Cisco Secure Email Reviews

The main use case is simply as a point of contact for all the emails to go through first, before they ever get into the Office 365 environment, so they can be scanned and checked for malware and spam, all before Office 365 even sees it.

We're currently on version 12. Our instance is in the cloud and we don't actually upgrade it, they do it for us. It should be upgraded to 13 in the next month or two.

The last time I checked, which was about a month ago, when I looked at all the emails sent to any of our domains — because we have about 10 email domains, and they all go through the appliance — by looking at a report the solution has, I saw that 84 percent of the email sent to those domains never got to our Office 365, because it was spam, malware, phishing, or there was something wrong with it. So it stopped 84 percent which was bad email. Based on my experience and talking to users, 99.8 or 99.9 percent of those emails that were stopped were spam or malware. There might've been 0.1 percent that was caught by the mistake. But that's 84 percent of email not even getting into our systems.

It has prevented downtime. The simple fact that 84 percent of them were stopped keeps people from having to look at those in their mailbox. If you take 1,000, out of that number 840 didn't even come through. That's less wasted time going through your mailbox and reviewing your messages. It also frees up the users, when they do see something that's not anywhere near normal, to clue in that there might be something wrong. We have had emails get through, phishing emails and things like that — it has happened — but I would say we probably get one through about twice a month, at most. The users will immediately shoot it right to the help desk. "Is this real? Is this spam? Is this something I should do?" There's no way to really put a number on it, because I've never really looked into it, but if nothing is coming through that you didn't want to see, then there's no downtime.

Only in a couple of cases have we had a user actually do something they shouldn't have done before they notified us, but that's training. You never have a perfect solution. Two a month is our average, over the last year, of emails that got through that we wished hadn't gotten through, but no harm came of it because the user notified us, and we just told them, "Delete it." We make sure everything is working right and that there was no malware involved and we let it go.

Also, as far as the IT department goes, it's made our lives a lot easier. We get emails if anything does happen. We've chosen to see any event. We only get notified of exceptions that we want to investigate or we want to look into. That makes things easier because we're not out looking all the time. We can wait for the email to come in.

We can look at the updates and the different changes Cisco makes to the system to see if any of those things is going to help us. We think about whether we want to invest any time in configuring those? And once it's configured, you're done. The most difficult part of that is remembering what you did. So we've learned to do our documentation that much better because we need to be able to go back and read what we did before, what we configured.

Our company might buy another company, so we have another domain to add our list of domains for email. In less than an hour we have all that set up and the whole system working, with emails going through the appliance. It's saved us a tremendous amount of time daily, just in terms of keeping track of things.

It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

Originally, Cisco Secure Email was primarily intended to combat spam. The day we installed it, we immediately noticed a significant difference. Since then, it has proven to be one of the best investments we have made in the fight against spam. However, its functionality has expanded beyond spam prevention. It now includes features such as Data Loss Prevention, quarantining of malicious attachments, compliance with workplace policies, and assistance in battling against phishing attempts.

From a security perspective, our organization is much stronger in the email domain. We have effectively monitored spam patterns, and with the rise of phishing in recent years, our capabilities have further improved. This has been beneficial for our organization since we can identify and prevent specific types of phishing emails. 

We have the ability to customize certain aspects ourselves, which has also aided our organization. Additionally, relying solely on users to make secure decisions regarding phishing emails is not always reliable. Asking non-security personnel to make security-related choices can be risky. Therefore, Cisco Secure Email has been instrumental in relieving users of this responsibility. By implementing specific metrics and criteria, we can intercept and block such emails, allowing the system to handle the workload. Although the process requires some manual intervention on our part, it is acceptable considering our large user base of 9,000 individuals. Cisco Secure Email has played a crucial role in shouldering this burden and has greatly benefited our organization.

The effects of Cisco Talos on our security operations are really good. In the past, there was a philosophy that some security professionals used called defense in depth. It has two dimensions. One is implementing defense at the edge of our network, then progressing further inside the network, all the way to the desktop. We continue to implement security at different points, including the desktop, to ensure comprehensive coverage. Another interpretation of defense in depth is implementing security measures from different vendors. Each vendor has its own strengths, such as better virus scanning or more effective firewalls. By using a mix of vendors, we cover a wider range of potential threats and minimize vulnerabilities. However, I believe this approach is no longer necessary because of tools like Cisco Talos. Talos provides such extensive coverage that it quickly addresses new threats. We no longer need to worry about relying on multiple vendors to catch up. Cisco Talos has been great for our security.

It has significantly saved our IT staff a considerable amount of time. Without it, we would likely be dedicating four times the current amount of time to managing email and spam. Currently, one staff member spends five hours per week on this task. Without Cisco Secure Email, that number would increase to twenty hours per week, equivalent to one hundred hours per month. Thus, I estimate a time saving of around three hundred percent. Additionally, the absence of Cisco Secure Email would result in a three to four hundred percent increase in staffing requirements, as we currently have a team member solely responsible for managing the product on a daily basis. However, the time spent by this individual using the solution is far less than it would be if they were dealing with email issues without the solution. Thus, Cisco Secure Email has had an immense impact.

Cisco Secure Email helps us consolidate some tools. When we installed Cisco Secure Email, we had another email PMDF gateway that had extremely outdated capabilities for blocking things. It was ineffective. Cisco Secure Email surpassed our previous methods by leaps and bounds.

Cisco Secure Email has aided our organization in enhancing its cybersecurity resilience. Without Cisco Secure Email, our cybersecurity posture and resilience would be significantly compromised.

It is our email gateway. We have the Exchange Servers, but the Exchange Servers don't relay directly with the internet. We have ESA in-between, and every incoming and outgoing email must pass through ESA before it gets to the internet.

We are using Email Security Appliance C690, and we have three of them in a cluster. They are on-premise. We have decided not to go to the cloud. It is primarily because most of our clients are government agencies and the government, and they have this suspicion about the cloud. So, right now, we are still on-premise. 

Currently, we are on version 13.8. There is a newer version, but we are yet to migrate to that version.

We use ESA with Security Management Appliance (SMA). We have SMA M690. The integration of ESA and SMA makes the whole work easier. SMA is the central content appliance, and we have three ESAs. The SMA is able to collaborate with the clustered ESAs for log management and other things. It gives some stability in terms of what is happening. ESA keeps a lot of logs, so SMA is able to move through ESA and get those logs out. This integration has really helped us to drive our operation in the email platform.

It does a lot in terms of preventing phishing and business email compromise with DP and Advanced Phishing Protection. DMARC gives visibility for preventing spoofing and social engineering attacks. ESA has been able to help and protect us from those attacks. It is doing a lot of work. Gartner has always rated Cisco's ESA appliance as one of the major players.

It is doing a lot to prevent spam, malware, and ransomware. Everything is also tied to how you have configured it. Some of the spam emails don't get to the customers. We can quarantine a spam email, which gives us the visibility to look at it and see if it is actually spam or not. It is doing its work. It is. There are no false positives. It is working perfectly.

Email service is one of the services that we offer at Galaxy. ESA has improved our business. Our customers want to maintain their business with us for email security. We have over 500 domains on our email platform. It has improved our profitability in everything.

We would have the product at the edge, passing it off to another service like Postfix. It was a platform that allowed us to sell a service to customers, enabling certain clients to email us securely. We used it to take everything through email security, which included policies allowing specific emails from certain domains.

It provided a platform to sell a service to customers.

We use it primarily for filtering both internal and external messages, especially within our Office 365 environment. It serves as our main filtering solution.

The most significant enhancement we've gained is in terms of security through the upgrade we received.

I use the solution in my company for email security. The tool is the email gateway we use for email security in our company. Cisco Secure Email acts as the first level of defense in our company's email security flow. When an email arrives, it first arrives in Cisco Secure Email Gateway, after which it gets filtered there, and then it passes through our Microsoft 365 Defender.

The tool's most valuable feature in preventing security breaches revolves around the area of malware protection that the product provides. I don't use the product much for URL filtering or spam filtering since you need to work with the configuration a lot.

We have a number of different types of customers and organizations who need to secure their environment. These range from healthcare professionals to financial organizations to very small organizations. They have a number of security requirements, whether it's just to secure the actual environment where they're working and also to provide additional services, such as VPNs and remote access for their remote workers.

Most of the customers that I work with tend to be on-prem, and a lot of them go with the centralized management system, FMC, purely because it has larger memory and larger hard disk space, and it can hold reports for a much longer period of time. Also, as their network infrastructure scales, FMC can manage more and more of their devices, and they're not having to manage individual devices. It's all centralized for them. 

A lot of our customers use another Cisco product already, so they have confidence in Cisco products. The firewalls they are currently deploying and using have evolved from their older ASA products. They are now moving to the new Firepower Threat Defense, which incorporates many more features and allows them to get the latest ALOFT download and feeds for any security vulnerabilities and they're able to react very quickly to any vulnerabilities that have been highlighted.

Initially, when the firewalls were first marketed and came onto the market, the visibility wasn't very good. But as the software evolved over time, that visibility has increased a lot more, and that is giving customers a lot more competence in the traffic and the traffic flows that they're seeing through the actual devices, so they can better understand the types of applications that they have on their network.

The good thing about the actual firewall itself is that it can integrate with other Cisco products, such as Cisco ISE so that it allows full end-to-end visibility of connectivity. It gives very good visibility. It's that integration with other products, not just what that individual firewall can do itself.

Talos is obviously fundamental to the actual firewall, reporting on vulnerabilities that are happening day to day. And the regular downloads, obviously, give customers confidence that their products are as secure as they can actually be.