What is our primary use case?
We use a lot of different Cisco security products to protect different areas of our entire infrastructure. SecureX basically gives us a single pane to all those products. We were trying to avoid going from product to product to product to product, either to research security events or just look at overall performance of those. SecureX covers every security product that we have.
There are integrations into third-party products, such as Office 365 and Azure, as well as Virus Turtle to do some research. This solution was mostly initially implemented to help us with researching events and has grown since then.
How has it helped my organization?
SecureX makes it easier for me to present to management, i.e., our leadership team, how these security products are working and how well they are doing. We can look at things like our email statistics and realize that more than 50% of all inbound email is actually rejected because it is either spam, malware, or something else. They never would have understood that the percentage was that high until we had a product which actually tracked these things. We could show leadership basically what was happening.
When we need to investigate something, we only need to go to one place. So if I need to look, then I can see an event which occurred. Maybe it is an event that occurred on an endpoint device, but I need to check the firewall. I might need to check Umbrella. I might need to check Stealthwatch, Email Security, and all of those other products to see what else was happening at the same time. SecureX does that for me. I can go into the threat response part of SecureX, put in that endpoint device or indicators of compromise, then it searches those products for me. I don't have to do that. Not only do I not have to do that, but we can now give that over to someone else who isn't as an expensive resource as I am.
What is most valuable?
The two biggest things that are great about SecureX: Orchestrator and visibility.
We initially implemented it when it was first introduced because of the visibility piece. We could look at the performance and statistics associated with our entire security portfolio.
When they introduced Orchestrator, it was a game changer because now we can actually develop Orchestrator scripts to handle a lot of the investigations that we were previously doing manually ourselves. We can actually set up Orchestrator to do things like investigations. If it discovers something that we need to look deeper into, it can just send us an email or text message for whatever we need to do, which has been huge.
It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place.
What needs improvement?
They could expand into more areas. The more third-parties that we have tied into it, the better. The capabilities are there. As they just continue to involve the product, the more things that you can look into, then the more analytics that you can get. Also, the more data that we can get, then the better off we will be.
For how long have I used the solution?
We have been using SecureX pretty much since its inception. How long has that been? Three or four years, something like that.
What do I think about the stability of the solution?
It is great. We receive notifications from SecureX. When there are any issues on the back-end, they immediately notify us if it is affecting North America, Europe, or PAC Asia. We are constantly being updated. If they are working on an issue, then we get notifications when those issues are resolved. Most of the things that we have seen in the past usually happen, from our perspective, in the middle of the night. So, it doesn't impact us as much. It has been very reliable.
What do I think about the scalability of the solution?
I haven't seen a product that we couldn't integrate with. It scales all the way up the whole Cisco product line plus all of this stuff that is non-Cisco. I haven't seen anything that indicates that there is a limit to what you can do.
Which solution did I use previously and why did I switch?
It was something that we never even thought of. It is one of those things where they introduced the SecureX product when it first came out, and it was like, "What do we need this for?" Then, once we saw it, I was like, "How did we ever live without it?" It is one of those things now where there is all this talk about EDR and all these other products, and SecureX fits in that area.
It was the first thing that we ever saw that was anything like it. We just tried it out. It was available. We contacted Cisco who configured it all for us. We tied it into the products that we had at the time, and thought, "Well, this is really neat."
How was the initial setup?
It is in the cloud, and there are integrations with devices. We did all the integrations ourselves. It was very straightforward. There are step-by-step instructions in the portal on how to get the different products integrated. I was able to do it all, so it wasn't hard at all.
What was our ROI?
Not only did they save us time, but as a small organization, we have a very small group of people who need to look into these things. Because we are a financial institution, every event and alarm needs to be investigated. You can't assume that something is a false positive until you have verified it. You can't take the risk. The ability to be able to have Orchestrator handle some of that for us, and even be a little proactive, e.g., go out to the Talos blog sites where they talk about the most recent attacks. They talk about the most recent indication of compromise and take that information to go ahead and run it against all our security systems to find out if any of those things show up. This saves me days of work, easily days within a week, because now I can do more from an architect's perspective instead of having to investigate all the events.
What's my experience with pricing, setup cost, and licensing?
It is free. It can't get any better than that.
What other advice do I have?
I would rate it 10 out of 10. It is one of my favorite things that has ever been built. It gives me the opportunity to be able to build orchestration so things can be handled in an automatic way. It gives visibility to me in one place. It is an all-around, outstanding product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
