Cisco Secure Email Reviews

It is just another level of protection that we use, as far as email is concerned. We use it for different policies or as another scanning engine, e.g., on the desktop or for data coming through another email gateway.

At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage.

The most valuable feature is the policies or rules that you can put on it. This definitely helps with routing specific things to different destinations within our organization, or even potentially blocking when something is coming in and out, to where you can't do this on an email server or on our other email gateway. It's just not possible.

On their roapmap, they are looking to integrate with different cloud features, like Office 365.

I would like them to add some clustering or high availability features.

More than five years.

It is very stable. I haven't had any issues with memory or CPU. I haven't had any unstable performances from any of the appliances. Initially, we had physical appliances, then we went and upgraded to virtual appliances at some point. However, even the physical appliances were pretty stable.

I did run into one issue at one time where I had to shut something off. It was a bug, but being down for an hour or two is just two costly for our firm.

Deployment and maintenance is handled by two people (email engineers).

Scalability is good. We have four appliances total clustered, two in one data center and two in the other. The ability to increase is definitely doable, and it's helpful if you need to do that.

We are a legal firm with close to 2000 employees.

Technical support is definitely good. The turnaround time to speak to someone is very good, as well.

We had another appliance (Axway MailGate) and switched because it was outdated. Also, their support model wasn't that great. They were difficult to get a hold of after six or seven in the evening.

The initial product setup was easy. However, it was a bit more complex on our side because of some of the rules that we had set up on a previous appliance, which was not Cisco. Trying to match some of those to Cisco was a little complex. We had some consultants help us out with that. Overall, it wasn't too bad.

The deployment took three to five days.

We worked with a partner consulting firm, Presidio, who very useful and helpful.

We did a proof of concept first off, then did a hard cut over on the weekend.

For what you get for the product, the support, and the overall stability, it is definitely a good return on investment.

We do annual licensing for Cisco Secure Email Gateway and SMA together, and possibly SmartNet support. Packaged together, the cost is just under $38,000.

We looked at two or three different vendors. One of the solutions that we looked at was a virtual Linux-based appliance. We did evaluate that and a proof of concept around it. However, it wasn't as robust as Cisco, as far as features and high availability.

Give it a chance. If you can do a proof of concept somehow to rate it against other competitors which are out there, look into it because it is a good product.

I haven't upgraded to version 12 yet.

I use the solution for email security. 

The tool comes with AI features. It is good for clients who already use Cisco products due to integration. 

Cisco Email Secure's pricing needs to be less. We have vendors who provide cheaper solutions with the same features. 

I have been using the product for half a year. 

I rate the solution's stability an eight out of ten. 

I rate Cisco Secure Email a nine out of ten. 

The tool's technical support team answers queries quickly. 

Positive

Comparing Microsoft Defender and Cisco's Email Secure service, partners have noted that while Microsoft Defender offers email security, the tool's additional layer of protection provides further defense against threats like spam and phishing emails. The AI features filter out phishing emails. I have worked with FortiMail and Barracuda before Cisco Secure Email. 

The product's deployment is easy in a cloud environment. You don't need to install it for the Office 365 product. 

Cisco Secure Email is more expensive than other products. I rate it a five out of ten. There are no additional costs. You only need to pay the subscription amounts. 

I rate the overall product a seven to eight out of ten. 

It's our primary enterprise email gateway. It's the first stop for edge email security.

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

One of the nicest things is that parts of it are highly intuitive. For instance, black-listing, white-listing, and things of that nature are very easy to do and they're very intuitive. You wouldn't even need any training to be able to perform those actions straight out-of-the-box. 

Even though it's not perfect, it has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked. Again, it's not 100 percent, but out-of-the-box I didn't have to touch it, I didn't have to tune it, I didn't have to tweak it. I believe it leverages the threat-intelligence database and does what it needs to do in making sure that the bad stuff stays out and virtually all of the good stuff makes it through.

We find bugs, just like anyone else. We bring them to Cisco's attention. 

If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult.

But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment.

There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.

One to three years.

It's been stable. I don't have to do anything with my email gateways. They chug along and they do what they do. They don't always get it perfect, but I have never had one fail on me. And I've never had a problematic appliance that I'm aware of. We had Proofpoint for a lot longer, but if I were to compare the percentages, I would have to say that the stability of Cisco appliances is superior to that of our previous Proofpoint environment.

We haven't had to address scalability. The umbrella IronPort is broken down into two halves: email security and web security. I haven't had to deal with the scalability of the email security at all. But since they're both under IronPort, I have had to deal with scalability on the web security end. Relying on some of that experience, my assumption is that the way it worked for the Web Security Appliances is probably pretty similar to how it works for the Cisco Secure Email Gateway. With that in mind, I can say that scalability is not an issue. It's as easy as just bringing another Cisco Secure Email Gateway into the cluster.

In terms of plans to increase usage, if you ask any enterprise they're going to tell you, "Yes, of course, we're going to grow, and as we grow we're going to use more." And the reality is, any growing enterprise is going to utilize email more and more. As the landscape morphs and changes, so do your rule sets and the features available to you on these appliances. Will we be using it more and more? Absolutely. Will it be a daily thing? Absolutely. I'm in these appliances every single day, taking a look and tuning where necessary and trying to find more efficient ways to handle the email traffic flow. It's safe to say that for any enterprise that's going to be the case.

We were using Proofpoint and then we switched to Cisco. As I mentioned above, reportability was one of the main reasons we switched, but the biggest one was cost. If you can get an equivalent functionality for a better price it's wise to do so. That's what our primary decision came down to: We could get equivalent functionality at a lower price point.

There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. 

When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. 

Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do.

The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today.

In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was:

• run in parallel
• send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to 
• and then we staged it a little bit more. 

We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over.

Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. 

In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. 

One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No.

Since we are using Cisco cloud appliances, we had to have Cisco's involvement. They brought up the cloud appliances, where the initial configuration is done, and then we were the ones who started doing the final configurations, the moves and the migrations, as we entered the testing phase. We then moved more toward the final production move.

In terms of our experience with Cisco reps, I can speak on it more broadly as well, not just from a shear email-security perspective. When implementing a Cisco product, they're great in those initial stages. You get that expert help and it's a relatively smooth bring-up. For the things that go wrong, you have a Cisco person working with you who has the answer or knows who to go ping to get the answer. It's really nice.

That changes a little bit as time goes on. Once that expert is no longer helping you with your initial bring-up, then you rely more on the vendor's support matrix to get your solutions further tuned and to work out the little wrinkles as you experience them. Of course, it is universal - I haven't seen an example where this is exception - that this process is less smooth. 

As far as initial bring-up goes with Cisco, it's very smooth. Once that expert is no longer working with you on the bring-up and you run into issues and need to get help, that's less smooth. It's less smooth in that when you call any vendor's support line you get varying degrees of expertise. The same challenges are experienced with any international company where there could potentially be language barriers, based on where your call gets routed for support. That can slow the whole process down a bit.

That's just a reality of today's world, but it's workable. Unfortunately, it's a rather normal thing but there are different skillsets depending on the individual you're talking to, and then, depending on what the issue is and how complex the issue gets, your time to resolution may end up dragging out a lot longer than you had originally anticipated.

Our top-three choices were considering staying with Proofpoint, as well as Cisco, and Microsoft. We were looking at the bigger names.

In retrospect, I would probably want to talk to someone like myself. I'm now using Cisco security appliances and I can see how someone like me in another agency would benefit from talking to me about: "Hey what do you see? How's it going? What have your experiences been with the product?" If you can, find someone who is actually using it and talk to them.

In addition, it really depends on where you're coming from. The learning curve is going to be there regardless, because it's a new product. But if you're coming from a smaller email security platform up to this one, the learning curve is going to be steep. You may actually want to invest the time and the money into some additional training. Don't neglect that because if you just try to rely on Cisco support you're going to notice pretty consistent slowdowns. If that's okay, then it won't be an issue. Of course, it's always okay until something urgent comes up. If you're trained up, you can handle it yourself. Nobody knows everything, but it's in your best interest to know as much as possible. 

Cisco Secure Email's most valuable is email certification.

The product's GUI for the dashboard needs improvement.

We have been using Cisco Secure Email for one year.

I rate the product's stability a ten out of ten.

One administration executive in our organization uses Cisco Secure Email. I rate its scalability a ten out of ten.

The initial setup has medium complexity. I rate the process a five out of ten. We follow the Cisco guidelines for deployment. It requires two executives to conduct the process.

It is an expensive product. I rate its pricing an eight or nine.

I recommend Cisco Secure Email and rate it a ten out of ten.

It is an anti-spam solution, and we primarily use it for email anti-spam. It removes the spam emails, and we have our own manual filters to remove unnecessary or unwanted emails. So, it is working just fine.

We have been using the solution for more than three years. We started on version 9 and are currently on version 11.1.

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this.

The notifications about why the emails were blocked is a good feature.

Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated.

The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working.

While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.

Three to five years.

We expect 95 to 98 stability (perfection) in the product. 

We have one person doing maintenance, which is me. I handle this product along with three other security products. 

We are currently utilizing all the features in the product.

We have 1100 users.

The support is great. They are very fast with their responses and are very knowledgeable. Its support is available 24 hours. These things are very good.

We did not use a solution prior to this one.

We were looking to automate most of the stuff related to email filtering, so the solution bought from IronPort (now a part of Cisco) was to reduce our workload.

The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. 

It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security.

It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. 

An implementation partner, SecureLink, helped with the setup. They did a good job and were knowledgeable in the product. But, as an implementation partner, they do not take responsibility for any failures of the product.

Cisco helps with the day-to-day. 

We set up the filtering options ourselves.

We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company.

It is not that costly. We pay for the solution through a contractor and pay an annual fee.

We are currently using two different email security products, which is how we are able to identify the pros and cons of Cisco Email Security. We use a similar product called FireEye. It can detect based on sandboxing. Anything bad that it sees, it will detect. It is not based on file extension or file types. Recently, we have been able to block with it using some type of file extensions or hash.

I would recommend to use Cisco Email Security first as your email filtering solution, but do not rely on it as your only solution. 

I like the product because it is very easy to work with or we can make it complex if we want.

We are using two security appliances. One is a web security appliance, IronPort, as well as the Cisco Secure Email Gateway. They are used for web surfing.

We need to differentiate among users with specific boundaries. Some users have full access and some users only have limited access. That is what we are using it for.

It integrates with Active Directory and we can limit specific users to using specific applications. 

I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side.

Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now.

Three to five years.

The scalability is really good for multiple users. There is no issue with the scale. We have 300 to 400 users.

Technical support is really good. As far as I know, whenever we need it, they help us very well. Within half an hour or an hour of our call, we get technical support to WebEx us, depending on the situation or the issue. That's pretty quick.

The initial setup was straightforward. There was nothing complicated. It doesn't take more than two engineers. When it comes to the software, if there is good coordination between a Cisco guy and an email-server guy, the two of them would be enough to implement it.

It was really easy to implement. Even a newcomer joining the company could easily implement it. There is nothing complicated in the device. It can be easily implemented without headaches.

We took a three-year license. In addition to the standard licensing, there is a cost for SMARTnet as well. That is necessary because the hardware device is not stable at all. So if anything goes wrong we have two appliances to use. With SMARTnet, Cisco will send a new device within a week.

We are looking for a solution. We are in communication with other vendors to integrate with Email Security or to provide us a new solution.

The Cisco Secure Email Gateway, in my opinion, is a really good device. In terms of configuration of the software, it's just click, click, and you are done. If you have redundancy then you are in safe hands. It's a very good solution for email security.

We could be changing the appliance. I have heard from someone that Cisco has released some appliances for email security. I believe we need to try this. We may change our existing device and move to a new Cisco technology. We would keep the software. We usually upgrade it based on the newest versions.

Until now, I haven't seen any breach or any attack on the Cisco Secure Email Gateway.

Overall, I would rate this solution at nine out of ten. I could give it a ten if the hardware was better.

The primary use case for Cisco Secure Email is for email security. It is used in scenarios similar to Fortinet, focusing on email security and integrating with Cisco Firewalls.

The integration with Cisco Firewalls has worked fine, allowing the two devices to share information about incidents. When deployed in an environment where most products are from Cisco, it facilitates easier integration.

Cisco's Secure Email integrates with Cisco Firewalls, utilizing the AMP as their anti-malware engine, which allows for information sharing between devices. 

Additionally, Cisco Secure Mail works well with data security integration, particularly in environments where all or most products are from Cisco.

The primary areas for improvement are the pricing and the complexity of deployment. 

The pricing is considered expensive, and the deployment process is complex, involving many steps and usually requiring more than one technician.

You can say the same period also as one year for Fortinet.

The latency is better compared to Fortinet. Based on my experience, it is a faster solution, particularly in scenarios involving firewall or malware protection.

Scalability is fine with Cisco Secure Email, as it does not place any limitations.

I would rate Cisco's customer support between eight and nine out of ten. Cisco's support is much better than Fortinet.

Positive

The initial setup is a bit complex due to multiple steps required for deployment.

The return on investment is not very good due to the expensive nature of the product.

The licensing is expensive and a bit complex with the new approach Cisco has taken. It is considered more complicated than other vendors.

I'd rate the solution eight out of ten.

Cisco Secure Email is a budget-friendly solution.

I am not satisfied with the solution's reporting and logging.

I have been using Cisco Secure Email for the last five years.

I like Proofpoint's reporting, management, and interface. It has a single dashboard, very simple configuration and integration, and a very user-friendly GUI.

The solution's initial setup is not difficult. However, it has the management's separate interface and email security's separate interface, which we need to manage.

It was not difficult to integrate Cisco Secure Email with other products in our infrastructure, but it has many complicated options. Sometimes, we need to go to the command line to check the debugging. The solution's DLP (data loss prevention) feature is partially for compliance. DLP needs a full-fledged solution with the agent implementation. Until the agent is not there, you cannot implement DLP.

The solution's email encryption feature works fine. Cisco Secure Email is not a single platform. The engineer has to be a little technical to understand the command line, which is different from the firewall. There are different types of command lines. You have to check the mail log using different command lines.

Overall, I rate the solution eight and a half out of ten.