Cisco SecureX Reviews

We are using SecureX to protect all of our users and devices, both onsite and offsite, no matter what network they're on. We wanted a solution that would integrate across various platforms that we purchased through Cisco.

The biggest way we've benefited is because of COVID-19. In March, when the pandemic hit, as a school district we had to go fully remote. Obviously, we have devices that left our network for a substantial amount of time and we don't necessarily know what they were connected to, in terms of networks. Were they keeping safe? We were ready for that shift. We knew exactly what was going on with those devices, no matter where they were. SecureX has been keeping our devices safe during the pandemic. We haven't had any major threats that have come in or that have been found on our devices. That speaks to what Cisco is doing.

The fact that SecureX is built into Cisco Secure products and connects with our existing infrastructure has increased our security significantly because we use all Cisco products in our district. We have Cisco Next-Gen Firewalls and Cisco wireless controllers. What SecureX brings is that all of those can be incorporated together, and you're pulling data from all of those various systems into one pane of glass. You can really quickly see what security threats you have on your network.

With everything in one location, instead of having to open up five, six, seven, eight, or 10 different applications and look at data in them and then cross reference it, it's all in one pane so we can look at one application and see everything in one place.

It has also reduced the workload of our security team because that single pane of glass makes it easy. We don't have a dedicated security person in our department. We're a rather small IT department for the size of school district that we are, so we had to find a solution that easily gets the information we need, in a matter of seconds, because we might not always have the time to do it. And we needed something that obviously was a leader in the market share and we felt Cisco was that. SecureX has probably reduced our workload by 30 to 40 percent.

Something I've noticed, since going with Cisco security products, SecureX and all the rest, is that the number of issues on our devices has decreased substantially. Typically, in the past, we were re-imaging machines, wiping them clean and setting them up again, because they had run into issues, and that has decreased significantly. These products have allowed our users to continue to use their machines for many years without really having any threats on them.

In addition, it has saved us time when it comes to investigation tasks, again in that 30 to 40 percent range. An example of the way we've seen that reduction would be using Cisco Threat Response. If a computer has an issue, and we see some traffic or files on that computer, we can instantly investigate where that file or service has gone across our network. We can see if it went to five different computers and, if it did, we can instantly know what those five computers are. It reduces our investigation time because we don't have to go and check each machine. Cisco is going to give us a roadmap of how that malware impacted our network.

One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not.

They have released a lot lately that has continued to give us more insight into what's going on. But if they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality. It's something that we've adapted and continue to use. We see the value that it brings to us.

We have been using Cisco's products for about three years.

It's been very reliable. It has not caused us any heartache since we've deployed it. If there is an issue, we usually get notified right away, but even those issues have not impacted our devices. For example, if they release a new software agent for the Cisco Secure Endpoint and maybe there's a known bug, they will usually recall that and let us know right away. But we've not really been impacted by any of that. 

I feel that they do a good job testing everything before it's released to the end user.

The scalability is endless. We use it as a K-12 school district, but the same products can even go to a smaller school district than us, or they can go to a large corporation with thousands and thousands of users. It is meant to meet whatever needs your organization might have.

Not only that, but you have the interoperability of it, where it can be attached to a wireless controller or attached to your firewall. It's not just security at the device level. It's security of the network level as well.

We have not used technical support for the SecureX stuff. That speaks highly of the quality of product, especially with all the integrations that we have going on with different devices, and all the different solutions that we've purchased from them. We have not had to create tickets for any of that.

We've used several different solutions in the past, the typical antivirus solutions. We were not impressed with them, so when Cisco first released this we took a look into it and were impressed. We did a pilot test of it and saw that it met our needs, that it fit what we are doing here from a Cisco standpoint, and we purchased it.

We purchased a Cisco Enterprise Agreement that contained a lot of these products. Once we got that we started with Cisco Umbrella, which is part of the SecureX platform. We got that deployed to all of our products, including PCs, Mac devices, and iPads. We have about 300 PCs, about 800 Macs, and right around 4,000 iPads on our network. For us, that was the major first step because we wanted to protect our devices no matter where they went or what network they were joined to. We have started using that as our filtering program in the district.

From there, we deployed Cisco Secure Endpoint, which was also called AMP for Endpoints at one point, but they just recently changed its name. We deployed that to all of our devices as well. It was easy to deploy. It worked with our mobile device management system. And on the iPad, we use the app that joined both Cisco Umbrella with Cisco Secure Endpoint. Integrating those was important. We can go to one system and see a lot of that traffic and get a lot of the information.

It took us a couple of weeks to deploy SecureX across our devices. It was very easy because we could push it out using various systems. The biggest one was our mobile device management system that supports Macs and iPads. We could just upload the software to that and push it out. On the PCs, because we use Active Directory here, we could do it through group policy. We might have manually touched some of the PCs, but the deployment was very fast and easy.

The only thing that I would consider as maintenance when it comes to SecureX is making sure the devices update the software as it's released. That usually happens automatically from the server, as they check in, but sometimes there's an issue with a device that prevents that. In that case we have to go out and physically do it, but you can pull records and see which ones have not updated. So there's very little maintenance from our end.

For us, everybody plays a part in it because we don't have a dedicated security team and we only have one network specialist. Aside from the network specialist using it, we have a server specialist, and all of our building technicians have access to the system and can run reports and can do investigations if they feel comfortable doing that.

Our ROI is that we've not had any serious security threats. All of our devices are pretty healthy right now. I know when I leave at the end of the day, and all of our devices are exiting our building, that they're going to be secure no matter what happens. And when they come in the next day, we're not going to have a lot of threats brought in.

The pricing is competitive, especially for education institutions. Licensing can be a little bit difficult to navigate, especially with resellers with Cisco, but for us it has been pretty easy. We continue to grow the number of licenses that we have each year.

We evaluated other solutions briefly, but we saw the value that Cisco brought to the table. Because we have a small department we need to simplify our solutions so that they integrate really easily, and that means we stick with one vendor. It's easy to get a hold of support and troubleshoot issues if they do arise. That's why we put all of our eggs into one basket with Cisco.

Meet with Cisco representatives or their reseller to get a demo of their products. Then, reach out to some clients that are using it and get their feedback on it. That will show you that it's a solution that you need to invest in.

I would give SecureX a 10 out of 10, and I really do mean that. We've had really good luck with Cisco and all of their products. It's a great all-in-one solution for us and we've been extremely happy.

We use it to track our emails and to secure our endpoints. SecureX is a really big tool. If somebody tries to attack us with a virus, SecureX helps us to find that email quickly. Our staff members use laptops, computers, and other devices, but they don't have a lot of knowledge about the whole "IT war." There have been viruses and SecureX has enabled us to protect those users, and our systems and components as well. We have used it to solve spam and phishing attacks that are really popular these days. In our company we have over 20,000 users, so you can imagine how many emails we have on a daily basis. That is a really good example of what we can do really easily with SecureX.

Are you using multiple products from this vendor?

We use multiple Cisco tools within our environment. We use network solutions, products like switches, access points, routers. We also use many Cisco phones. For network solutions we use Cisco ISE and Cisco Prime. As the telephone system, we use Cisco CUCM, Cisco Unified CallManager, integrated with the Cisco Unity system for voicemail boxes. We also use Cisco Contact Center for our help desk and our employee services lines. We also provide systems to our customers. We have many government clinics. For communication, we use Cisco Webex Teams and Cisco meeting systems for video and call communications. We also use Cisco as a design solution.

Using multiple products from the same vendor is really nice and useful because many of Cisco's products are integrated. For example, we have that Cisco CallManager system which allows us to provide phone solutions for our users and that has really good integration with Webex Teams, the video conferencing platform. With the integration, we are able to provide standard phone PSTN features to our Webex Teams users. That is really great.

Using multiple solutions from one vendor saves our company time and money. With all the integrations, we also get really great support from Cisco because if you have, for example, a problem with integration between the systems there is just one company responsible for getting things right. A couple of times, in the past, I worked with two or three vendors, asking for support. We had some issues with integration and it is hard work to get good support from a couple of vendors at the same time.

Also, there have been a couple of times when I had to order physical devices and, working with Cisco, we got some better prices. Being a really big customer of Cisco allows you to also get preferred pricing.

The native integration between Cisco's products is really good because Cisco has solutions for almost every part of IT. There is a managed solution for network and unified communication. Integration between all these systems is really simple because Cisco has really good documentation. And if you need any help, you don't understand something, you are able to ask the great support.

To keep everything very simple, we use a solution provided wholly by Cisco. We grabbed SecureX from them and the cloud from them. That allows us to have better support because it's from one provider. If you have an issue with the system from Cisco, and the whole solution is based on Cisco products, the support can be moved from one team to another.

SecureX provides many measurements and has a really good dashboard. Working with it you are able to see things very clearly and you have every detail on a single display. That saves us money and time. There have been times when there have been 1,500 attacks per day. In a big company like ours, many employees are fired or leave the company and many have used the company email address for subscriptions or for personal usage and that also provides an opening for many attacks. These email addresses end up being used by fraud guys who try to get more information about the company. A couple of years ago we had a really bad situation related to something like that.

It brings all our data into a central point. It also shows us many data connections between many of our environments.

When it comes to investigation tasks, SecureX saves us time. SecureX gives you really good information about potential risks. You are able to find the source of a risk, a potential risk from a user or a machine. I can't tell you how much time it saves, but it's a really good tool that provides you many models that make your work easier and faster.

With SecureX you can see unusual activity and get more information about the machine or user involved. It provides you with more information about how to sort it out. That's a really important part of security, that you can protect your own network from unauthorized access.

In addition, using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices.

Contextual awareness is also a really good part of SecureX. It works with many areas and, with one tool, you have good visibility into many areas that you manage. That is a really good feature.

The automation process with SecureX could be simpler. When we started to use it that was not the easiest part for us.

Sometimes it's a little slow so that is also something Cisco should check. 

They should also work on the reporting.

We have been using SecureX for about two and a half years.

I'm not sure that I would call it a bug, but sometimes the solution is a little slow. But there is no other issue aside from that. Many bugs that we noticed were related to configuration changes made on our end, so we couldn't say they were system bugs. 

Anytime we are notified about patches and upgrades, we try to upgrade SecureX as soon as possible. There may, potentially, be some bugs, but Cisco also works to improve on its products. In my eight years working on Cisco products, I found one new bug in a Cisco product and I got an email from them: "Hi, Michal. You've found a bug. Thanks for that. You are the first person." But that was only once, and not in SecureX.

It's a really good solution and I haven't seen any limitations. 

I have worked with Cisco systems and products for over eight years and I have never had any issues with their support. You can open a TAC case in many ways: through your email or their support portal. And if you open a ticket with them, the engineer is assigned to your case in 30 minutes or so. With Microsoft, I had to wait one or two days. So Cisco support is really nice. If you need help with a problem, you will definitely get fast help. I only have good things to say about Cisco support.

I joined the team at the beginning of using SecureX and, to my knowledge, we didn't have anything like it. We had some really old systems and we replaced a couple of things provided by really small companies by using SecureX. Most of the things we replaced were created by our programming team, but these apps were only for our internal usage.

The initial setup was straightforward. SecureX is online. When you get your credentials to access the system, that is the only thing that you need. Just log in and start the integration with your environment. It's really simple. In the beginning we went through some manuals and documentation that we got from Cisco.

We needed something like 45 minutes, maybe an hour, to run the initial setup. That was really fast. For sure, we had to spend more time after that, but the initial setup is really easy.

Cisco has really good documentation about the product. For the last year, I worked on the Teams integration with our phone system. We immigrated from Skype for Business on-prem to Teams because we had many issues. Microsoft was not a good source of information or documentation so I had to ask their support to explain many things. The documentation Microsoft provided was really bad. By comparison, Cisco really has an advantage in this area. They have really good documentation about everything, as well as support.

In our company and in our team, we don't have roles divided into administrators and others. We are working as a security team and we try to obtain knowledge about all our systems. SecureX was implemented by me and one other guy, but after that we provided the rest of the team some training and shared our knowledge with them. We manage all our systems and help our end-users with them.

The cost has been good for us. We know the Cisco license and it is good for us. We pay for a really good solution, and that is the most important thing for us. You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending.

I don't think the company evaluated other options. We didn't talk about doing so in our team. Those things were handled by our leaders, based on the experience of many teams. In IT we have many teams that are responsible for many parts of our IT functionality. But I think the decision was made to go with SecureX because we have so many Cisco products. The thinking was: Let's ask Cisco about a solution for us, and Cisco provided it.

The biggest lesson I've learned from using SecureX is that, before, I thought that if you have a solution that handles many things and that can be used in many areas, it could not be a good solution. Working with SecureX, I realized that I was wrong. A good company like Cisco can provide a tool that you can use in many areas, a tool that provides many solutions for many models, with many features, and it can be really good. That solution can also be integrated with many other products, not only from Cisco but from third-party companies. Working with SecureX made me realize that you can have a good solution that you can use in many areas. Before that, I was a skeptic about that.

I would rate it a 10 out of 10. Using SecureX, we can aggregate the data from all our security products. It gives us the option to automate many of our tasks that we had to do manually before. It's a really huge time saver, and not only for my department, because we can also provide many reports about usage of our systems and networks to our leaders and our managers, and show what we can do to make our security better.

We have a total of about 150 customers with about 6,500 users and we handle their IT. There are 300 sites all over the Netherlands from which we get all the intel and we feed it into SecureX. It's our central point where we collect everything very easily. When we see something happening we can take the security feed, look at the event in an organization, and SecureX shows us what's going on. It helps us analyze and understand things.

All the security solutions such as firewalls, email security, web security, endpoint security, and antivirus report into SecureX where we have a dashboard that shows everything that is happening.

The orchestration allows us to say, "Well, if this happens here, then we should take an automated action." For example, if an email is received on a machine and malware is being executed, it can be put into lockdown mode. It should only be accessible by the investigators. It cannot connect with any other resources within the company anymore. It cannot send or receive any files. SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together.

We're seeing and correlating things that we never expected to be able to put together. Before we had the SecureX dashboard, which ties everything together, we would have logs on some computer, or logs on a different system with timestamps. We would have to input search commands to see if there was anything happening on one machine that was also happening on another machine, or if there was anything happening in the firewall that was also happening with email.

We're also doing things with SecureX now that I didn't think were possible two years ago. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. I didn't expect there to be a product in which you can so easily change between the different parts of your security with a single click, allowing you to go from publicly available security intelligence into, "How's it looking in my environment?" 

We can do things within seconds, things which we wouldn't even have thought about doing two years ago, just because we didn't think there would be anyone combining the different sources of information together and making it easy to correlate between what's happening in the rest of the world and what's happening within our environments.

Also, SecureX provides us with contextual awareness throughout our security ecosystem.

Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out. 

You can also see not only what kind of malware you have, but what kind of damage or what kind of tech you're looking at. You can very easily see if there is somebody who is trying to find out if there's anything open or if it is somebody who has already established access and is trying to escalate from a user account to the administrator account. You can even focus on these kinds of privilege-escalation attacks and make other issues a second priority.

In addition, like every company, we have to deal with compliance. We have a compliance officer, but normally the compliance officer would not have access to the firewall logs, the email security appliance, endpoint security, etc. But he still has to get all the compliance information out of them, including details such as how are we doing, how many threats we are capturing, etc. I gave our compliance officer access to the SecureX dashboards and now, without having to log in to any of our security appliances, he has a live dashboard with an overview of what's going on. How many incidents? How have they been resolved? How much malware was seen within the company? What kind of compromises were there? Were they critical, high, medium, or low?

He can look at everything himself without him having to ask for me to create a report and without having to have access to the files themselves. He has a dashboard and can say, "I want to see the last week, last month, etc." He gets all the widgets and all the information for whatever period he wants. He can use that within his report to show the auditors how we're dealing with our security. Without any reporting, without emailing back and forth, he gets access to the live information. That's something I wasn't expecting and it has proven to be very valuable. He cannot mess anything up, however, he still has access to the live data on the entire network.

For me, the most valuable feature is the overview: seeing hundreds of sites and thousands of endpoints; everything in a single dashboard.

It can show me spam attacks, phishing attacks, malicious file transfers on our firewalls, and malicious activity on our endpoints. In addition to all the security solutions it takes in, you can add in other websites and services as well.

Threat-hunting is a specific module within SecureX. You can say, "I want to know what's been happening within my organization. I'm seeing some activity here and I want to know if this machine, which is doing something strange, has been in contact with any other suspicious machines. Has it been receiving any suspicious email? What's going on?" It can really dig into any indication you have within your network.

It also provides automatic messaging. For example, if there's malware activity, it will be automatically matched to a certain category of malware saying, "This is credential access,” or “This is a discovery,” or “This is the exfiltration of data,” or “This is privilege escalation."

There is also the possibility of integrating feeds from different products. SecureX will not only work with Cisco products, but you can also put in different kinds of feeds if you have a different type of firewall or antivirus, for example.You can get the same intel within the same dashboard. You don't need to have only Cisco products. 

SecureX integration between Cisco products and third-party solutions is very valuable due to the fact that you get the security feeds and everything on the internet. If you want to know, for example, if something is Orion malware, it will say, "Hey, I have this webpage showing me indicators of compromise. It gives me a button within my browser and I can check whatever is on this page against my live environment. If there's anything on any webpage saying, "You should pay attention to this, or you should be aware of these malicious files," with a single click I can check them against my environment. The intel you get and the different products all generate output. And you can use the toolbar within your browser to make it very easy to put anything you find into SecureX.

The ribbon feature is quite useful. The solution is great at helping you maintain context around incidents as you navigate different consoles. It's immensely valuable due to the fact that, as you navigate between products and between pages, the ribbon stays with you. I can open a case there and I can also share it with my colleagues. We're back in lockdown again here in Europe, so everybody's working from home again. I can start an investigation on my machine and share it with my colleague. He can work on the same stuff and he can add to the case. You can very easily scale up your investigation. All the notes you've been taking, all the indicators you've collected, all the interesting stuff you've noticed are logged within the ribbon and available for your colleagues to work on as well. You don't have to email back and forth saying, "I found this. Hey, did you see that?" It's all there. You can cooperate on the same issue.

It saves you a lot of time investigating. It will not just show you what's happening within your environment but also what's happening in the rest of the world. If I'm seeing a file for the first time, it's very unlikely it's the first time in the world this file has ever been scanned. I can check if it has been scanned in other antivirus engines and what they think about the file. There is the integration with the service called VirusTotal. It has about 60 or 80 different engines. If I'm seeing a file and not sure about it, with a single click I can get the opinion of 60 different antivirus products on that file to show me what the rest of the world thinks about it.

The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult. 

What would be really helpful is some sort of library from which you could pull out prefabricated actions. The tools are there to build your own, but it would be nice if there were a library saying, "If you have this and you want to do this, there's some prebuilt stuff here which you can tailor to your own environment." Right now, it's mostly a blank canvas saying, "Take whatever input you want and program your own response."

We've been using the solution for almost a year.

We've had zero issues. It's always available. There are no gaps in monitoring and no downtime.

If there are any limits, we haven't been able to find them yet. We have hundreds of sites reporting into it and I'm not seeing any limits, slowdown, or scalability issues.

I've only used the support resources during setup. There have been no issues or incidents for support so far.

That said, looking at the videos and the manuals they have, etc., there's a lot of support available to get you started. Due to the fact that it's a free add-on if you have any Cisco security products, there is no investment except for a bit of time to get it running.

We didn't previously use a different solution.

The solution's initial setup was very straightforward. It's an online service. You log in with your credentials and on the left-hand side you say, "I have this product, let me integrate." There's a guided setup that's pretty step-by-step. Then, you just go to the next component you want to integrate. It's a guided configuration.

In terms of deployment, the first integration was done within 15 minutes. With the extras we put in it was, let's say, an afternoon of work. It took maybe two or three hours to get everything set up, including all the users, and to get everything integrated and all the dashboards configured.

In terms of maintenance, we have about six people from the security team involved.

I handled the implementation myself. I did not need the assistance of a Cisco consultant.

We've reduced our workload by 20 to 30 percent just from being able to focus on the important things, as this product really does a lot of the grunt work for you. It has really increased the efficiency of the organization's security operations.

For example, if you see something and say, "This should be blocked," or "this is malicious," with SecureX, it will not only automatically block it on endpoint security, but it will also stop the malicious file from being sent or received via email. It will also stop the file from being downloaded or uploaded. That way, if I have a malicious attachment on a laptop somewhere, SecureX will block it everywhere, and it will also protect the users on the WiFi because the firewall, which is between them and the internet, will block it. I can protect devices such as guest devices in the guest WiFi, devices I don't have access to, because I have visibility of all the endpoints with a single click. It's 360-degree protection.

Without the integration, I would have to say, “Well, this email has a malicious attachment, and now I have to worry about it on 300 different firewalls. I have to put in a rule to block this attachment everywhere.” We'd need dozens of people working on that. Now, it's a simple mouse click.

On top of that, we're 50 to 70 percent more efficient in investigations. It really saves a huge amount of manual checking.

It has probably saved our compliance officer 10 percent of his time as well.

For the value you get, the pricing of the solution is excellent.

We didn't evaluate other options. There's really nothing with this type of huge scope. There were some basic logging solutions and some other incident response stuff, however, there was nothing that covers your entire security apparatus.

We haven't worked on automating all the manual processes in our security operations yet. We want to implement more of them, however, we're still looking into the details. This year we'll be starting to use the orchestration feature. That way, an end-user can forward an email and it will automatically be checked and he'll get a report back. Those are the kinds of automations we'll start using this year.

You only need two or three hours to get everything set up, to put things into it, and to see how it works, with zero impact onsite. You don't need any extra resources. There's nothing fancy to configure. It's very easy to integrate. I'd advise companies to try it and just see how it becomes the dashboard for your entire security operation.

I would rate this product at a nine out of ten due to the fact that the orchestration piece is a bit difficult. That said, everything else, especially for the price, is unbeatable.