Cisco Secure Access is a comprehensive Security Service Edge (SSE) solution (a key component of a SASE solution) that addresses the complexities of securing a hybrid enterprise. Cloud-delivered and grounded in zero trust, it delivers a unique blend of user simplicity and IT efficiency for frictionless, secure access to all applications—SaaS (with gen AI), private apps, and the internet—regardless of user location or device. Secure Access protects users, data, and devices against relentless, sophisticated, and constantly evolving threats including AI-driven attacks and identity breaches.
| Product | Mindshare (%) |
|---|---|
| Cisco Secure Access | 3.7% |
| Prisma Access by Palo Alto Networks | 10.2% |
| Zscaler Zero Trust Exchange Platform | 8.8% |
| Other | 77.3% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Secure Access Service Edge (SASE) | Jun 21, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 21, 2026 | Download |
| Comparison | Cisco Secure Access vs Prisma Access by Palo Alto Networks | Jun 21, 2026 | Download |
| Comparison | Cisco Secure Access vs Zscaler Zero Trust Exchange Platform | Jun 21, 2026 | Download |
| Comparison | Cisco Secure Access vs Cato SASE Cloud Platform | Jun 21, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Fortinet FortiGate | 4.2 | N/A | 92% | 592 interviewsAdd to research |
| Cloudflare One | 4.3 | 5.8% | 100% | 23 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 10 |
| Large Enterprise | 28 |
| Company Size | Count |
|---|---|
| Small Business | 204 |
| Midsize Enterprise | 105 |
| Large Enterprise | 298 |
Provides all core SSE components (ZTNA, SWG, CASB, and FWaaS) plus extended capabilities.
Includes VPN-as-a-Service (VPNaaS), data loss prevention (DLP), AI Assistant, visibility/control/guardrails for generative AI use, digital experience monitoring (DEM), reserved IP, remote browser isolation (RBI), DNS-layer security, flexible security enforcement (in cloud or on-premises), policy verification, and more.
Protects users as they seamlessly access resources and apps with no extra steps needed, regardless of protocol, port, or level of customization
Simplifies IT operations through a single client, single dashboard, single license, and unified policies.
Lowers risk with least privilege, granular controls backed with unmatched threat intelligence of Cisco Talos.
Eases interoperability with other products from Cisco and third-party vendors with common administrative controls, data structures, and policy management.
Robust integrations
Integrates with Cisco Identity Intelligence to protect against the startling increase in identity-based attacks.
Integrates with many SAML Identity Providers (IDPs) such as AD, Azure AD, Okta, Ping, etc.
Integrates with Cisco offerings including SD-WAN, Splunk, XDR, Thousand Eyes, third party technologies such as Menlo RBI, Chrome Enterprise Browser, and AppOmni for SSPM.
1. IBM 2. Microsoft 3. Amazon 4. Google 5. Apple 6. Cisco Systems 7. Oracle 8. Intel 9. HP Inc. 10. Dell Technologies 11. Verizon Communications 12. AT&T 13. Comcast 14. T-Mobile 15. Sprint 16. Vodafone 17. Orange 18. BT Group 19. Deutsche Telekom 20. Telefonica 21. Nokia 22. Ericsson 23. Samsung Electronics 24. Sony 25. Panasonic 26. LG Electronics 27. Siemens 28. General Electric 29. Ford Motor Company 30. General Motors 31. Toyota Motor Corporation 32. Volkswagen Group
| Author info | Rating | Review Summary |
|---|---|---|
| Network Operations Engineer at a media company with 1,001-5,000 employees | 4.0 | I've used Cisco Secure Access for five years; it's stable, scalable, and feature-rich, but expensive and has a steep learning curve. Support is excellent, though high costs limit appeal for smaller businesses despite its strong performance. |
| Head Of IT at a non-profit with 501-1,000 employees | 4.0 | I deployed Cisco Secure Access for 2,400 users, replacing Check Point, and Meraki/ThousandEyes integration plus strong Cisco support delivered an automatic, unified experience and major savings. Downsides include slow dedicated IPs, complex VPN profiles, and poor SSL decryption performance. |
| IT Manager at Bavaria Egypt S.A.E. | 4.5 | As a service provider, I find Cisco Secure Access excellent for security, stability, and scalability, especially with AI and XDR for threat detection. While costly and complex to manage, its ROI and protection against ransomware are significant. |
| Senior Design Specialist at TELUS Communications Inc. | 4.0 | As a managed service provider, I find Cisco Secure Access excellent for sophisticated security, VPN as a service, and automated tunnel building, consolidating solutions effectively. It's stable and scalable, though I'd appreciate a price reduction and a more useful AI Assistant. |
| Sr. Service Delivery Engineer at Colossal, LLC | 4.5 | I replaced our Palo Alto firewalls with Cisco Secure Access, gaining a cloud firewall for local internet breakouts, cutting incident response time, and improving security for military schools. Its single pane of glass and AI are great, though IPv6 needs work. |
| Senior Network Administrator at a healthcare company with 1,001-5,000 employees | 5.0 | I find Cisco Secure Access excellent for secure corporate and remote access, offering more features than Umbrella. It's stable, easy to set up, and integrates well as a Cisco shop. While the AI is still maturing, I'm highly satisfied with its current performance. |
| Cyber Security Manager at a non-profit with 501-1,000 employees | 4.0 | Cisco Secure Access has provided reliable, flexible remote connectivity with strong security for our users, though clearer guidance on ZTNA adoption and better third-party integration would improve it; overall, it's cost-effective and delivers a smooth user experience. |
| Sr Sales Engineer at CrossConnect | 5.0 | I find Cisco Secure Access excellent for securing hybrid workforces, offering consistent policies, stable VPN, and AI access control. It's scalable, easy to set up, and provides good ROI, consolidating previous complex solutions effectively. |
| Solution Architect at Velocis Systems | 4.0 | I’ve found Cisco Secure Access to be simple, secure, and well-documented, making it suitable for hybrid deployments. While ThousandEyes has strong capabilities, its pricing model is flawed. Cisco TAC support is good but needs improvement during shift changes. |
| Chief Technology Officer at Binary Global Limited | 4.0 | I find Cisco Secure Access a stable, scalable, and complete SSE solution with great Talos integration. However, its main issues are low customer mindshare for Cisco security, multiple management consoles, and the lack of an OEM-provided MDR service. |
I use Cisco Secure Access for Secure Access Service Edge (SASE), which provides me with secure identity-based access to applications and the internet from anywhere. I don't have to rely on traditional VPN architectures. Cisco Secure Access provides Zero Trust Network Access (ZTNA), Secure Web Gateway, Cloud Security Broker, and Firewall as a Service all into one platform, which is beneficial.
I use it for firewalling, security, and Zero Trust Network Access.
I have worked with Cisco AI Defense product and Cisco AI Access, focusing on control access and data protection for data in transport and stationary states.
I have used the AI Assistant, which is a Cisco feature where AI helps to automate redundant tasks so that I don't have to configure each small detail manually. It is a bulk configuration feature.
I have used Cisco Identity Intelligence, which provides User-ID and Content-ID based network access control. It uses protocols such as LDAP to authenticate with products such as Active Directory to authenticate users. It is a good feature and is already integrated.
From a feature perspective, I have not experienced any issues, drawbacks, or shortcomings. However, the cost of Cisco's products and licensing is high. My clients usually prefer cheaper options if possible. Mid-size or smaller businesses typically cannot afford Cisco Secure Access. Additionally, there is a steep learning curve, as it is very intensive. Someone with significant knowledge can work on it, but a new professional would have to spend considerable time to get accustomed to it. It is hard to find engineers who can work on it. Overall, we get what we pay for, as it is a pretty good feature and service.
The pricing of Cisco's products and licensing is higher than competitors. If they could be more reasonable, that would help. The support offered for two years also has higher costs. Overall, the client's IT budget gets affected.
It was challenging to learn because, as mentioned, it has a significant learning curve and requires considerable training to become proficient.
I started using Cisco Secure Access when I was in the US, which was approximately five years ago.
From my experience, Cisco Secure Access is very stable and has not crashed. Cisco is renowned for their reliability, and their products perform well under high data usage. It is very resilient, and I have not seen it go down, crash, hang, or experience any other issues.
Cisco Secure Access is very scalable. It has high availability, so it can be deployed in pairs and scaled quickly.
The quality and speed of the support are very good. Cisco is excellent with their support. When I create a TAC case for any issue, they respond quickly and schedule a call. They help resolve issues as soon as possible through screen sharing. Cisco TAC is very competent.
Positive
I have not worked on the same offering from Palo Alto, so I cannot compare what is better there or here. What I appreciate about Cisco is that everything they do is precise and works well without any issues. I found that there are not many bugs. I have heard that Palo Alto has many bugs that need to be fixed and require a TAC case to resolve. In my experience with Cisco, I haven't had issues with bugs that I had to escalate. On the few occasions when there was a bug, the solution and patch usually fixed the issue, which they had already posted on their website indicating which patch version would resolve it. That is the advantage, as it works flawlessly.
I have not used Palo Alto's offering, so I cannot make a comparison. I have only used Cisco's.
Deploying Cisco Secure Access on the machine is very easy. If we follow the steps, they are seamless and run smoothly.
Policy verification is done before deploying, similar to Juniper's approach. With Cisco switches, if we put a command, it applies immediately without asking for confirmation. With Juniper, we have to put the command and then only after we hit commit does the command apply. Cisco Secure Access has the same feature where before applying the configuration, it verifies and checks if it would cause any issues and provides results based on that.
One person can complete the deployment.
Cisco Secure Access regularly requires patches that need to be installed. During downtime or after hours, patches need to be applied. The system gets rebooted occasionally to clear caches and improve CPU performance.
I am not certain what VPN as a Service or VPNAaS means. I have not heard of this term.
Multi-organization might be a feature on Cisco Secure Access, but my clients are private companies that haven't merged with any other organizations, so they have their own devices and networks. I haven't used those features.
I would rate this product an 8 overall.
Cisco Secure Access is used for CTNA with a couple of applications deployed on it. There is a journey underway to move all applications off VPN into CTNA, but some applications are too old and legacy and will not support it very well. Business input into testing is required, and everyone is busy with everything, making it quite difficult. The VPN is working wonderfully.
The integration of Cisco Secure Access with Meraki is going well and has been a very positive experience compared to the previous deployment of Check Point. The difference this time around is having a Customer Success Manager and a direct path to the product owners, where feature requests can be made and feedback received. Cisco has been quite involved in the onboarding process.
Cisco Secure Access is significantly different compared to Check Point. Nearly a year since deployment of Cisco Secure Access, users have likely forgotten about turning the VPN on as it is now automatic. Users just open their laptop and are connected straight away regardless of whether they are home or not. From a user point of view, it has been very good. Things such as the ThousandEyes module have been deployed into it along with posture assessments, so all these different modules have been put into one single agent, which has helped get a unified view of everything.
The features of ThousandEyes integrate with Cisco Secure Access by providing end-user ThousandEyes licenses and end data center ones, which gives a holistic view. That is all complemented with Cisco Catalyst Center, providing an overarching view of what is going on on the network. The service desk can have access to that so they can see what is going on across the entire environment. This has provided a single pane of glass, which was not available with two different vendors before.
Regarding Cisco Secure Access, there are some areas that are not positive. Dedicated IP addresses for Cisco Secure Access platform took quite a while to obtain, and the process can be streamlined and improved. Issues arise because everyone is coming off a single IP address and sites such as YouTube think there are bots, asking to verify or just blocking access. When this was raised with Cisco, the official response was that accounts need to be signed up for or Gmail accounts created, with nothing that can be done on Cisco's side as it is on the end website. This is somewhat understandable, but those relationships should exist between large organizations. For instance, when presenting a PowerPoint with an embedded YouTube video, it suddenly says it cannot verify identity, causing issues for all levels. Three or four people come to the service desk every week with this issue, and the response is to use a generic Gmail account or sign up independently, which is probably not adequate.
Another issue has been with VPN profiles. When creating different VPN profiles, the underlying infrastructure has had to be replicated or provided, such as another RADIUS server for authentication. The whole VPN profile side of things can be improved for different subsets of users, such as guests or people who bring their own devices. Different profiles are wanted for different user bases, and it is quite complex on Cisco Secure Access to set all that up at the moment. Historically, with ASAs or Check Point firewalls, VPN profiles could be set up quite easily and what they had access to and what they did not have access to could be limited. There is interest in seeing how it can further integrate with Cisco Identity Services Engine because there is scope there to allow people on the environment via the VPN, but also restrict what they can access or not based on their profile. Those two can work a bit closer together.
Cisco Secure Access was deployed internally for approximately 2,400 users in April of last year.
Cisco Secure Access is stable and reliable if certain features are not used. Initially, SSL decryption was enabled, where certificates are decrypted, and when that was turned on, the performance was very unpredictable, plummeting significantly. In the end, it had to be turned off, and since it was turned off, there has been a great experience. It is understood that it requires much more processing power to decrypt things before they hit the network, but the unpredictability of the performance was only realized once it went live, and it had to be immediately pulled.
Cisco Secure Access can scale, integrate with other solutions, and meet the needs of users. Many things are in the pipeline which suggest Cisco is moving towards more integration and a single point of view, which is positive. There has been indication that Cisco will be looking at the Identity Services Engine integration.
The experience with Cisco Secure Access customer support is good. They have always been reachable, and fortnightly cadences have been established now that things have settled down. Meetings with the actual product engineers working on the solution have also been arranged. When there are more complex issues, they work with the team to pull that data directly from systems and take that back to improve on it and work on it. This has been a very collaborative experience.
Cisco support is rated an 8 overall. From feedback received from the team, it is between an 8 and a 9.
Positive
An expedited deployment of Cisco Secure Access was conducted. A proof of concept was run in December 2024, and then the solution was deployed between January and March, which was very quickly because the Check Point contract was ending on April 1st. It was quite a quick, speedy move, but support was provided all along the way with the managed service partner as well as Cisco, so the delivery was successful.
The price to value from Cisco Secure Access is justified. Money has been saved by moving to one vendor, and that has been a material cash saving that was able to be handed back to the business. It has not only been a better solution overall, but also been cost saving, which is unusual—too good to be true at one point, but it has delivered. Approximately half a million pounds a year is the amount that has been saved.
AI Assist is quite good at how it can collect information from various sources and pull it all together to give an answer. It can also resolve issues further down the line, so it appears quite powerful.
Cisco Secure Access is rated an 8 overall. It is good at what it does at a fundamental level, but when it comes to trying to customize it slightly for what is needed, because it is a cloud-based solution, it is much harder. There are some features that are missing from it that used to exist in the older platforms. The overall review rating for Cisco Secure Access is 8.
The major purposes for which my clients are using Cisco Secure Access are banking systems and the post office.
The biggest advantage of Cisco Secure Access for my clients is mainly the security system, such as system vision. Most importantly, routing and switching, especially all the top of rack switches, provide significant value.
When discussing the integration of CASB functionality with Cisco Secure Access, we are talking in Egypt about multiple layers of integration, not only for Cisco products, but with other vendors such as FortiGate and Palo Alto. In Egypt, we implement a double layer of security filtering between multi-vendors to ensure effective filtering. Multi-factor authentication also supports this at the Cisco layer.
Cisco Secure Access provides secure access via standard HTTP/2 and optionally QUIC protocol, which is important because it adds an advanced layer of security plus identity access management of Office 365. This means we are not dependent on one layer of identity access management system, which adds another layer of protection from Cisco.
In terms of negative aspects of Cisco Secure Access, it is not easy to manage everything in Cisco products. It requires a high level of professionalism and expertise from a Cisco administrator because the command-line interface is easier to handle, but the GUI is more complicated than other products.
I believe that Cisco could add some new features to the product in the future, such as integrating more with SOAR solutions and SIEM solutions.
I am a service provider with Cisco Secure Access.
Cisco Secure Access is a stable and reliable product with approximately 99.9% uptime and reliability.
Cisco Secure Access is very scalable. Cisco has a great benefit in that you can integrate with other solutions in an easy way because it has a lot of protocols to integrate with others and sophisticated steps that we can apply for integration.
I am happy with technical support from Cisco regarding Cisco Secure Access. They address all our questions and technical specifications. They provide answers and solutions effectively.
Regarding the deployment procedure of Cisco Secure Access, I cannot say it is straightforward, nor can I say it is complex. It depends on the design. However, overall, if you have someone at Cisco who knows the design procedures and the main objectives of Cisco Secure Access, it is straightforward and easy.
The return on investment in Cisco Secure Access is significant. With both wireless and security systems, it provides substantial savings in time, data loss prevention, and management of protection. If you are using other products and you are attacked with ransomware, you will pay a lot of money and have limited protection. Protection has a price and also has a benefit.
While ROI varies from customer to customer, regarding time saving, it can reach up to 30% savings. This is based on the processing time and retention policy of Cisco Secure Access, which is more than 30% better than others.
When considering the price of Cisco Secure Access, it is higher than others. However, you pay for what you have. You pay for something that has value, so you have to pay more money.
If I were to rate the price of Cisco Secure Access from 0 to 10 points, I would give it an eight.
When I compare Cisco Secure Access with other products such as Huawei, IBM, or HP, I would say Cisco is the leader. It is at the top because Cisco Secure Access technology depends on analysis, decision-making, and protection, whereas others just introduce a function. It is integrated with AI in recent days. Cisco has the top engine of AI to inspect any type of intrusions, whereas others do not. Cisco is a strong leader in this position, especially when talking about Cisco data centers.
The integration of Cisco Secure Access with Cisco Talos positively impacts threat detection and response capabilities. It can inspect many attacking and intrusion systems. It provides us very early detection for threats and has great integration between SOAR and SIEM solutions. We are using QRadar in a SIEM solution and SOAR system. This makes a very important integration between them.
Cisco Secure Access protects from phishing attacks and ransomware effectively. First, we separate the data center databases or data center applications into a separate VLAN and monitor all these systems through XDR. XDR makes an inspection for any unusual behavior that can be detected and isolates all network devices or infected devices from the main network to avoid the spread of ransomware throughout the network. XDR is the most effective solution we are currently using, plus the multi-layer of protection from firewall and SOAR system that detects these actions and makes an isolation for the attack and provides detection for how to deal with and respond to this attack.
I give this review an overall rating of nine out of ten.
I am not fully migrated to ZTNA yet, and I still have use cases for VPN. The good thing about the VPN as a service is you don't need to build the VPN gateways on-premises in multiple locations. You can just send the VPN session to Cisco Secure Access, and it will terminate all those VPN sessions. You can also enforce the security policies right there.
Since you can build multiple tenants or organizations under one bigger umbrella, it is really good to have. In one place, I can create multiple sub-organizations where I can have different policies or enforcement policies.
I can provide more advanced security features for my customers because Cisco Secure Access is built in the cloud. I don't have to worry about managing the security enforcement or the behind-the-scenes operational aspect of Cisco Secure Access, as that is being taken care of by Cisco. I just need to build the tunnels, and it has resiliency in multiple data centers. It gives me increased availability in the tunnels since I can build multiple redundant tunnels across different data centers.
I would rate the AI Access features of Cisco Secure Access really highly because it can give me a deeper insight into what actions were taken by AI, what access, from where, the source, the destination, and what kind of action was taken. I can see the audit trail of every action taken from the source to the destination.
VPN as a service is another valuable feature.
I have used ThousandEyes to provide deeper visibility from the user location all the way up to the cloud applications. It lets us build ThousandEyes agents where the test will be performed, and I can see the visibility of the user's experience on each application from all the ThousandEyes agents up to the end application. I can see what kinds of issues there are, such as packet loss or latency. I can really see deep into that part.
It really makes a difference because it will give you advice when there is a security policy misconfiguration or something missing. It will give you some points to go and correct the policy configuration based on the observed traffic pattern.
The licensing is a bit expensive for some features of Cisco Secure Access compared to other competitors. I would have liked it to be more competitive.
I am more on the side where I connect to Cisco Secure Access, instead of dealing with the deployment. I don't have much insight into the deployment phase, but from what I can tell, the connection and the setup look more straightforward and less complex.
One of the challenges with Umbrella, for example, is you cannot build private access with secure private access. Also, it does not allow inbound access. Everything is outbound. That was one of the limitations, and so far, Cisco Secure Access has been great.
I would rate this solution an 8 out of 10.
In my previous role, we managed the IT infrastructure for U.S. military base schools worldwide. We implemented Cisco Secure Access primarily as a cloud-based firewall replacement. Previously, we utilized a centralized architecture with Palo Alto firewalls in a U.S. data center, which meant all of our global traffic had to be backhauled to the U.S. before going out to the internet. We rearchitected the network to enable local internet breakouts at every individual base. Instead of deploying expensive physical firewalls at each local site, we deployed Cisco Secure Access as our cloud firewall solution. Now, local traffic routes directly up to Cisco's cloud for filtering before reaching the internet, ensuring our users are secured regardless of their geographical location. I still closely support customers utilizing this architecture.
Cisco Secure Access has definitely helped our organization. All our users are now basically VPN users, and it has made things much smoother compared to the old way we had things set up. I would say it is a big plus.
It has cut incident response time at least in half. The extra analytics allow me to make more informed decisions. For example, I have users who are sometimes children because we have military bases across the world that are schools. When a child brings a Nintendo Switch to school and it joins the network, it looks to our cybersecurity team like a rogue device. Having the analytics to track that down and identify the exact device and the user it is assigned to really helps incident response time go down much faster. Now, from headquarters pinging the base, pinging the tech on site, and the tech walking into the classroom to remove that device from the network, everything is much quicker.
The actual technology itself is valuable. Cisco Secure Access functions as a cloud firewall where there is no real need for on-premises firewalls for many client devices. This feature is excellent because I no longer need million-dollar Palo Alto firewalls sitting at a data center where I would be forced to route all traffic through an MPLS circuit to those firewalls for filtering before getting to the internet.
Cisco Secure Access takes on the responsibility of filtering traffic, and I do not have to deal with hardware anymore. When hosting my own firewalls, I had to worry about upgrades, maintenance, and license costs for physical Palos. With Cisco Secure Access, I do have license costs, but they are very streamlined with their new smart licensing features.
From a network perspective, it makes management easier for my network operations team. Previously, I had complicated, complex, high availability meshed firewalls. Now I can have a single pane of glass solution where I can still get all URL filtering and content filtering done through web access. I no longer have to worry about hardware and setting up high availability pairs for physical firewalls. I am just focused on putting a client on the user's machine. Even if I do not want to put a client on a machine from an operational perspective, I can pair Cisco Secure Access with other Cisco products like SD-WAN. Even without the Cisco Secure Access client on actual laptops for the organization, I can still filter that traffic from the router level by telling my Cisco router that its next hop is the Cisco Secure Access cloud for filtering.
Coming from an environment primarily using Ruckus and Brocade at the Department of Defense, then switching to Cisco Secure Access to meet the zero trust requirements set forth by the Pentagon has been tremendous. It checks most of the boxes. I would say it is probably a little weak in the area of IPv6 still. I have actually gotten the chance to talk with the actual developers developing Cisco Secure Access at Cisco. There is still a lot to be desired in the IPv6 realm, but from what the developers are telling me, it is coming in the near future.
As I left the organization, we were getting into using more of the policy verification feature to help us since we have our hands in a lot of different areas at the Department of Defense. Policy verification definitely helps a lot because sometimes there are too many people making policies.
Cisco Secure Access provides great visibility with a single pane of glass. The data is actually useful, and I can make decisions based on it rather than just receiving raw data. For multi-organizational sites, it is absolutely a great tool.
The artificial intelligence assistance is tremendous. If I do not know something, I can use the Cisco AI to ask how to do something or how to get something working, and it will step-by-step tell me or point me in the right direction on what I need to do. On-premises solutions do not really have large language models or AI built into them, so I would be left needing to know what I need to do. This feature helps a ton.
Cisco Secure Access is probably a little weak in the area of IPv6 still. I have actually gotten the chance to talk with the actual developers developing Cisco Secure Access at Cisco. There is still a lot to be desired in the IPv6 realm, but from what the developers are telling me, improvements are coming in the near future.
After talking with Cisco, I was told that features are coming. The AI will actually be able to help generate reports that we want to see for certain executives. There is still a little to be desired, but it is coming.
I do not think IPv6 support is fully there yet. I think Cisco is heading in the right direction, but to really get to that true zero trust autonomous network as described in the Pentagon documents, there is still some work to do. Cisco is definitely heading in the right direction though. There are feature sets that definitely help streamline many processes and get me data that is actually useful. It is not those other products where I get a lot of garbage data that is not useful. Cisco Secure Access gives me data that I can actually use to make a decision on a zero trust network.
I want to see better IPv6 support and continued support for AI with constant improvements. If I could get to the point where I can ask the AI how to do something and it becomes agentic AI that actually starts doing things automatically, that would be incredible. For example, if I could tell the AI that I do not want any of the students in the classroom getting to facebook.com and it goes into Cisco Secure Access and automatically blocks it, that would be amazing. With agentic AI doing things for me rather than just telling me how to do it, I would not have to spend millions on people who are only certified to use this product. I could have lower-level techs who do not necessarily know how to do something but know how to talk to the AI to get things done.
I have been using Cisco Secure Access for about three years.
We did run into an issue with URL filtering where it would not filter a site properly. It took months to resolve by Cisco, but that is the only hiccup I would say there has been.
The customer service is amazing. I call, get my ticket, they pick up, work the ticket, and the issue gets resolved about 9.5 times out of 10.
The initial setup was pretty straightforward. If there were any complexities, Cisco was right there with their support to help us. I would say it was pretty simple.
I definitely got my money's worth already with Cisco Secure Access.
A single pane of glass solution was important to me. Cisco Secure Access was just cheaper than putting a Palo Alto firewall solution at every school or using Prisma, their secure solution. It just worked out to be better. The integration into products like ICE, DNAC, and SD-WAN was a lot better on the Cisco side because Cisco to Cisco integration is better than Cisco to Palo Alto. Product integration among the other Cisco products we had was just better overall.
I would urge any customer to look up their numbers and see what works best for them. It is not always going to be the Cisco product that works best. Sometimes the Cisco product is the nicest product out there, but that does not necessarily mean it is going to be the best. Look at what works for your organization and go with whatever your staff feels most comfortable with because at the end of the day, your staff is going to have to support that solution. No one wants to support something that they do not really want in the first place. My overall rating for Cisco Secure Access is 9.5 out of 10.
Our main use cases for Cisco Secure Access would be to allow secure access to our corporate users and to securely authenticate to the network.
My favorite AI Access feature would be to assist in troubleshooting. That would be the main use case for most AI on most of the Cisco platforms. It comes in handy as far as helping get visibility and to help speed up the resolution time.
Right now we do not leverage VPN as a Service. We are leveraging SASE, which is Secure Access Service Edge. That is what we are mainly using in our environment.
The feature that I like the most about Cisco Secure Access is the ability to use various different endpoints for the end users to have the same type of connectivity wherever they are.
The feature is great because it allows us to travel, work remotely or work from the office and have the same level of security and connectivity as if we were at the office, but from our home or from elsewhere.
For Cisco Secure Access, we would leverage the AI Assistant just to see what it can provide for us. But for the most part, we are still leveraging it manually, doing manual debugging and troubleshooting.
I do see it as a promising feature because it has a lot to offer since the AI model inside of Cisco Secure Access has visibility into our network and our Secure Access network. Once we get everything rolled into it, we will be able to optimize it and utilize it a lot more than what we are right now.
For policy misconfiguration, it is a great step and another great troubleshooting tool aside from the AI. With the policy configuration, it will allow us to see if someone is trying to join the network and how come they are not able to join the network. It will give us the exact configuration that we would need to go back and look at to allow this network connectivity to take place instead of looking at it from square one, doing packet traces and troubleshooting the logs.
Most of the Cisco AI offerings are relatively new and do not have all the bells and whistles. It is not a full ChatGPT, so it is kind of in its baby form still. For the most part, we are still not leveraging it fully because it is not exactly fully mature yet.
For right now, that is the case. But in three to four years, it will be a lot better and will be able to integrate with most of the other products. Because right now, it is still in its baby form.
A good feature that Cisco Secure Access could improve would be to automate the deployment further, even more than what it already has. For example, on our platform SD-WAN, if we can get a full automation to where we are not building templates anymore and are just letting AI do it, leveraging that AI Assistant, if it ever gets there or once it gets there, that will just help the migration with just a few clicks instead of having to do all the templating and the whole workflow.
I have been using Cisco Secure Access since this company, so for about six months.
My thoughts on the stability and usability of Cisco Secure Access would be I would give it a ten out of ten. It is essentially the same as Umbrella and the workflows are very similar. Personally, I have not noticed any bugs or anything like that, which is a huge plus.
Right now we are still leveraging the multi-organizational feature in Cisco Secure Access. We mainly just have our organization since we are a healthcare organization. Whenever we look into wanting to expand our reach into other organizations, we have not gotten there yet. We still have to look at the documentation to see how that would affect our network and our data. We have to be mindful of the customer's data, so that is something that we are going to have to pay attention to closely before we just roll out.
We are able to expand Cisco Secure Access using the templated workflows that we have in Cisco Secure Access. We are using it for SD-WAN. We would essentially just reuse the same template to various devices, and it is just as seamless as integrating the router itself on the network. It happens together, which also increases its use case and integration in our network. It makes it a lot easier to do.
My experience with the customer support with Cisco Secure Access would be great. We are only working with our account manager who has a specialized person that comes in and helps us out. So far, I have no need to open a TAC case with Cisco Secure Access. That goes back to my previous statement that there have not been any bugs or anything. Everything is pretty much working according to the plan.
I would rate the technical support ten out of ten. Hands down.
We did upgrade from Umbrella to Cisco Secure Access. That is correct.
The move from Umbrella to Cisco Secure Access has been great. Cisco Secure Access has more features available to it and it is a nice and easy migration from Umbrella to Cisco Secure Access.
We leverage the SD-WAN platform. We will just build a tunnel to Cisco Secure Access, build our policy there, and then just shift the customer's data to the tunnel pointing towards Cisco Secure Access rather than Umbrella. The migration is very seamless, which I appreciate.
What worked in our deployment with Cisco Secure Access would be that it is a very similar deployment to Umbrella. It is essentially the same workflow, but we would just point the tunnel and create it on Cisco Secure Access rather than Umbrella. The workflow is essentially the same, which also helps with its integration in our network.
At the company where I am now, we are using Cisco Umbrella and we have always been using it. That is all that we have ever known at this company, which is still pretty good.
There are other products out there such as Zscaler and Netscope which offer a similar service. But we prefer Umbrella and Cisco Secure Access because it will integrate seamlessly with our existing Cisco products and it will make our automation much more seamless. It will integrate a lot easier with Umbrella and Cisco Secure Access.
We did not use any other solutions due to the fact that we are a Cisco shop. Personally, I used to work for Cisco, so I am very familiar with onboarding networking environments to both Umbrella and Cisco Secure Access.
With using ThousandEyes with Cisco Secure Access, we have not gotten there yet. As I mentioned, we are still kind of rolling it out. We are still integrating most of our networking components into it in phases. We are not there just yet.
I would recommend that other companies use Cisco Secure Access if they are a largely Cisco network. If they are using Meraki or routers, Palo Alto firewalls or any other vendor, or if they are vendor agnostic, then I could see them using Zscaler or whichever. Companies that would best fit for Cisco Secure Access would be a Cisco-centric company that uses Cisco routers, switches, and Meraki. Those companies would be the best fit for Cisco Secure Access.
The biggest point of investment for Cisco Secure Access would be that it is more efficient or I would say it offers a bit more for our network than Umbrella. There are more features available to it. Right now we are still getting used to Cisco Secure Access. We have not gone through all the bells and whistles yet. Right now we are just building the basic firewall policies and data loss prevention policies, and then once we get our baseline done, then we are going to hit the extra bells and whistles that Cisco Secure Access has to offer.
Honestly, given that it is still so new and I am at my company where we are still rolling out SD-WAN and still doing a lot of these things, Cisco Secure Access has been good. It is mostly pretty much empty and we are still just filling it in. It is working pretty well right now. We have not seen any issues. I am pretty satisfied with the product. It has not crashed and it is still highly available. I give Cisco Secure Access a rating of ten out of ten.
Cisco Secure Access serves as our main remote access tool for all of our users, which number about two and a half thousand endpoints. Our primary use case involves deploying Cisco Secure Access across all clients for connectivity, as we are a very remote organization, mainly in the UK, with many people accessing from three main sites, including working from home. Additionally, it supports all of our internet connectivity from our offices, and all of our laptops have the remote agent, so it is essential for that as well.
We have implemented the ZTNA in Cisco Secure Access. We have adopted both client-based and clientless options within Cisco Secure Access. We currently have about five or six services on a clientless basis, which aligns with what Cisco recommends, and we are working to put more behind that. The client side consists mainly of some legacy private applications that remain on-premises that we have not yet migrated to clientless.
The features of Cisco Secure Access that I appreciate the most include the posture assessment side. Being in security, I value being able to get an end posture assessment on the device to ensure it has the latest updates and can take action against devices that do not meet core requirements. Furthermore, ZTNA access is a key area that we are currently migrating to.
The benefits of these features for my company include providing flexibility, which is a primary concern for us. Security keeps all of our users secure while allowing flexibility in their work locations, ensuring they receive the same policies and centralized control regardless of location. This gives us peace of mind that we maintain control from end to end.
To improve Cisco Secure Access, I believe there should be better clarity from Cisco regarding where organizations should focus their investments. When we onboarded a year ago, we fully adopted the VPN client; in hindsight, we might have done a split focusing more on ZTNA. The direction felt unclear at the time, and after attending two or three Cisco Lives, it seems ZTNA is the main focus, yet Cisco does not provide adequate guidance on best practices that align with other organizations. There is a noticeable gap in engagement from customer success managers about upcoming features and tools. Additionally, integrating with other third parties is essential; I see limitations in our Cisco XDR platform's integrations, and consolidating everything into a single pane of glass would greatly enhance visibility. Although AI Canvas is aimed at addressing some visibility issues, they seem to be behind and require more time for development.
I have been using Cisco Secure Access for just over a year.
I would evaluate the customer service and technical support as very good. Although technical support has been hit and miss at times, with some technical cases taking weeks for comprehensive feedback and necessary improvements, we have also submitted feature requests that resulted in visible changes. With our established point of contact within Cisco, our experience has greatly improved; we no longer log all issues through technical cases, as we can go directly to our account managers or customer service team, which expedites resolution. Based on my interactions, I would rate the customer service and technical support an eight or nine.
Positive
The main factors that led me to choose Cisco Secure Access after Check Point included cost; Cisco was substantially cheaper, and we also had a poor experience with Check Point, which we found unreliable. We faced constant tickets and multiple versions of the same client causing inconsistent user experiences, leading to difficulties in product cohesion. Ultimately, cost was the most persuasive factor.
The deployment process of Cisco Secure Access was straightforward. Deploying the client itself was very straightforward. We encountered a few teething issues mainly due to integrating with all our data centers and replacing our firewalls simultaneously with FTD firewalls; however, Cisco Secure Access deployment itself was simple.
The biggest return on investment from Cisco Secure Access, from my perspective, is the end usability from a client perspective. The end user experiences no interaction—they simply see that it works. Ticket numbers are very low, and it operates smoothly. It is one of those tools that needs to work right out of the box, and thankfully, it does; it is reliable, and the setup time was quick and straightforward.
My experience with the pricing, setup costs, and licensing of Cisco Secure Access has been very competitive overall; it is cheaper than what we experienced with our previous renewal, which influenced our decision to switch. Overall, it has been a very positive experience.
In the process of choosing Cisco Secure Access, we considered only two options: renewing with Check Point or switching to Cisco.
The impact of the Secure Access deployment on help desk ticket volume and the end user experience has been a big improvement overall. We previously used Check Point, and migrating to Cisco has been a very positive experience. Our account team on the Cisco side has played a significant role in our customer success journey, resulting in low ticket numbers; after an initial peak of incidents due to teething issues, we now experience very low ticket numbers on a day-to-day basis.
Regarding the AI Access feature of Cisco Secure Access for providing deep visibility and control over AI applications, tools, and large language models, we are not currently using it as we do not incorporate any application layer integrations within Cisco Secure Access at the moment. However, it is something we are working towards, as I believe it is a relatively new feature. The AI Access feature is on our wish list, and we certainly intend to implement it. We know we need to do more around the DSPM functionality, which Cisco is working on, so as that stack builds from Cisco's side, we will look for an entry point to ensure full coverage that the tool provides. Currently, it is probably a little early for us to jump in, but in six months, we might consider it.
We are not using the Hybrid Private Access feature for varying enforcement locations of ZTNA private traffic; we are aware of it, but it requires integration with Security Cloud, which we have not completed yet. This feature is on our wish list.
We do not use the DEM feature, which is Digital Experience Monitoring, but we utilize ThousandEyes, which is installed on the Cisco client.
Transitioning to Zero Trust and least-privileged principles has been made easier from some perspectives with Cisco Secure Access. The identity-first approach is a significant part of this journey, and I know Cisco's ongoing improvements over the next twelve months will benefit this process. The traditional VPN is phasing out, with ZTNA being the new standard; however, some of our legacy infrastructure poses challenges in fully adopting ZTNA.
For companies considering Cisco Secure Access as their main solution, I advise starting the conversation early. Transitioning is not straightforward; it takes time. With all the ongoing changes in the product and AI integrations, early planning is crucial. While migration can occur quickly, incorporating add-ons and extras requires more time to effectively integrate into the product. We still have not fully utilized features we have had for a year, as we are still assessing their impact and exploring potential duplication with existing tools.
Regarding how Secure Access has helped prevent users from uploading sensitive and proprietary information to LLMs, we have not utilized that feature; we currently use Microsoft Defender Purview for this purpose. I understand it is a relatively new feature in Cisco, but we have not adopted it to that level yet.
I would rate this product overall as a nine out of ten.
Our main use case for Cisco Secure Access is providing security for hybrid and mobile workforces. One of the big challenges these days is the fact that you will have users in the office, working remotely, and all will have different access policies.
You will have users that will be technically hopping between offices, remote work, and working on the road. The trick is determining how we can have a single, consistent security policy for those users. Cisco Secure Access helps us with that quite a bit.
We did our first pilot deployment of Cisco Secure Access about three years ago, and we have deployed it successfully at several customers since then.
The VPN as a service is the feature that we like the most and the one that our customers like the most. Historically, you would have to maintain a firewall or other local VPN concentrator device. With Cisco Secure Access, now you can VPN in directly to Cisco Secure Access cloud, have that security policy applied, and then get directed either to the internet for SaaS apps or cloud services or to local on-premises resources through Cisco Secure Access system.
AI Access feature is a relatively new feature in Cisco Secure Access, but it is one that has become very important, especially in the last year or so, as end users have started to make a lot of use of the big AI tools, ChatGPT, Claude, and all that. There is now a big concern about those users putting inappropriate information into them, confidential information, regulated information. Being able to more tightly control what models my end users use, what services they use, and what information they submit has become a major part of end-user security in general. With Cisco Secure Access, I can do that whether you are in the office, on the road, or working from home. I can ensure that wherever you are at, you are not using AI models inappropriately and exposing us to risk.
Digital Experience Monitoring is for Cisco Secure Access and really any kind of SASE deployment. You need to know how the users are using the system and what their experience is so that it is easier to troubleshoot. Because you could have users anywhere, how are they getting access to the resources? If they are having problems, how can we help troubleshoot that? ThousandEyes integration with Cisco Secure Access is a pretty comprehensive visibility tool. It works everywhere from, for example, a work-from-home user. Are they having poor connectivity? ThousandEyes will let us see that it is their home network. They have bad wireless signal. We can work with them to fix that. Alternatively, it reveals problems with their internet connection. Or if they are traveling, what is the total visibility within the entire path between them and the application, whether it be a SaaS app, locally hosted, or something hosted in Azure, AWS, or any of the big cloud providers.
These days with supply chain attacks being a major problem, being able to vet anything that is downloaded by developers, by end users for business use, is almost a requirement these days. With Cisco Secure Access, because I can do that, this goes back to that security anywhere for any user at any time. Being able to ensure that we have that coverage for someone working from home, someone working remotely, someone on-premises, keeps that supply chain risk low.
I think it is a matter of especially keeping up with the times. I mentioned AI defense earlier, but as AI use and especially as we get into agentic AI use, seeing how Cisco Secure Access works to control those agentic uses especially is important. I think that is where we expect the big improvement to be.
I have been working in IT consulting for about 22 years.
It has been rock solid and stable. I can only think of one service disruption that I have seen with it in the last several years we have been using it, and that was really only for a very short amount of time.
Cisco Secure Access is a very scalable solution. Being cloud-native, scalability is really built in. The user management controls work well even for our larger customers with large numbers of users. I would say scalability for Cisco Secure Access is a very strong point. It builds on Umbrella, which is a highly scalable security solution. We see that there as well.
When we have had problems, they have been very quickly resolved. The support engineers have always been of a high quality. The only bad experiences we have had were really sort of when the platform launched and I think even Cisco was still learning how to support it.
There was no single solution before. What we were doing before Cisco Secure Access was just a traditional on-premises VPN or other standalone remote access solutions, which was always, I think, a management headache. Multiple products were needed for different use cases. Moving to Cisco Secure Access really helped consolidate all that into one overarching end-user security platform.
Overall, it has been a fairly good experience. Deploying Cisco Secure Access, because for a lot of customers they started with Umbrella, and it goes back to that same operational model, that same user interface, the same configuration model, has made it probably one of the easier SASE solutions to deploy compared to some of the other vendors out there.
For our customers, it has been a big time saver in terms of policy management. Because now, I do not have to maintain separate policies for my remote users versus my on-premises users or people in a hybrid environment. For our customers, there has been a pretty good ROI and pretty quickly too.
For our customers, it has been a big time saver in terms of policy management. Because now, I do not have to maintain separate policies for my remote users versus my on-premises users or people in a hybrid environment. For our customers, there has been a pretty good ROI and pretty quickly too.
Pricing for Cisco Secure Access has been very reasonable in the context of the entire world of SASE solutions. Setup costs for customers coming off of Umbrella, because of the fact that it is an evolution, the setup costs for our customers have been low. A little bit higher for greenfield, but Umbrella has always been a fairly easy product to turn up and Cisco Secure Access sort of continues that. Getting customers up and running with it is pretty easy and not too expensive.
The other solution that we considered heavily was Palo Alto's Prisma Access, or what they call Prisma SASE now. What we found is that with Cisco Secure Access, it was a much easier on-ramp for our customer base. It was easier to get that quick ROI.
One of the things about policy verification is with Cisco Secure Access and modern security products in general, policies can become very complicated, very quickly, especially once you start doing role-based policies. To have a tool that helps you validate the policy before you push it out to the end users ensures that the end user satisfaction is higher, fewer complaints, and fewer headaches for the IT staff when making big policy changes.
It is a solid 10. It does exactly what we need it to do. It does so in a way that is easy to manage, easy to control, and gives us the information that we need to make sure our end users have a good experience wherever they are working. My overall rating for Cisco Secure Access is 9.
The biggest advice I give to anyone looking at Cisco Secure Access or really any other SASE solution is a lot of planning. SASE deployments tend to be complex, and while Cisco Secure Access does a great job of simplifying things compared to some of the other vendors out there, a good solid project plan, a good solid assessment of your needs before deploying is always something that I would recommend anyone does.
The use case depends upon the vertical, such as manufacturing or enterprise. Mostly customers are looking for secure remote access to their applications. They may have a vendor ecosystem where they do not want to install any client. If they are looking for a clientless VPN like ZTNA, Zero Trust Network Access, that is where it fits. Mostly they want to move away from the centralized filtering point of view, even if it is a proxy. They want to facilitate access wherever they are geographically distributed. Because Cisco Secure Access PoP is there everywhere in major regions, this helps.
If they have a use case of a user sitting in an office and a user sitting remote, and a vendor accessing their applications from outside their network, you cannot expect anything installed in the vendor laptop, which is a non-domain laptop. That time, you need to have a solution that supports secure access of that application for that vendor who is sitting outside the network and is not a domain user.
Private application access is definitely there with the resource connectors. The concept of resource connectors is there to ensure the backend traffic from the application to the user. I have use cases, but I mainly worked on SaaS web traffic where I position SSE. Internal traffic is there, but not much discussion. It is hybrid only. There are customers who are adopting data center and coming out from cloud to data center, and vice versa. Definitely it will be Hybrid Remote Access.
The price and license for Cisco Secure Access are fine. Cisco documentation is always good. As a product, in terms of Cisco SSE, I appreciate the feature set. It is simple. The product is giving whatever you need from a customer point of view. Suppose point A to point B if you have to send data, you need not worry about anything such as your data might get compromised or somebody can do a middleman attack because everything is secure. They are sending the traffic encrypted and categorizing the traffic based on the type, whether web traffic or internet traffic, and doing the security mechanism that is needed for the traffic type. You can tick mark that flexibility is there.
Cisco SSE has an AI model, so you can write the policies if you just write it in plain English, it can do that. It can also drill down to AI Canvas, which is the new product that Cisco has launched.
I sold ThousandEyes and had done proof of concepts. ThousandEyes is a good product. However, the major flaw for ThousandEyes is the way they are calculating and giving the costing to the customer. The way the units consumption pricing is structured is not that great. That is the biggest flaw, and that is where people are not adopting it. The success rate of ThousandEyes when going with a digital monitoring concept is that it will address from endpoint to the application level and cover all domains. However, the way you are structuring your pricing with respect to the consumption of the units is a major issue. The pricing structure is not good in ThousandEyes. Apart from this, it is a good product. It can identify the issues related to an endpoint, if it is a remote user, if it is an internet issue, or if it is an application issue. The HTTP response time and latencies, everything it is giving. However, when a customer is trying to adopt it, the pricing structure is not good.
I have been using the solution for one and a half to two years.
Performance is addressed in a different way. Suppose I have a user in a branch in Europe, or if I have a branch in Australia or if I have a branch in India, they are sending to the nearest PoP, SSE PoP. You can form a tunnel from your branch. In that case, the connectivity reaching out to Cisco Secure Access PoP is being addressed. They are having redundancy also because it will have two tunnels. If this tunnel fails, still you can reach out to Cisco Secure Access cloud.
Cisco TAC support is better compared to any OEM. That is what I feel. However, what happens with the TAC engineers is once their shift timing ends, they will just exit the call. Again, we need to explain to the other engineer. Even they will not refer much to the notes captured by the previous TAC engineer, and we are starting again. When their shift is done, they close the call. That is not proper support.
Positive
There are some customers who are using VPN still and maybe they are very slow in terms of technology adoption. The flaw of VPN, everyone knows now, and everyone is realizing the flaw because the moment I just enter into the network, I can go and have a lateral movement across the complete IT infrastructure. It is giving the whole access of the particular network. Whereas ZTNA will predominantly give you access as per your role, allowing you to access only that particular subnet or particular URL or particular application. In that way, you are segregating and you are not allowing certain lateral movement. That means they cannot enter into your holistic complete network. That is the basic difference and the basic flaw, and people are realizing it, but few people are not adopting ZTNA in terms of technology.
The setup is an eight out of ten.
We work with Palo Alto and we work with Zscaler, the same kind of thing. Zscaler is the one that started the proxies, the cloud proxies. We are very much aligned with Cisco.
We have done one major project with almost 350 outlets of one of the customers. It is fine.
I am not sure about Cisco Secure Access setup costs as I did not feel any issues. ThousandEyes I can address, but for Cisco SSE, I think the licensing structure is fine and easy to set up, quick, and documentation is good. Everything is fine.
I prefer Zscaler is good. After Zscaler, Cisco is good.
Ask for references and friends feedback. We work with Palo Alto and we work with Zscaler. Zscaler started the proxies, the cloud proxies. We are very much aligned with Cisco. It's a good product, but the major flaw is the way they are calculating and giving the costing to the customer. The units consumption pricing is not that great. My overall review rating for this product is an eight out of ten.
The two typical use cases of Cisco Secure Access are how remote workers securely access both private applications, public applications, and SaaS applications from anywhere.
In my opinion, Cisco Secure Access is a complete SSE solution. The second good thing about it is that it has very deep end integration with other products which are required to improve security, such as multi-factor authentication and NAC products, all coming from Cisco. Whatever the customer use case may be, not only Cisco Secure Access but other applications coming from the Cisco security product line are available without needing to look outside of that ecosystem. Typically, I can just take it from Cisco and complete the entire solution.
From my perspective, it is quite easy to manage Cisco Secure Access.
The Talos integration for threat detection and response capability is a must for any product, whether running a SIEM or XDR. The Talos threat intelligence, which is possibly one of the largest organizations that gathers all this data and sends updates, comes free with every Cisco security product. That is really important because security is not static; it is dynamic. New viruses and malware are emerging constantly. Talos ensures that I get updates of everything being seen across the globe so that I am not left behind.
When it comes to protecting against phishing and ransomware, it is pretty good because all identified signatures and non-signature-based protections get updated through threat intelligence. However, as I said, it all depends upon what your attack surface is. If the attack surface is mail, for example, where the bulk of threats get percolated, then it has to be augmented by additional security layers such as email security. Based on the threat attack surface, you have to protect those also with an additional set of software.
The only negative side of Cisco Secure Access is the mindshare. From my perspective, the greatest positive side of Cisco is that it has a very complete story on the entire overall security requirements of a customer, whether it is end user security, network security, or workload security. It covers it all. Having said that, the customer mindshare of looking at Cisco as a security OEM is pretty low. That is one thing which in my mind, Cisco has to really improve.
The second thing is, of course, multiple panes of glass to manage multiple products. That has been a long-standing demand from customers that they should simplify that, and Cisco is working towards it. The third thing is AI integration. Cisco is also aggressively working on AI integration with their products. Mindshare is one of the biggest challenges of Cisco security products, and they have to increase customer awareness sessions to increase the customer mindshare about their security products.
One big challenge which I see with Cisco is their MDR capabilities. They do not provide it as a service, which Palo Alto does provide. Cisco's policy and strategy is to enable partners so that it becomes partner-enabled services using Cisco products. Whereas Palo Alto provides MDR as a service and Sophos provides MDR as a service, Cisco enables partners such as us to provide equivalent services. However, there are multiple enterprise customers who would prefer to go to the OEM for that service. There are multiple big wins which Palo Alto had in India because of their own MDR capability. If I were to fight as a partner with my capability and Cisco products, I surely cannot fight the might of Palo Alto. That is one area where possibly Cisco has to relook.
With regards to my experience with Cisco Secure Access, I have been working with it for at least two years now.
Regarding Cisco Secure Access, I would agree that it is a 99.9% stable and reliable product.
My impression of scalability for Cisco Secure Access is good. Being a cloud solution, it has unlimited scalability. Scalability is not an issue. You can scale based on the number of users and licenses. You have SIA, SPA, and all licenses. Scalability is not an issue since it is a cloud-based solution.
I believe customer service from Cisco is good and not a problem in India.
Regarding the deployment procedure and installation of Cisco Secure Access, it is straightforward and not much of a challenge.
We usually deploy Cisco Secure Access in our Center of Excellence, and we keep demonstrating that to the customers. It is fine and not much of a hassle.
Quantifying the return on investment depends upon what the use case is and the automation we can build up. We just did some study where, with automation and all of that, we can get almost 30% ROI.
In comparing Cisco Secure Access to its competitors in the market, I think the leader is definitely Palo Alto.
Comparing Cisco Secure Access pricing with its peer group, I think they are still comparable in terms of pricing. It also depends upon how desperate Cisco is to win the deal; they can also go better. When I say peer group, I am talking of Palo Altos of the world, and so forth. They are a little bit on the higher side, but still, when it comes to closure of the deal, they get aggressive and they can meet up with the competitive price points.
I have to study more about Cisco Secure Access's ability to provide secure access via HTTP/2 and optionally QUIC, so I am not aware of this, and I will not comment on that.
Summarizing all that I have told you about Cisco Secure Access, mindshare, multiple panes of glass, AI integration, and MDR are all aspects that could be slightly better. Those are the areas for improvement. Overall, I would give Cisco Secure Access a rating of eight out of ten.
