What needs improvement with Cisco Web Security Appliance?

With the WebAssign integration, it is not easy when I am integrating policies within the company, especially with NAND and wireless policies. The challenge arises when traffic is blocked from either wireless or wired connections. Although implementing it as a standalone is quicker, integrating BYOD with Cisco I and FTB can be tiring. Once it is done correctly, the functionality and reports become valuable, although the implementation part can still be challenging.

The product is great, however, incorporating features offered by competitors would be beneficial. Competitors sometimes highlight features that Cisco products lack. Additional features like improved whitelisting and blacklisting of malicious websites could enhance the product.

The solution could provide seamless integration with other technologies. Cisco's strength lies in its reliable managed services, which address any issues promptly. It is not able to integrate with existing technologies. The ISB component of KSB is weak, but its firewall capabilities and DNS are strong.

There are certain shortcomings related to the product's management capabilities, where improvements are required. The solution needs to provide better management of the category of web pages.

The tool needs to improve cloud-based decryption.

Cisco lacks a GUI-based troubleshooting feature compared to products by other vendors. There might be some instances where the proxy is blocking some genuine traffic. It could take a lot of troubleshooting with Cisco Web Security Appliance proxy, which could otherwise be easily identified by a GUI-based troubleshooting tool.

We are planning to migrate the solution from in-house to the cloud. We would like to see a security service head, where we can combine all the security into one solution.

The solution is priced high.

The tool needs to provide logs. They need to improve firewall threat defense.

The solution could improve the graphical user interface. It is not up to the regular standard of what we would expect from Cisco. Additionally, they need to improve the categorization when blocking in the settings. The CLI could have a better view than the graphical user interface but I did not investigate further.

The transparent proxy is quite difficult to enforce on smartphones and tablets because it is on a sticker implementation rather than a line mode. The WCCP ID is the biggest IP address of the appliance but it is not able to be reached by the user. The addition of inbound features such as a reverse proxy and load balancers would be very useful. Reporting could be improved so that a central management solution is not required.

There are occasional delays in customer support but it's a minor thing.

The reporting needs improvement. We were using a stripped-down version of Splunk at the time, and as far as I recall, there was no easy way for us to send those logs to our enterprise Splunk. It kept pushing us to use the smaller version. That was probably just a sales team thing, but other than that, the product was great, but the reporting was definitely an issue. I would like to see Risk API included, as well as the ability to automate adding things to the blacklist and whitelist without having to do it manually and having it report into the Cisco WSA cloud via risk API.

It should have a user-based quota, per-user quota, that can be defined on the appliance. That way, if a user reaches their quota individually, they should be blocked for the next day. One major feature that is still not in this product and that should be implemented by Cisco is that it should have a live graph. We'd like to see, for example: What is the user consumption at the right now? What is the bandwidth, when bandwidth is used by the user? There is no current graph of it and I would recommend it should be in the product.

We just deployed it. I would just like to have more filters. However, I need more time to give a report to see what limitations may exist. During the setup, we had issues with updating the rules. I would like more automation. When it's on a failover, everyone will think that they'll filter nicely.

The support for the solution could be improved as there are issues with SMARTnet support.

The stability could be better. The solution needs to be more user-friendly and easier to navigate. It's not so easy right now.

This solution could be more secure. Purpose-wise, I don't necessarily see the point of this solution. Users can gain access to restricted content easily with a simple VPN. It just seems like a waste of money to me. In my opinion, this kind of technology should be available in a bundle. If internet security and web security were bundled together, that would be great.

Sometimes reporting is a little bit short. Cisco has always put more emphasis on developing big products that are very robust security-wise, rather than focusing on developing solutions with a lot of bells and whistles. In other words, it's not beautiful, but it gets the job done. Reporting is not so beautiful compared to other solutions, it's not so cute and colorful; however, it does a very good job in the areas that it supports — because it detects malware and malicious code. There is a ton of intelligence behind it.

The GUI is not user-friendly, so it needs to improve or be simplified. The initial setup is complex, it could be easier.

Obviously there is always room for improvement for almost all the appliances available in the market. But there are scopes for improvement. I'm pretty sure that Cisco will keep on integrating different feature sets as the market demands and I have seen Cisco as an organization that puts in proactive efforts providing different features before they come into the market. So I'm pretty sure that Cisco will give due diligence in terms of providing all the features in their WSA. But one thing I don't like with Cisco is that they're very fragmented in terms of feature sets. What I mean is that the one thing I don't like about Cisco is that they are very much fragmented in terms of providing the complete solution. They keep on breaking their different feature sets into different boxes. The days are coming when almost all the customers are looking for a consolidated box or a box wherein you can have multiple feature sets based on infrastructure, which will decrease the carbon footprint in the data center. Then, obviously, the number of devices they will have in the data center will go down. So cooling requirements and power requirements will also go down. So that's what the customer is looking at. But Cisco is too segmented. They gave ESA, they gave WSA, they give their next-generation Firewall Firepower. Then they gave a management center. And for network AMP they made a separate box set. So there are too many devices. Though I understand technically that, yes, fragmented technology is best because we should let the dedicated device do dedicated jobs. But again, in terms of customer acceptability and the customer's point of view, consolidated devices make much more sense for them. I would obviously prefer the WSA to be integrated with ESA because there is no point putting so many hardware devices and infrastructures in. So if WSA had the functionality of ESA, at least the basic functionality of ESA, it could be merged into a single box, and that would be good.

There are some problems with this solution but it's not related to this product. If a user wants to use it for other devices like mobile or smartphones, this product isn't so reliable. If you want to implement it in a track point mode, it is difficult to implement and is not so reliable. There should be more implementation.

The licensing model needs to be more flexible. How it works is that you can have from zero to 499 users at the first stage, then from 500 to 999 users at stage two, and so on. They need to be more flexible because when you exceed 1,000 users then you are supposed to deploy a separate appliance to cater to them. The technical support could use some improvement.

They need a better graphical interface, and they need a better ISE mechanism. In the next release, I would like to see the reporting features enhanced.

Technical support needs to be improved because they take a very long time and there is no communication or notification. Controlling engines at the network layer needs to handle more links or multiple links from the internet. Controlling with the applications, or more applications as part of the local applications so that it's bigger. The price should be moderated.

The price of this solution needs to be reduced. The FTD 21 model's Firepower Threat Defense does not have the multi-instance feature for the virtualization with the physical equipment. This makes it difficult to propose this solution to the customers. The issue that we are facing is, for example, if we have a project with a client, and we suggest the twenty-one series, we don't know until we have implemented it that we do not have the multi-instance feature.

The pricing is too high, so that could be improved. Also, the solution is not very compatible with other products.

I would like to see management automation in the next release.