Cisco Secure Email Reviews

I use the solution for email security. 

The tool comes with AI features. It is good for clients who already use Cisco products due to integration. 

Cisco Email Secure's pricing needs to be less. We have vendors who provide cheaper solutions with the same features. 

I have been using the product for half a year. 

I rate the solution's stability an eight out of ten. 

I rate Cisco Secure Email a nine out of ten. 

The tool's technical support team answers queries quickly. 

Positive

Comparing Microsoft Defender and Cisco's Email Secure service, partners have noted that while Microsoft Defender offers email security, the tool's additional layer of protection provides further defense against threats like spam and phishing emails. The AI features filter out phishing emails. I have worked with FortiMail and Barracuda before Cisco Secure Email. 

The product's deployment is easy in a cloud environment. You don't need to install it for the Office 365 product. 

Cisco Secure Email is more expensive than other products. I rate it a five out of ten. There are no additional costs. You only need to pay the subscription amounts. 

I rate the overall product a seven to eight out of ten. 

It's our primary enterprise email gateway. It's the first stop for edge email security.

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

One of the nicest things is that parts of it are highly intuitive. For instance, black-listing, white-listing, and things of that nature are very easy to do and they're very intuitive. You wouldn't even need any training to be able to perform those actions straight out-of-the-box. 

Even though it's not perfect, it has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked. Again, it's not 100 percent, but out-of-the-box I didn't have to touch it, I didn't have to tune it, I didn't have to tweak it. I believe it leverages the threat-intelligence database and does what it needs to do in making sure that the bad stuff stays out and virtually all of the good stuff makes it through.

We find bugs, just like anyone else. We bring them to Cisco's attention. 

If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult.

But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment.

There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.

One to three years.

It's been stable. I don't have to do anything with my email gateways. They chug along and they do what they do. They don't always get it perfect, but I have never had one fail on me. And I've never had a problematic appliance that I'm aware of. We had Proofpoint for a lot longer, but if I were to compare the percentages, I would have to say that the stability of Cisco appliances is superior to that of our previous Proofpoint environment.

We haven't had to address scalability. The umbrella IronPort is broken down into two halves: email security and web security. I haven't had to deal with the scalability of the email security at all. But since they're both under IronPort, I have had to deal with scalability on the web security end. Relying on some of that experience, my assumption is that the way it worked for the Web Security Appliances is probably pretty similar to how it works for the Cisco Secure Email Gateway. With that in mind, I can say that scalability is not an issue. It's as easy as just bringing another Cisco Secure Email Gateway into the cluster.

In terms of plans to increase usage, if you ask any enterprise they're going to tell you, "Yes, of course, we're going to grow, and as we grow we're going to use more." And the reality is, any growing enterprise is going to utilize email more and more. As the landscape morphs and changes, so do your rule sets and the features available to you on these appliances. Will we be using it more and more? Absolutely. Will it be a daily thing? Absolutely. I'm in these appliances every single day, taking a look and tuning where necessary and trying to find more efficient ways to handle the email traffic flow. It's safe to say that for any enterprise that's going to be the case.

We were using Proofpoint and then we switched to Cisco. As I mentioned above, reportability was one of the main reasons we switched, but the biggest one was cost. If you can get an equivalent functionality for a better price it's wise to do so. That's what our primary decision came down to: We could get equivalent functionality at a lower price point.

There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. 

When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. 

Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do.

The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today.

In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was:

• run in parallel
• send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to 
• and then we staged it a little bit more. 

We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over.

Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. 

In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. 

One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No.

Since we are using Cisco cloud appliances, we had to have Cisco's involvement. They brought up the cloud appliances, where the initial configuration is done, and then we were the ones who started doing the final configurations, the moves and the migrations, as we entered the testing phase. We then moved more toward the final production move.

In terms of our experience with Cisco reps, I can speak on it more broadly as well, not just from a shear email-security perspective. When implementing a Cisco product, they're great in those initial stages. You get that expert help and it's a relatively smooth bring-up. For the things that go wrong, you have a Cisco person working with you who has the answer or knows who to go ping to get the answer. It's really nice.

That changes a little bit as time goes on. Once that expert is no longer helping you with your initial bring-up, then you rely more on the vendor's support matrix to get your solutions further tuned and to work out the little wrinkles as you experience them. Of course, it is universal - I haven't seen an example where this is exception - that this process is less smooth. 

As far as initial bring-up goes with Cisco, it's very smooth. Once that expert is no longer working with you on the bring-up and you run into issues and need to get help, that's less smooth. It's less smooth in that when you call any vendor's support line you get varying degrees of expertise. The same challenges are experienced with any international company where there could potentially be language barriers, based on where your call gets routed for support. That can slow the whole process down a bit.

That's just a reality of today's world, but it's workable. Unfortunately, it's a rather normal thing but there are different skillsets depending on the individual you're talking to, and then, depending on what the issue is and how complex the issue gets, your time to resolution may end up dragging out a lot longer than you had originally anticipated.

Our top-three choices were considering staying with Proofpoint, as well as Cisco, and Microsoft. We were looking at the bigger names.

In retrospect, I would probably want to talk to someone like myself. I'm now using Cisco security appliances and I can see how someone like me in another agency would benefit from talking to me about: "Hey what do you see? How's it going? What have your experiences been with the product?" If you can, find someone who is actually using it and talk to them.

In addition, it really depends on where you're coming from. The learning curve is going to be there regardless, because it's a new product. But if you're coming from a smaller email security platform up to this one, the learning curve is going to be steep. You may actually want to invest the time and the money into some additional training. Don't neglect that because if you just try to rely on Cisco support you're going to notice pretty consistent slowdowns. If that's okay, then it won't be an issue. Of course, it's always okay until something urgent comes up. If you're trained up, you can handle it yourself. Nobody knows everything, but it's in your best interest to know as much as possible. 

We migrated from Cisco ESA to Cisco CES, we went from the on-premise solution to the cloud solution.

Our primary use case is for email security. Every email is scanned by an antivirus engine and every attachment is also sandboxed before it gets back to the real person. This is an additional Cisco CES module.

On top of this module, we have also subscribed for the Cisco Cloud Secure Email Encryption Service (CRES).

Our other use cases are all about the functionality of the Cisco Email. We are using it as a relaying system for incoming and outcoming mail. External exposed webservices are using the Cisco CES in order to send mails out as our domains.

Another feature we use is the possibility to combine the Cisco CRES together with Cisco CES. All our documents are labelled and are obliged to be sent either through TLS (encrypted channel) or either through Cisco CRES (encrypted mail) for GDPR-compliancy. If the destination domain doesn't support TLS, it is sent by Cisco CRES, otherwise we use TLS. This conditional check isn't (yet) available at Microsoft.

We already used this system on-premise. So there is no real difference except for the encryption plugin that is used. That's beneficial value. You also don't need to invest in physical hardware, location, and physical connections, and an on-premise data center.

The added value of it is that every migration to a new version is initiated by the Cisco personnel, so that is a bunch of work that you don't have to do on the Cisco ESA system on-premise. As it becomes a SAAS-platform, you don't need to invest anything in your own data center or in your upgrade path. 

There was no downtime involved in the migration from Cisco's on-premise to the Cloud Secure Email. It was important to have this business continuity going on and not to lose any emails. We have implemented everything first in a test environment. We had the test Cisco CES in the cloud together with the test exchange system and so forth. Such a smooth transition was possible because we could test everything in a test environment.

If you have the knowledge of the Cisco on-premise solution, it was more like a copy-paste of the settings on the Cisco cloud solution. So the learning curve is rather low if you have the knowledge already of the Cisco system on-premise.

The pricing is more or less the same, but you have to take into consideration all the work that the people have to do. If they need to patch the new system, if they need to do the patching cycle on the ESA itself, and so forth, that's where the money goes.

It's not out-of-pocket money that you gain, but you gain time from people to focus on other systems.

The most valuable features of the Cisco ESA have to do with the intelligence they provide us. They respond quickly to any phishing attacks and threats on the system. 

I also like the pay module, sandbox, and attachments.

The vendor's free migration services ensure that your on premise licenses are transferred when you migrate. It's just a matter of money at that moment. It's good to know that they take into account your old key and give you the new keys on the new machine.

We have Microsoft and we have the E5 licenses, they have more EDR responses on certain emails. That's something that Cisco ESA on the cloud doesn't have. They don't do anything about MITRE attacks. They only detect if there is a malicious email or a threat and they remove it.

If there is an email that has passed through, there is no way to have a global system delete that email from every mailbox. You have to look up the malicious files yourself.

With Microsoft, you can look it up, you can hunt for that in their compliance dashboard. You can hunt that email and then delete that email in one step. That's something that Cisco doesn't have.

I have been using Cisco Secure Email for more than ten years. 

The solution has proven that it's very stable. I only recall three real problems with the system. And I've been working at the same company for 15 to 16 years. It is very stable.

The scalability is fine. 

We have around 1500 users. 

There are two system engineers that support it right now.

Emails grow in numbers. So sometimes we need to alter our system to hold that amount of emails or to grab all those emails and transfer them. 

I don't think we have opened a call at Cisco itself. For the encryption plugin, we opened several support tickets for the implementation. Their support was helpful. It was more technical advice.

I would rate their support an eight out of ten. They are very responsive and they quickly come up with the right answer, which is important. I never give nine and 10. So sometimes they are, sometimes they come quick with responses, but within all the years, sometimes it takes a while until they find a good response. Like that book is something that took a while to find out.

The initial setup was simple and easy. You open one screen of your on-premise Cisco ESA configuration and you copy-paste it to the other screen of your Cisco ESA system in the cloud. So the transition was very easy.

It took around one month to implement. 

The strategy was to get rid of the physical servers and move to the cloud.

We worked with Cameo to do the integration.

Pricing is okay. There are no additional charges. 

We looked at some competitors, like Proofpoint but in comparison, we chose Cisco ESA because we kept the same technology. We knew that the migration path would be less effort than the migration part if we went to another solution or Barracuda.  

Proofpoint was very good at creating general DLP policies, in that you could create policies and you apply them on different platforms, like Teams.

Cisco is a state-of-the-art product. I think Microsoft is catching up really quickly when you take the E5 license builder with it. I think Microsoft can take over the competition from Cisco but it could take a while.

It's a very mature product.

I would rate it a nine out of ten. 

The big use case is filtering inbound messages for spam and malicious messages. Obviously, it's a huge issue for everyone to keep as much of that stuff out as possible.

Users are getting a lot fewer malicious and nuisance messages. When we moved to the cloud product, we added in a service for graymail unsubscribe which we didn't have before. That makes it very easy for people to safely unsubscribe from mailing lists, especially the sort that they have been added to without knowing what the company is. That has reduced the amount of time users waste going through that process and the amount of time IT has to spend responding to questions about what they can do about things like that. In general, it's enabled us to spend less time addressing user issues regarding junk mail. It has also been better about not blocking legitimate messages, which again comes down to saving time for both users and IT.

The migration from the on-prem email security to its cloud email security saved us money, versus where we would have been if we had kept the on-prem with them. Versus the Microsoft service, it was basically a wash. But compared to Cisco's on-prem service, the cost is the same, but you don't have to pay for the hardware and you don't have to maintain the system, as far as upgrades and hardware failures are concerned. It is cheaper to operate on their cloud service than it is to operate with their on-prem service. The hardware savings are from whatever level of hardware we ended up not having to buy. If we had stayed on-prem with it, we would have needed to buy two new appliances that year, appliances which would have cost $10,000 or $12,000. I don't have a good figure on how much manpower we spent maintaining upgrades with the on-prem. It wasn't huge, but we probably save an hour a month, on average, on maintenance.

For maintenance, it depends on what's going on, but there may be a few hours a month for reviewing, reporting, and for addressing any user issues. User issues mainly revolve around things like, "Okay, the user hasn't gotten an email from so-and-so. Check and see whether or not they've got it." But as far as actually maintaining it, to ensure it keeps functioning, it's pretty minimal; maybe an hour a month. The people who handle the maintenance are from our infrastructure group, which is a combination of systems and network functions.

A few of the big features are ones that we found that we missed terribly when we moved over to Microsoft. One of them is simply the logging that they have in the reporting. For example, if I wanted to get logs about emails since last week, from a certain address, with native Office 365 I would have to submit the search requests and I would get an email a few hours later with the results. With Cisco, it's not only a lot more detailed information, but it's nearly instantaneous. So if you have to do any sort of research into an issue, whether it's security or something is missing, it makes that much less labor intensive.

The filtering is definitely better at catching both spam and malicious messages, and there's a lot of extremely granular ability for setting up rules. You can do it the way you want to. The Microsoft solution tends to be pretty limited in how it allows some of that to be done. It forces you into doing it a certain way, even if it's not good for your business process.

The interface is dated. It has looked pretty much the same for 15 years or so. It would be helpful to be able to do everything from one spot. The centralized quarantine and reporting are completely separate from policy administration.

We used it consistently from 2007 to the beginning of 2020, and when we went off of it, it was about three months before we started back up with the cloud option.

We haven't had any stability issues with it. It seems to be good.

I haven't seen any scalability issues. I'm not quite sure how scaling would be handled if we had a truly immense increase, but I haven't seen any challenges with it. We're on the small side so we may not be a good example.

We don't really intend to change our usage much. We use it for all of our inbound and outbound email.

I haven't talked with their technical support much in the last few years. The only issue I've had was a support case for getting command-line access set up. That was fine, but there was virtually no contact about it.

We have had two runs with Cisco Secure Email. We initially ran it on-prem and that started in 2007. It was the same year, or a little bit before, Cisco bought the old IronPort product. And last year, we initially ended up dropping the on-prem, when we were moving into Office 365. Although we were happy with it, the thought was, "Okay, if we move everything to Office 365, Microsoft can handle that. We have their full-blown mail filtering products." We thought it would probably save us some workload, not having an extra product to deal with.

The intent was that we were going to consolidate to a single product when we moved to the cloud for email, and we found out that it didn't work as well as we had expected. We didn't do a direct conversion from the on-prem to the cloud solution. There were a couple of months between it during which we tried the Microsoft option.

We then found out that they were not nearly as good as one would expect from a market leader in corporate email. I then contacted Cisco about what it would cost to do it in the cloud with their products. I was rather surprised to find out that they don't charge anything more to host it, than they do to have you run it on your own equipment. We ended up jumping back into it with their hosted solution, without really planning to. When the cost came back and was as attractive as it was, we decided, "Okay, this Microsoft filtering is not working out. Let's go back to Cisco." We went back to it and it's been working really well, better than it did when it was on-prem, because we don't have to maintain as much of it.

We had been using encryption on Cisco before, but we did end up leaving that with Microsoft, just because it integrates with their Outlook browser better. I'm at something of a toss-up on which one I prefer. Because the Microsoft solution integrates directly with the Outlook client, it is a bit easier for users to manage. But the encryption on it seems to work fairly decently, although it has the same problem that all of them do. There are tons of standards for that. Everyone has their own. It would be great if there was some sort of multi-vendor standard for that but, without it, we moved it over to the Microsoft solution and that seemed that to be a little easier for users.

Because we had those few months in between, we didn't qualify for a license transfer. We had let the initial service lapse and then we brought on the cloud service.

It ended up being a really easy setup for the Cisco cloud product. I was pleasantly surprised how much was already ready for you out-of-the-box.

I found the setup to be straightforward, as someone who was familiar with the management environments. If I had not had the experience with it, there would have been areas that could use more documentation to explain what different sections of the product do. But I had been using it for a long time, so that was not an issue. But I could see that is an area they could put more into. We also had a technical contact available to us for when getting started, to whom we could reach out. But it would be good to add in some more entry-level documentation.

As far as the policy setup goes, our equipment was end-of-life and we weren't at a version that we could migrate from. So we decided to do greenfield for the setup and we're actually happy we did because Cisco's default setup on its cloud product, when they brought up a new blank instance for us, had a really good framework for rules, et cetera. We copied in exception lists and the like from our existing setup and we were up and running in an afternoon.

When we went in, we initially did it as a trial, because they offered a 30- or 60-day trial. We did that to see if this was what we wanted to do. We ended up poking around in the environment a little bit first, because the whole thing was an unbudgeted change for us. When we moved over to Microsoft we found we were having all these issues. We put some resources into trying to resolve them but we saw there were deficiencies in Office 365, when it comes to the filtering of email. We started the trial with Cisco to see if going back to them and their cloud would solve things. We liked what we saw and decided to move everything over. The grass really was greener on that side.

The downtime involved in the migration from Cisco's on-prem solution to the cloud email security was minimal, about 15 minutes. The downtime aspect wasn't especially important since we did it after hours. It's emails, so it's not like anybody was going to notice that it was down for that amount of time.

The learning curve involved in migrating from the on-prem to the cloud email security was pretty easy. The environment really is very similar to manage in the cloud. If you look at the management consoles that you're used to seeing on-prem, and you look at the ones in the cloud, about 99 percent is the same. There are some things that are unavailable because Cisco is handling the software upgrades, but almost all of it that you had on-prem is the same. There are a few extra steps to getting into the command line, they're a little bit weird, but all the policies are identical to the on-prem method. There's not much learning curve involved in switching.

Overall, the migration was massively easier than I expected it to be. We did it on a Sunday afternoon and it only took about three hours.

We were in touch with the technical contact from Cisco for some basic stuff, for getting started.

We were just evaluating between Cisco and Microsoft's advanced threat protection.

We decided not to evaluate anyone else when we saw that Cisco was going to be less expensive than we thought it was going to be. My expectation going in was that the cloud service would cost more than the licensing for on-prem would, because they're hosting it. But that wasn't actually the case. It ended up costing about the same as what the on-prem cost, except that we didn't have to buy hardware anymore, which obviously saves some money.

It's definitely worth looking at Cisco's cloud email security offering. It's surprisingly simple to get going with, and it really is easier to use than the on-prem because of everything they have built into it. It is surprisingly cost-effective.

It's integrated with their AMP product, although that's sold as a part of it. We haven't integrated it with other Cisco stuff at the moment. We've got third-party stuff that we have it integrated with. 

We are using two security appliances. One is a web security appliance, IronPort, as well as the Cisco Secure Email Gateway. They are used for web surfing.

We need to differentiate among users with specific boundaries. Some users have full access and some users only have limited access. That is what we are using it for.

It integrates with Active Directory and we can limit specific users to using specific applications. 

I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side.

Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now.

Three to five years.

The scalability is really good for multiple users. There is no issue with the scale. We have 300 to 400 users.

Technical support is really good. As far as I know, whenever we need it, they help us very well. Within half an hour or an hour of our call, we get technical support to WebEx us, depending on the situation or the issue. That's pretty quick.

The initial setup was straightforward. There was nothing complicated. It doesn't take more than two engineers. When it comes to the software, if there is good coordination between a Cisco guy and an email-server guy, the two of them would be enough to implement it.

It was really easy to implement. Even a newcomer joining the company could easily implement it. There is nothing complicated in the device. It can be easily implemented without headaches.

We took a three-year license. In addition to the standard licensing, there is a cost for SMARTnet as well. That is necessary because the hardware device is not stable at all. So if anything goes wrong we have two appliances to use. With SMARTnet, Cisco will send a new device within a week.

We are looking for a solution. We are in communication with other vendors to integrate with Email Security or to provide us a new solution.

The Cisco Secure Email Gateway, in my opinion, is a really good device. In terms of configuration of the software, it's just click, click, and you are done. If you have redundancy then you are in safe hands. It's a very good solution for email security.

We could be changing the appliance. I have heard from someone that Cisco has released some appliances for email security. I believe we need to try this. We may change our existing device and move to a new Cisco technology. We would keep the software. We usually upgrade it based on the newest versions.

Until now, I haven't seen any breach or any attack on the Cisco Secure Email Gateway.

Overall, I would rate this solution at nine out of ten. I could give it a ten if the hardware was better.

I use the solution for spam filtering.

The solution works well. Cisco claims to have the biggest threat intelligence database in the world. We trust them because they are enterprise-level products. If we are protected, then it is working well. I am satisfied with the overall performance of the solution.

The management features of the product are not up to date. It does not match the features provided by the new vendors in the market. The solution does not offer features to protect workloads on the cloud.

My organization has been using the solution for the last 20 years.

Support is not good. The support team provides a slow response. I rate the support team a six or seven out of ten.

Neutral

We pay at least 25% more for Cisco Secure Email than Trend Micro. Cisco’s support is better than that of Trend Micro.

The solution is expensive. Every additional workload or feature has an additional cost. The product should provide a single bundle for protecting both on-premises and cloud solutions. We do not have to pay for support.

We do not have the resources to review the product technically. It is very difficult to analyze these weaknesses. As an end user, we need something to defend us and block threats. If any product works with 95% efficiency, we can say that it works well. Email protection is very critical. No one should take risks.

Cloud protection apps are very critical to the business. They should be easy to configure and easy to manage. These days, there are hundreds of products available. It's very difficult to find a good solution. Just because a tool is popular, it does not mean that it will always be the best solution. The backend technique is very important. Machine learning, artificial intelligence, and threat intelligence are very important.

If we have more knowledge, we can have more protection. If we don't have the knowledge, we can't. The solution does not offer a complete bundle for on-premise and cloud protection. If we need more features, they charge us more. They do not offer all features together.

Overall, I rate the tool a seven out of ten.

It is an anti-spam solution, and we primarily use it for email anti-spam. It removes the spam emails, and we have our own manual filters to remove unnecessary or unwanted emails. So, it is working just fine.

We have been using the solution for more than three years. We started on version 9 and are currently on version 11.1.

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this.

The notifications about why the emails were blocked is a good feature.

Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated.

The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working.

While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.

Three to five years.

We expect 95 to 98 stability (perfection) in the product. 

We have one person doing maintenance, which is me. I handle this product along with three other security products. 

We are currently utilizing all the features in the product.

We have 1100 users.

The support is great. They are very fast with their responses and are very knowledgeable. Its support is available 24 hours. These things are very good.

We did not use a solution prior to this one.

We were looking to automate most of the stuff related to email filtering, so the solution bought from IronPort (now a part of Cisco) was to reduce our workload.

The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. 

It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security.

It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. 

An implementation partner, SecureLink, helped with the setup. They did a good job and were knowledgeable in the product. But, as an implementation partner, they do not take responsibility for any failures of the product.

Cisco helps with the day-to-day. 

We set up the filtering options ourselves.

We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company.

It is not that costly. We pay for the solution through a contractor and pay an annual fee.

We are currently using two different email security products, which is how we are able to identify the pros and cons of Cisco Email Security. We use a similar product called FireEye. It can detect based on sandboxing. Anything bad that it sees, it will detect. It is not based on file extension or file types. Recently, we have been able to block with it using some type of file extensions or hash.

I would recommend to use Cisco Email Security first as your email filtering solution, but do not rely on it as your only solution. 

I like the product because it is very easy to work with or we can make it complex if we want.

The solution is an email gateway.

The security features are valuable. I am satisfied with the product.

The user interface is a bit complex. It is not very easy to learn the product. It is not very intuitive.

I have been using the solution for more than three years.

The tool is stable.

The tool is scalable. We have eight to ten administrators. All our emails go through the solution.

There is a bit of a communication gap in support. The support persons must improve their responses.

Positive

The solution is cloud-based. The initial setup is straightforward.

Overall, I rate the solution an eight out of ten.