a better effort for the app integration. Some of the integrations were not completely ironed out. It was very new at the time, so the documentation lacked the integration. Some of the services were on-prem and some of the services were cloud-based. The cloud-based integrations were very well done and easy to integrate, and the ones that were generated via on-prem were cumbersome and needed a little bit of ironing out.

They were harder to set up and less consistent with their reporting. One of the main things was that SecureX didn't ingest the entire Cisco product set at the time. It was going under pretty rapid development, so I hoped that would expand, but I haven't had insight into it in the last 11 months.

I used this solution for two years.

At the time, the solution was very new so it was a mixed bag.

The scalability is fine.

Technical support is fair. I would rate it 3 out of 5.

Because it was new and because it's Cisco and they had people changing all the time, it was just kind of a mixed bag of who you got and when. Then depending on the product you were integrating with, it got passed around to someone who knew what they were doing.

It's touching so many different platforms, and each platform has a different tech support group. SecureX was trying to reach into all those different silos. I think that was part of the issue – it's trying to aggregate so many different products.

For some of the products like the cloud-based ones, it was extremely easy. You just export an API, plug it in, and it works. For the on-prem stuff, it took quite a bit of wrangling to get it to work consistently. It was inconsistent. That's kind of a mix. Some of the integration was really straightforward, really easy, and some of it was complex.

There were a couple times where a revision to a product changed, and so it had to be set up again.

Because the product wasn't fully baked, we just rolled it out as feature sets became available. As we stood up Cisco's security stack, we were able to integrate each piece fairly quickly. It was a kind of an ongoing project over a year.

The only person needed for maintenance was me.

I would rate this solution 7 out of 10. 

It's a great idea if it worked consistently, but it has to be way more mature than when I used it.

The tool's use cases include cyber threat intelligence and automated hunting. These are some of the key features that our customers like about the tool. 

Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process. 

Our customers also find the ability to create their own workflows using low-code capabilities to be really powerful. This powerful tool automates threat hunting. 

One of the improvements the product needs is more integration with collaboration platforms. The ability to drive actions and see insights through those collaboration and messaging platforms will be very powerful, and we see that as a feature that our customers would love. I think the key value in SecureX is the integrations. The improvements that we would like to see is those integrations keep coming because they are fantastic.

I have been working with the solution for about 18 months. 

The solution is scalable from an integration point of view. It is deployed over the cloud and has no limitations. 

The tool is a SaaS-based platform that is easy to set up. The integrations are also easy to do. Customers get it free of charge with a Cisco Security Portfolio and it's really easy for a customer to set up the solution and use it.

I would rate Cisco SecureX a ten out of ten. I find the product to be a fantastic platform. If you are eligible, start using it straight away. The best way to evaluate it is to start using it and see where it fits within your organization.

I think it helps our customers really deliver their SecOps goals, and I see it as a core foundation of CAE's own security strategy going forward.

Our partnership with Cisco is one that was built on trust over a long period of time. This has enabled us to work together to be able to provide the solutions that our customers need to drive their organizations forward.

The value we add as a reseller is being able to work closer with our customers, understand them, and get intimate with their organizations. That enables us to offer them the right solutions that will help them achieve their goals.

This solution is a new solution. It gets visibility into all the components about security. For example, in the Firepower application, emails, and in the cloud, I can see across those in SecureX. It shows all the layers and the entire security solution. This is very important and key in the world of security.

Organizations are afraid of attacks. For example, many companies have an attack once a month. We need this solution's visibility into our customers' applications.

The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem. 

I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect.

We have been using it for five years. This solution is very important to us.

They are good and are graduating to the next level with this solution. We can see the security in the cloud for this solution. Whether I am working at home or out in the world, I can see all the security in my network. 

The deployment is very easy. You just log, install, and run the software. That is all.

The pricing is the best part of this solution. It is free if you buy Umbrella or Duo Security. It is also a good solution.

It is a good solution. It is Cisco's best solution.

Monitoring is easy. My engineers are monitoring this application all the time and the customer doesn't have to call me. My engineers will call the customer and say "Hey, you are having an attack."

I would rate the solution as 10 out of 10. It is the best. The SecureX solution has the best impact for the customer because it has all the visibility of my applications and my users' applications. Of course, it is also easy to manage this application.

We use multiple firewall boundaries. We use Cisco for both internal networks and external networks that we provide for our customers across multiple sites. 

This solution definitely helps us meet our cyber security goals and we haven't had any problems so far. Cyber security resilience is very important to our business. This solution has improved our network and optimized our firewall. 

The ability to create firewalls online has been most valuable including the ability to create rules. We have done this using the ASA old firewall which we prefer over the newer ones. This solution helps us meet our cyber security goals. 

The resilience of this solution has also been valuable. We can trust in the fact that we can always reach out to developers if we have any problems. This solution has improved our network architecture.

The front-end work controls the new algorithm and the firewall rules. The search feature of these rules could be improved. If I want to look up a rule, I want it to be easy and just have the rule displayed instead of having to look through highlighted results. 

We have used Cisco ASA firewalls for seven to eight years.

This solution offers good stability. 

Deployment and setup of this solution take a week as we need to copy the rules from a previous firewall to this one. This solution does require regular maintenance. We have seven team members responsible for this. 

We have experienced a return on investment using this solution.

It would be nice if they had a different pricing model. Most of our budget for projects goes towards Cisco. 

We evaluated other options but prefer Cisco because it integrates well with other technologies. 

This is a good quality solution and I would rate it a ten out of ten. 

We use it to investigate threat incidents. It lets us better manage security incidents.

We just use it for the security department.

It gives us more visibility into detected threats so we can determine their impacts.

Its cybersecurity and resilience have been extremely important for our organization. It helps us save our operations by protecting us against ransomware and most threats.

The automation and orchestration tools are the most valuable features.

It is good that it provides information. However, I think that there needs to be more actionable items for us based on the information provided.

Remediation stuff could be integrated into the product's automation.

I have been using the solution for a year.

It is really scalable. We are looking to increase usage in the future.

Overall, the technical support is great. I would rate it as eight out of 10.

Positive

We did not previously use another solution.

The initial setup was complex. It took about a month to deploy. The deployment took me about 20 hours overall of work.

I had to work with the SecureX engineer in order to get things rolling. It wasn't a very straightforward process when we rolled out the product.

We used an integrator for the deployment.

We have seen quicker response times. It took a few months to realize the benefits.

It comes free with all Cisco products. So, it is a good price.

We didn't evaluate other products.

Leaders in organizations should invest in IT, training, and staff.