Cisco Secure Email Reviews

I work at S21sec, which is a partner of Cisco in Portugal. We do integration of different Cisco solutions for our customers. Nowadays, we mostly do integration of Cisco cloud solutions for customers.

Cisco Secure Email is the solution that we deploy for customers in Portugal mostly as a backup of an existing solution such as Office 365 because it guarantees that the customer never falls out of options if the main product has some problem. If they rely on having an email solution that cannot fail, that's an excellent option for them to have in place. It's the oldest solution that we deploy for customers in Portugal. It has a very nice history and very good quality. It's perceived by our customers as an email solution that functions all the time.

One benefit is the resilience of the solution when implemented in conjunction with other solutions, and the other one is the new features that Cisco is adding to the solution itself, such as awareness of advanced phishing threats. The environment that Cisco is building around this primary product in its catalog is helpful.

We offer almost all of the Cisco Security solutions, but recently, we've been working more with cloud solutions. It's easier for customers to adopt them. We also continue to deploy some of the firewall solutions with the physical devices and also email protection solutions either with the VM solutions or with the physical appliances. We've been seeing evermore integration of the products based on the browsing console, which is very nice for customers because they only need to have a browser to access all the different consoles of different products. They can be consolidated with SecureX. It's an advantage for the customer to be able to handle all the different consoles for different integrations that the customer has in one place.

Cisco Talos is a very nice complementary solution to the email protection suite. It gives you the threat intel regarding the latest news and infections that can be problematic for the customers. They become aware of what's happening and any latest vulnerabilities they may have on-prem.

The advanced phishing protection and the integration with the awareness tool that Cisco has embedded into the solution to bring awareness to the customers about the dangers of phishing attacks and other things that come from email are the most valuable features.

Cisco has already improved this solution with some add-ons to the basic product. Cisco is already providing a very good environment with the IronPort solution, but there could be some more integration with other products. For instance, an integration with the EDR solution could be there to raise an alert.

We've been a partner of Cisco for more than 10 years, and we've mostly done integration of solutions. 

We usually give the first line of support to the customer, and then only, we go to the Cisco support. We have a very strong Cisco security team in Portugal, so whenever we need any support, we use those resources. I don't remember a time when I had to open a ticket because the local team has been very good.

Positive

Cisco Secure Email hasn't helped clients consolidate any applications. In Portugal, there's no business for that because what you usually do is implement several solutions that are regarded as the better solutions in terms of the market. In some cases, it could be Cisco, and in other cases, it could be another player. At S21sec, we try to give a better solution to customers and adapt and customize it to the specific needs of our customers.

The main difference between Cisco Secure Email and other solutions is the reliability and the capability to offline the email if there are some problems on the customer side. We can also overcome problems that may arise in terms of the local telecommunication operators that handle the communication. If there's a failure there, we can overcome those problems with the relays from the Cisco solution.

The deployment model varies a little bit. In Portugal, some sectors still rely on on-prem solutions, but we are trying to build awareness that the new solutions relying on the cloud are better for the customers because they don't have to worry about getting new patches and new security updates and patching the infrastructure. They only need to rely on having a service that is provided by Cisco for having the best security. They don't have to worry about the maintenance of the platform itself. The cloud provider that our clients use varies. We work a lot with the banks and financial organizations in Portugal. They are historical customers that don't want to go for public cloud solutions. They still rely on on-prem solutions. They have evolved to having virtualized solutions instead of appliance solutions, but they still rely on having mostly private cloud solutions. They use local providers. We are seeing a shift to global providers but not with all of them.

It's a very modular solution. We have some customers who have deployments all over the world. We clusterize the solutions in each of those locations, and then they connect them with the global management solution. We can manage all the operations of the different clusters spread around the world from one site. It's a very good solution in terms of redundancy even in different geographies.

It's a very easy solution. You can go for a very customizable environment, but usually, for the day-to-day needs of most customers, it's very easy to deploy. You can just customize the options to make it more secure for a customer's environment.

It's adapted to the market. It's similar to other vendors. We at least don't have many problems regarding that because Cisco is adaptable on that side. When we present the solutions to the customers, we tend to achieve the goals that the customer has in terms of the budget for such implementations.

We offer the best solution for what customers intend to do and the type of problems that their business may have. When a solution is adaptable and customizable to the customer environment, customers tend to go ahead with it. Even if it requires more investment, we find a way of getting it to the budget and getting a good return on investment.

To those evaluating this solution, I'd recommend trying the product. Cloud solutions are very easy to use, and you can do a PoC. In a matter of hours or a day, you can deploy the solution and use it fully.

We are Cisco partners. Cisco has a very nice solution and a very good security team in Portugal, but obviously, they can't cater to all the customers. An integrator does that part. With the relationship that we have with the customers, we can apply and customize the solutions that Cisco has in its portfolio according to the environment and specific needs of each customer.

Our partnership with Cisco is pretty close to a 10 out of 10 because we are getting different kinds of solutions. We at S21sec handle just security. We don't do storage, and we don't do servers. We are very focused on security, and the partnership that we have with Cisco is ever-growing because nowadays, for instance, OT solutions are also a very huge concern for us, and what we have seen with Cisco solutions that are being brought to the market is that they also started to handle the new security issues that we find in other sectors. They are not only into IT. They are also going into the OT and the IoT world. They are able to customize and bring new solutions, even some developed insights, by buying other companies and adapting them to the Cisco reality. They are able to devise a product that handles the needs of different kinds of customers in different areas of the business, not just the IT world but also the industrial world.

I would rate Cisco Secure Email a nine out of ten. It's growing up to be much more than just an email protection tool. It's going for the awareness of the customers, and that's a good complementary solution that addresses other problems that come from using email nowadays.

The big use case is filtering inbound messages for spam and malicious messages. Obviously, it's a huge issue for everyone to keep as much of that stuff out as possible.

Users are getting a lot fewer malicious and nuisance messages. When we moved to the cloud product, we added in a service for graymail unsubscribe which we didn't have before. That makes it very easy for people to safely unsubscribe from mailing lists, especially the sort that they have been added to without knowing what the company is. That has reduced the amount of time users waste going through that process and the amount of time IT has to spend responding to questions about what they can do about things like that. In general, it's enabled us to spend less time addressing user issues regarding junk mail. It has also been better about not blocking legitimate messages, which again comes down to saving time for both users and IT.

The migration from the on-prem email security to its cloud email security saved us money, versus where we would have been if we had kept the on-prem with them. Versus the Microsoft service, it was basically a wash. But compared to Cisco's on-prem service, the cost is the same, but you don't have to pay for the hardware and you don't have to maintain the system, as far as upgrades and hardware failures are concerned. It is cheaper to operate on their cloud service than it is to operate with their on-prem service. The hardware savings are from whatever level of hardware we ended up not having to buy. If we had stayed on-prem with it, we would have needed to buy two new appliances that year, appliances which would have cost $10,000 or $12,000. I don't have a good figure on how much manpower we spent maintaining upgrades with the on-prem. It wasn't huge, but we probably save an hour a month, on average, on maintenance.

For maintenance, it depends on what's going on, but there may be a few hours a month for reviewing, reporting, and for addressing any user issues. User issues mainly revolve around things like, "Okay, the user hasn't gotten an email from so-and-so. Check and see whether or not they've got it." But as far as actually maintaining it, to ensure it keeps functioning, it's pretty minimal; maybe an hour a month. The people who handle the maintenance are from our infrastructure group, which is a combination of systems and network functions.

A few of the big features are ones that we found that we missed terribly when we moved over to Microsoft. One of them is simply the logging that they have in the reporting. For example, if I wanted to get logs about emails since last week, from a certain address, with native Office 365 I would have to submit the search requests and I would get an email a few hours later with the results. With Cisco, it's not only a lot more detailed information, but it's nearly instantaneous. So if you have to do any sort of research into an issue, whether it's security or something is missing, it makes that much less labor intensive.

The filtering is definitely better at catching both spam and malicious messages, and there's a lot of extremely granular ability for setting up rules. You can do it the way you want to. The Microsoft solution tends to be pretty limited in how it allows some of that to be done. It forces you into doing it a certain way, even if it's not good for your business process.

The interface is dated. It has looked pretty much the same for 15 years or so. It would be helpful to be able to do everything from one spot. The centralized quarantine and reporting are completely separate from policy administration.

We used it consistently from 2007 to the beginning of 2020, and when we went off of it, it was about three months before we started back up with the cloud option.

We haven't had any stability issues with it. It seems to be good.

I haven't seen any scalability issues. I'm not quite sure how scaling would be handled if we had a truly immense increase, but I haven't seen any challenges with it. We're on the small side so we may not be a good example.

We don't really intend to change our usage much. We use it for all of our inbound and outbound email.

I haven't talked with their technical support much in the last few years. The only issue I've had was a support case for getting command-line access set up. That was fine, but there was virtually no contact about it.

We have had two runs with Cisco Secure Email. We initially ran it on-prem and that started in 2007. It was the same year, or a little bit before, Cisco bought the old IronPort product. And last year, we initially ended up dropping the on-prem, when we were moving into Office 365. Although we were happy with it, the thought was, "Okay, if we move everything to Office 365, Microsoft can handle that. We have their full-blown mail filtering products." We thought it would probably save us some workload, not having an extra product to deal with.

The intent was that we were going to consolidate to a single product when we moved to the cloud for email, and we found out that it didn't work as well as we had expected. We didn't do a direct conversion from the on-prem to the cloud solution. There were a couple of months between it during which we tried the Microsoft option.

We then found out that they were not nearly as good as one would expect from a market leader in corporate email. I then contacted Cisco about what it would cost to do it in the cloud with their products. I was rather surprised to find out that they don't charge anything more to host it, than they do to have you run it on your own equipment. We ended up jumping back into it with their hosted solution, without really planning to. When the cost came back and was as attractive as it was, we decided, "Okay, this Microsoft filtering is not working out. Let's go back to Cisco." We went back to it and it's been working really well, better than it did when it was on-prem, because we don't have to maintain as much of it.

We had been using encryption on Cisco before, but we did end up leaving that with Microsoft, just because it integrates with their Outlook browser better. I'm at something of a toss-up on which one I prefer. Because the Microsoft solution integrates directly with the Outlook client, it is a bit easier for users to manage. But the encryption on it seems to work fairly decently, although it has the same problem that all of them do. There are tons of standards for that. Everyone has their own. It would be great if there was some sort of multi-vendor standard for that but, without it, we moved it over to the Microsoft solution and that seemed that to be a little easier for users.

Because we had those few months in between, we didn't qualify for a license transfer. We had let the initial service lapse and then we brought on the cloud service.

It ended up being a really easy setup for the Cisco cloud product. I was pleasantly surprised how much was already ready for you out-of-the-box.

I found the setup to be straightforward, as someone who was familiar with the management environments. If I had not had the experience with it, there would have been areas that could use more documentation to explain what different sections of the product do. But I had been using it for a long time, so that was not an issue. But I could see that is an area they could put more into. We also had a technical contact available to us for when getting started, to whom we could reach out. But it would be good to add in some more entry-level documentation.

As far as the policy setup goes, our equipment was end-of-life and we weren't at a version that we could migrate from. So we decided to do greenfield for the setup and we're actually happy we did because Cisco's default setup on its cloud product, when they brought up a new blank instance for us, had a really good framework for rules, et cetera. We copied in exception lists and the like from our existing setup and we were up and running in an afternoon.

When we went in, we initially did it as a trial, because they offered a 30- or 60-day trial. We did that to see if this was what we wanted to do. We ended up poking around in the environment a little bit first, because the whole thing was an unbudgeted change for us. When we moved over to Microsoft we found we were having all these issues. We put some resources into trying to resolve them but we saw there were deficiencies in Office 365, when it comes to the filtering of email. We started the trial with Cisco to see if going back to them and their cloud would solve things. We liked what we saw and decided to move everything over. The grass really was greener on that side.

The downtime involved in the migration from Cisco's on-prem solution to the cloud email security was minimal, about 15 minutes. The downtime aspect wasn't especially important since we did it after hours. It's emails, so it's not like anybody was going to notice that it was down for that amount of time.

The learning curve involved in migrating from the on-prem to the cloud email security was pretty easy. The environment really is very similar to manage in the cloud. If you look at the management consoles that you're used to seeing on-prem, and you look at the ones in the cloud, about 99 percent is the same. There are some things that are unavailable because Cisco is handling the software upgrades, but almost all of it that you had on-prem is the same. There are a few extra steps to getting into the command line, they're a little bit weird, but all the policies are identical to the on-prem method. There's not much learning curve involved in switching.

Overall, the migration was massively easier than I expected it to be. We did it on a Sunday afternoon and it only took about three hours.

We were in touch with the technical contact from Cisco for some basic stuff, for getting started.

We were just evaluating between Cisco and Microsoft's advanced threat protection.

We decided not to evaluate anyone else when we saw that Cisco was going to be less expensive than we thought it was going to be. My expectation going in was that the cloud service would cost more than the licensing for on-prem would, because they're hosting it. But that wasn't actually the case. It ended up costing about the same as what the on-prem cost, except that we didn't have to buy hardware anymore, which obviously saves some money.

It's definitely worth looking at Cisco's cloud email security offering. It's surprisingly simple to get going with, and it really is easier to use than the on-prem because of everything they have built into it. It is surprisingly cost-effective.

It's integrated with their AMP product, although that's sold as a part of it. We haven't integrated it with other Cisco stuff at the moment. We've got third-party stuff that we have it integrated with. 

All of our inbound and outbound emails flow through the CES environment and we leverage it for spam filtering, phishing filtering, malicious URL detection, attachment scanning, and data leak protection. It basically covers all of the security layers for email.

It's cut down quite a bit on the amount of false-positive spam that we get. The spam engine that's utilized by CES, we found to be pretty effective. It's rare that things end up in a quarantine when they aren't supposed to be there, which is very beneficial. I believe that was one of the reasons that we moved from the previous hosted solution that we were utilizing to CES.

The malicious URL scanning, as well as the anti-malware features, have been really useful for us in our environment. Specifically, the URL scanning has helped to knock down quite a few phishing attempts that come into the organization. The broader blanket automated attempts get knocked down pretty quickly since those URLs typically get flagged early on, and then the appliance just picks up on those URLs and knocks them down. It is the same with malicious attachments. The malware scanning that's done via AMP, which is deployed elsewhere in the organization as well, just grabs all of that before it hits the inboxes.

We have our email security feeding into the SecureX solution and it's nice to have all of our security platform statistics in one place. We leverage quite a bit of the Cisco security stack and having all of that feed into the SecureX dashboard is great. The dashboard continues to evolve, but it is at least nice to be able to see everything at once.

Integrating this product with SecureX was pretty quick and easy. Both of the solutions are cloud-hosted and the SMA, which is the reporting module that feeds the data into SecureX, was done via the API. The documentation on the SecureX portal walks you through exactly how to add the various integrations.

We leverage the AMP functionality that exists in CES, and it also ties into threat response, which is the threat-hunting platform that Cisco has. The benefits of these integrations were pretty important in the decision to stay within the Cisco product family. The threat hunting and threat response are really nice because we're able to see if something malicious makes it into the environment. Once that happens, we are able to trace that back and find out if that was done via an email, and then grab the information for that specific message. This will tell us if there have been any other indications of compromise on any other hosts. When it comes to being able to do that, having it all in a uniform environment is pretty important.

The UI is definitely one area of improvement because it doesn't match other interfaces and the navigation can be a little clunky. Generally speaking, it is just dated, and I know that they're working on enhancing it for later versions.

They should continue to develop their integration with Office 365 or Hosted Exchange since a lot of organizations, ours included, are moving primary Exchange services to the Microsoft Cloud. Being able to integrate tighter with that environment is important.

I have been using Cisco Secure Email since joining the company.

We haven't had any issues at all with the stability of the platform.

With it being cloud-hosted, it can scale as wide as you need to.

We have roughly 1,000 employees and all of our inbound and outbound emails go through this system. This means that there are several tens of thousands of messages a day flowing through it. We haven't had any sort of performance issues at all with our environment.

Cisco's technical support is very good. We've just recently had a couple of tech cases that we needed help with. We were researching why some of our partner's messages weren't getting through intact. Because this is a hosted solution and they have quite a bit of visibility, it has always been great.

We've never had any issues with support on this platform.

In previous organizations, we've leveraged Postini, which was a cloud-based solution that was acquired by Google. I've also worked in environments that have leveraged Microsoft's Office 365 email spam filtering, and they've been good, but generally, usability is sometimes a problem. It goes back to the UI and then the accuracy.

The amount of spam that is stopped has not always been great. As such, I feel that CES has a pretty good balance in that regard.

As this solution is hosted on Cisco's cloud, we don't manage the underlying infrastructure.

We probably have about eight individuals who work with it. Some of them are within our support organization, there are messaging or Exchange admins, and there are network engineers.

Return of investment is something that is difficult to measure because you're essentially trying to prove a negative. It is difficult to say what it has prevented or what has been stopped from happening. That said, I think the overall satisfaction, at least from the user perspective, is good.

When you consider the spam and anti-phishing components, in addition to the IT benefit of the anti-malware and antivirus, I think we definitely get an appropriate return. Nobody questions the expenditure on the solution as being ineffective.

With respect to transferring policies and licenses, Smart Licensing has really improved the overall licensing model for Cisco. We've been really happy with Smart Licensing.

There are additional fees for adding features. For example, things like AMP are additional licenses. Because it's all done via the Smart Licensing portal, when new licenses are acquired they're dropped in our bucket, so to speak, and then the solution just grabs those licenses. There is no back and forth required. The license ends up in the bucket and then the solution syncs with Smart Licensing and we're good to go.

For the future, we are looking at moving to newer versions that allow for additional advanced phishing protection. That's something that we're targeting. Also, we're trying to figure out how to streamline our mail flow with the majority of our inbound and outbound email that is now flowing through Office 365. Essentially, we're figuring out how we can tighten up that integration and lessen our dependence on on-premises Exchange for our mail flow.

With respect to versioning, it is controlled by Cisco. I believe that version 13.5 is when they introduced the advanced phishing protection. We're notified when new versions are released and we can ask for earlier versions, but we get adopted once those versions become generally available.

My advice for anybody who is implementing this product is to leverage the Cisco Validated Design (CVD) documents that exist. They're super helpful. Cisco has done a lot of work with Microsoft in figuring out integrations and documenting those. There is quite a bit of really good documentation, both within Microsoft and Cisco on building those integrations and configuring them.

We have also leveraged Cisco's adoption services around renewal times to make sure that we're using the platform to the fullest extent. They offer health checks for their hosted solutions, so on a yearly basis, you can sit down with an engineer and walk through and make sure you're on a good version of the code. You can make sure that you've again implemented from a high level, those feature sets correctly, and that you're leveraging things properly. Cisco does a lot of things to make sure that it's an easy renewal conversation to have, specifically with leadership.

The biggest lesson that I have learned from working with this product is to make sure that you're engaged with your Cisco teams to guarantee that you're getting the most benefit out of the platform. Again, you should be taking advantage of the health check services and adoption services because they're really unique.

In summary, this is a good solution but I think there's always room for improvement. I don't think that anything is perfect and they've definitely got some work to do on tightening up the UI and the configuration presentation. From a functionality perspective, the platform is great. 

I would rate this solution an eight out of ten.

We use it to secure our email system, to cut down on all the bad emails that we would otherwise receive. 

The reason for implementing the product was the huge increase in spam and junk mail which occurred when we were adopting these devices. There have been some changes in the way that email is delivered since then, and one or two of the major spam sources have been taken down or prosecuted or jailed. Today, we have less blanket-spam, but we have more targeted phishing emails or spear phishing.

The combination of emails with links that encourage users to give away their user login information can cause problems. When someone's account is compromised it can result in access to our global address list and access to emails that the compromised user may have sent. Therefore, they have details of the format and the style emails that our company uses. We have communication threads that they can take advantage of because they can inject their fake emails into an existing communication thread and try to fool a supplier or client into giving more information or, worst-case, giving money to the wrong person.

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. 

Since then, customized filtering has been very effective and useful for us.

In addition, Cisco has developed the product with its Talos product. They've developed the Cisco Secure Email Gateway systems so that instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they're now providing has a lot of attraction because it helps to prevent phishing emails.

Things such as Sender Domain Reputation, which is a relatively new feature, are attractive because when there's a pop-up domain, which might be a look-alike of your own company domain, or it might be a look-alike for some other company like Microsoft, it gets a bad reputation, and the Cisco Secure Email Gateway systems will reduce the possibility of these emails delivering to the recipient's desktop.

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.

More than five years.

The system is very stable. We have had very little downtime and the system is, in general, reliable. 

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems. In general, we have had a good experience with this product. The hardware, given occasional failures, has been very reliable. There is an upgrade process for keeping the system running with the most current, recommended version of AsyncOS. We have had very few problems where an upgrade has gone wrong. We've been very pleased with the solution.

The scalability is good because when you have appliances such as we have, if you have the infrastructure and the available resources, you can install additional virtual appliances. From the point of view of scalability, if there were a problem with performance, it is possible to add other systems or devices, even though they are virtual, and they all fall under the same control interface. They are all a part of the same cluster so they are all relatively easy to manage.

We currently have 11,000 employees and a large number of those users hold email accounts and email addresses.

We have a 24-hour operation because our company is located in 62 countries, so we have to respond relatively quickly because email is important. We have a department that deals with IT security and likely, at a minimum, we would have six people who have the capability to work on these systems. But in reality, because the systems are very stable, we have three or four people who regularly work on them. All the people who maintain the system are currently in the same department as me and all of them are considered IT security officers. They deal with other systems as well as the email.

Cisco's technical support is, perhaps, taking a different approach to the way that IronPort managed systems. Cisco tends to try and answer questions or problems by email more, initially, rather than talking to someone on the telephone. Sometimes that's not quite as good as IronPort was. 

But, in general, Cisco is good in that when we have a question they will respond quickly. But equally, because we've had these systems for several years, there is a good pool of experience in our security team so that we don't regularly have to ask questions of Cisco support.

We switched to using IronPort because it gives us a second line of defense from spam, phishing, and all the other problem emails. One of the reasons was that there was a major spike in the number of spam and junk emails that people were sending from when we first got these systems. 

The other system that we had was suffering from performance problems because it was being overwhelmed by the volume of emails that were being delivered to Fugro. The other product was still a good product, but it didn't have the performance to handle the volume of email. With the IronPort system being used as a first line of defense, it probably would have done everything that our previous system did, and we could have just removed it from our email processing.

However, we wanted to retain the old system because it had some nice features to do with additional email filtering. Having IronPort as a first line of defense was really good, and then, it was possible to do special filtering and other email reaping on this other system. The other system could then perform at a good level because it was not being overwhelmed by the huge volume of spam, junk, etc.

The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware.

This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco Secure Email Gateway 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed.

We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries.

Because we had the systems before Cisco bought IronPort, we used some assistance from the then-IronPort company for the initial set up. But our own personnel were involved in training courses, so most of the configuration was done by Fugro people.

The IronPort consultants were very good. Because the company was keen for business, they were keen to assist us. At the time, we were, perhaps, one of the more unusual cases because of the quantity of junk, spam, and other types of emails that were being sent to Fugro recipients. IronPort, at that time, was very responsive, very helpful, easy to deal with and, usually, very knowledgeable about the product.

It would be fair to say we have seen return on investment using this solution, but I'm not the person who spends the money or places the orders so I do not have detailed information on it.

We did evaluate other options, but it was a long time ago so I'm not sure I can remember which other options we considered.

Having a good understanding of the product helps in the implementation process, so do some upfront training before you adopt the product. Be closely involved with Cisco support or the Cisco implementation team which will help to make sure that configuration is well adjusted and suited to your company.

I've used the product for more than ten years. Prior to that, it was IronPort. Cisco bought IronPort. We were using the IronPort products before Cisco bought them. We're currently using AsyncOS version 12.

We've used this product for so long, and we've been very happy with it, that we do not have a direct comparison against other products that are available today. That said, and accepting the fact that email security systems are not cheap, this product is still a front-runner and, combined with the new things that Cisco is doing, it has a lot of scope and capability. I would suggest this product would be about a nine, if ten is the best.

My company operates as a service provider, and we use Cisco Secure Email so that we can secure the endpoints, systems, and emails in our data center.

The most valuable feature of the solution is the ease of use. It is easy to set up and manage the tool.

There are some concerns in the way the architecture is set up, making it an area where improvements are required. When you set up the tool, the way you put your SMTP routes should be possible through an easier process.

I have been using Cisco Secure Email for ten years. I am a customer of the tool.

The product is stable. The only challenge is the IPs get easily blacklisted. The IP addresses of IronPort devices easily get blacklisted. Cisco should make items to contact the companies whose IP addresses get blocked. During the configuration of the tool, there should be some provision in the product to indicate which IP addresses are from IronPort devices and not from the server.

It is a scalable solution.

My company uses three Cisco Secure Email solutions in parallel. In my company, we have set the product for different segments or networks, but all three sync well with each other and work fine.

For administration purposes, there are five people who use the product. As end users, there are over 2,000 to 3,000 people who use the product.

I am happy with the responses and the solutions provided by the solution's technical support.

The product's initial setup phase was easy.

The product's price falls on the higher side when compared to the other products on the market.

Whether the product would be worth the money for a business is something that depends on what a company is trying to do with the solution. If you are looking at the profitability angle, the new can get cheaply priced solutions in the market. I work in a government organization where profit alone is not our goal, and we need a product that offers security.

I recommend the product to those who plan to use it.

The DLP feature in the product is not a functionality that we have configured yet, but we do have access to its settings.

A beginner can learn to use Cisco Secure Email through a straightforward process.

Cisco Secure Email has integrated with our company's existing email gateway in a very straightforward manner through a configuration process involving IronPorts, and then URLs on IronPorts are set up.

Though it is easy to set up the product, the cost of the solution is not favorable for everybody.

I rate the tool a seven out of ten.

The tool has a DLP solution which we can implement. Its database is updated regularly. 

The tool's pricing can be improved. 

I have been using the solution for seventeen years. 

Cisco Secure Email is stable. 

We have more than 1500 users for the product. 

The tool's support is good. 

Cisco Secure Email's installation was straightforward. We discussed with the integrator, designed the implementation and tested the product. 

An integrator helped us with the product's installation. 

Cisco Secure Email is not expensive, and licensing costs are yearly. 

I rate Cisco Secure Email a nine out of ten. 

It is like a gateway for email. They receive all your email traffic. They send over your email traffic, and it is the first incoming point and the last outgoing point. They deliver the traffic to the destination. Whatever it is, you want to be informed of what is happening. Depending on the site's deployment, if you have a single device, then you have all the information on the device. And if you have several devices, you have all the information on every single device for each device. However, for consolidation, you need another device called Security Management Appliance (SMA).

It has no real interaction with other stuff. It does not interact with a gateway beyond the networking level. You have a router and that router provides IP addresses for a switch, etc. You don't have to integrate Cisco Secure Email with something specific since it is standalone and only requires basic essential networking. You can integrate it with a firewall, like ASA, but that firewall has to allow traffic. To do that, you would open port 25.

It is available to be deployed as on-premises, on the cloud, and hybrid cloud.

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

• For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
• DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

The most valuable feature is reputation filtering. In the beginning, it was based on just the IP source. but it has now evolved to domain reputation. It allows you to classify different IP sources and different sender groups, where you can reject to throttle to whitelist from any IP sources, domains, etc. Based on the reputation gathering, the reputation is powered by Talos security. It is a super powerful feature. That alone gets rid of more than 50% of the crap from the traffic flow, before even hitting the anti-spam or antivirus.

If you have some knowledge about email, it is a pretty simple solution that has many controls on different levels, from the gateway part to accepting messages from certain sources to stringent filtering. It is state of the art with anti-spam, antivirus, and different threat prevention features. 

SecureX is powered by Talos, Sourcefire, etc. Today, it is the largest, richest threat intelligence on the market. SecureX is quite standalone in regards to integration since you put it into the network, whether it is on your own cloud or a third-party cloud.

If you go to the filtering level, you can have very accurate features or filters since it is programmatic. At a certain point, you can define sets of rules, such as where the email is coming from, whether it has this content, or to apply this policy. For example, if it has the same considerations, but the content is different, apply this another policy. It is super flexible and very customizable to your needs. It is not difficult to use.

It provides information, reporting, logging, and tracking. It has powerful tracking, so you can know exactly and accurately where an email came from, for which specific device, etc. It shows the emails which were:

• Dropped
• Rejected
• Quarantined
• Accepted by which policies.

It also shows the rule sets applied for that email and considers

• The source
• The Offender
• Anything else that you may consider in an email.

It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure. 

You can consolidate on SMA if you want to spam or threats quarantined for multiple devices. It is not advisable for a single device, because if it fails, you are left without any email.

I would like to see a few changes to the UX. 

There is space for improvement with data loss prevention, particularly with third-parties integration. Data loss prevention is quite important, though most customers have some third-party or other elements in their network doing data loss prevention, specifically for email. However, if it could be possible to integrate with other solutions, not only on the email flow, but on analysis for a connector or something like that, then that would be ideal.

The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear.

I have been using it since 2004.

It does not add anything to the potential downtime for a corporation, unless everything fails. If all your email exchanges fail, then you don't have email, but this solution does not affect the performance of your whole network. 

At the minimum, you need two devices. If you have two devices and one fails, then the other one can handle the work, though you might have some email delays.

You should keep track of what is going on. It does need some daily administration, fixes, and policy changes.

In general, their technical support is really good. There are a few who are still learning, e.g., not providing enough help, but there is always the option to escalate.

It was the IronPort before Cisco acquired it in 2007. It is the same appliance and software. This solution has been upgraded by several versions, but it is basically the same, they just changed the name. 

I have done the architecture for a company in China.

It is a super big router that costs a few hundred thousand dollars.

These days, the first tiers of this market have good enough anti-spam, antivirus, etc. These have become routine. There are some other not-so-good solutions, like Barracuda and Fortinet, but it depends on how much you are willing to pay as this solution is not cheap.

The best other solution is Proofpoint. They have been long-time competitors who have also been evolving. The big difference is it is more fancy because it has more bells and whistles. The solution is good as well. However, they are super expensive, not cheap.

If you want a multi-tiered deployment, you could perhaps have Secure Email on the cloud and Proofpoint on-premises. Then, you have the two best solutions in the market working together. I have customers who have done this and are satisfied. Very few solutions can compete with Secure Email and Proofpoint outside of the price. If your budget is a problem, then you have a problem.

Along with Proofpoint, this is the best solution in terms of preventing spam, malware, and ransomware.

Check Point has fancy graphics and an interface where you can do a lot. The Cisco Secure gateway has both, though not as fancy as Check Point, but a big majority of the tasks can be done on the graphical interface level.

It is not so difficult to us, but neither is it easy, particularly if you don't have some knowledge about email.

Whatever you are looking for with an email security appliance or device, you mostly have it, though nobody is perfect.

The solution’s ability to prevent phishing and business-email compromise is fairly good. DKIM, DMARC, and SPF integration are the best way to prevent phishing, spoofing, etc. However, they still have room to work in this area.

This solution provides some benefits, like comfortable access to TAC support. You get prompt support when working directly with Cisco. Moreover, the current integration level is fine.

There are some drawbacks, like the pricing. It's not a default version, and the cost can be prohibitive. If you're working on projects where winning the bid is crucial, then the high price tag can be a major obstacle. Partnerships are required to use the solution. So it can be more affordable.

In future releases, I would like to see two main improvements come to mind. First, the current solution requires maintaining two separate operating systems for FTD, which can be cumbersome. I'd love to see a single operating system for the FTD box. 

Second, some improvements could be made in the documentation and reporting.

I  have been using it for two years. 

Performance is actually very good. I have deployed around 10 to 15 instances of this solution, and so far, I haven't encountered any major issues. As of now, it's a good product.

I would rate the stability an eight out of ten. 

I would rate the scalability a nine out of ten. 

The customer service and support are very good. 

Positive

The initial setup is not that easy. We needed experienced engineers because FTD is a new technology, especially if you're used to VMware or other on-box solutions. Cisco provides both on-box and VM solutions. However, deploying the FTD with the on-box option requires managing two separate operating systems: the FXOS and the FTD. It's not the most user-friendly process, but once deployed, management is quite easy.

You can use the FMC to manage all Cisco security products from one place, making management convenient. However, deployment is still a bit clunky.

Deployment typically takes a whole day. The time can vary depending on the number of firewalls involved. Updating the system can also be time-consuming, especially with the new FCDI and FCDO operating systems.

Maintenance is actually quite easy after initial deployment. Once a supplier sets it up, ongoing maintenance is straightforward.

I would rate the pricing a ten out of ten, where one is cheap, and ten is expensive. 

Overall, I would rate the solution a ten out of ten.