Cisco Secure Email Reviews

Protection against external email threats is our primary use case.

Less spam means more productivity; less time is wasted, helping both users and the security team.

Anti-Spam and Advanced Malware Protection are the most valuable features. They provide protection from most email threats and we also have the option to block Zero-day attacks.

The configuration UI should be made more intuitive. Currently, it takes a while to understand how to do the basic configurations.

In terms additional features, I would like to see customization of reports and dashboards. 

There should be separately module for Phishing and Fraudulent emails

More than 4 years

IronPort is indeed a very stable solution, including both software and hardware.

Scalability is very good. We have not faced any hiccups over the years with a 15 percent increase per year in the number of users. We currently have 3,000-plus users in our organization.  It is one of the main security controls we have and is used extensively. We don't have any plans at the moment to increase usage, but that might change.

We connect through a local/regional partner. Cisco is not good in dealing proactively or even reactively, so we end up relying on partners.

I cannot answer in detail about the initial setup because it was done before my tenure began. In general, it is a complex configuration.

Regarding an implementation strategy, it is best to define basic policies that deal with malware and spam-blocking which apply to the whole organization and then configure specific policies for individual and departmental needs.

Deployment shouldn't take more than a couple of hours for a team of two engineers.

We have seen ROI in the processing time. It processes efficiently and fast. It is almost transparent in its operation. We only need to worry about our email infrastructure. Security and performance-wise, it does not add any overhead or latency.

I am familiar with McAfee and Symantec to some extent. But we have not used those solutions in our production environment. I can't say much about specific differences between the solutions, but Cisco is more stable and we have not faced any issues with its detection capabilities that would make us look at other solutions.

My advice would be to have a very good partner because Cisco will not be proactive in helping and educating you. They will do proactively health check on their device but they don't offer education/training free to the customers like other vendors do. 

It has a complex UI and configuration menu but the product works well, both in terms of security and performance.

i'm usining it as frontal gateway for controlling and securing the mails flows to my on-premises exchange servers

This product has made my messaging platform more secure. it contain and extended security feature ,policy rules for filtering , and multiple engine for scaning add to that encription , security is very important for critical business with data inhouse.

after doing a third party pentesting, they found the security at a high level regarding the messaging security part testing,and the only recommendation they gave and need improvement is adding the sendboxing, for those attack ranked at zero day attack, which can't be detected.

knowing i'm using premium licensing, i checked the Advanced Malware Protection (AMP), which is on-demand feature, i found that, this feature act like a sendboxing

With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it.

More than five years.

It is currently stable. I will upgrading next year, but the current version has been working great for six year.

We have two people (system administrators) performing maintenance for the system and security part for the company.

Everything is fine with the scalability.

We have 400 users on this product, with two site, 2 physical appliance in one site and one physical appliance in the second site the three working as a cluster, and next year, we plan to increase our usage and move to the newer physical appliance version. because those we're using , are arriving to them end of life soon.

The technical support is good.

Right now, I am paying for it, but I don't use it because the solution is stable.

I have previously used McAfee, Kaspersky, TrendMicro, barracuda, websense.

The initial setup was complex because I have two sites with physical clusters. and i made it alone during the working hour without interruption.

The length of deployment will depend on the complexity of your infrastructure and your knowledge.

This product is the complete solution and the real deal.

I am using the on-premise version.

It is easy to use. It is not widely used, but it is not tough to understand. Usually, it takes five to six months to become an expert in that particular product because there is not much in it.

The Cisco database is more bug-prone and less accurate than the databases of other email security solutions. Whenever we get a phishing email, Microsoft email server, TruePoint, or Barracuda, they have a much better database. Because Cisco is using Talos, which is not a good database, they do not have much information in the database. So that is really lagging very much behind.

So that is not much recommended by the customers. Every time, customers get frustrated by using them.

There's room for improvement in the DevOps database. It has many spam emails. Usually, we have to report to the Telos team for samples, whether it's spam or a legitimate email. If that is done, then the customer environment won't get compromised easily because more than 80% of cyber-attacks are through emails. So email is like sanitizer it was used in hospitals before COVID, but after, it's provided widely to users.

I used this solution for a year. 

I would rate the stability a six out of ten. We had multiple issues with the stability. Usually, the customer complains that there's an email coming from an outside sender, and it enters our environment, and our email gets multiple emails from a single sender. There might be suspicious emails or multiple things that we usually get from customers.

I would rate the scalability a seven out of ten. Cisco has to improve its database because email security is something like DNS servers. So we have to improve the database and put more information initially in it. 

The initial setup is easy. It starts with the VLS for Open IT. Initially, the host access table is there in the front end. Based on that, we can filter out traffic with IPs from the scale of -10 to +10 if it applies. If you want to whitelist an IP, you need to check the IVRX code. If that code is okay, then we provide a list based on the organization. 

It's a bit easy to handle Cisco Secure Email; it's not that difficult. For the logs, which are in PDF format, it's not hard to read them. We don't need Wireshark much to analyze the logs.

Usually, it's GUI-friendly, and also, the Relics are there on the GUI. We can create some relics, or it's automated from the backend by the development team. We just put in our initial setup requirements, and based on that, we create a red x rule. Then we can implement it into the message filter, and we can handle whatever we want, whether it's blocking emails coming from spam or anything else.

Overall, I would rate the solution a seven out of ten. Once you have hands-on experience with it over a period of time, you will get hands-on experience, and you will be able to understand it. It's easy to use, not that much complicated.

The primary use case was for email security and load balancing between Exchange mail servers.

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the Cisco Secure Email Gateway in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if Cisco Secure Email Gateway and WSA could be brought together, it would make a better appliance, one wholesome appliance.

One to three years.

From my perspective, it's pretty stable. We didn't have any issues.

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two Cisco Secure Email Gateway boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

There were no other costs in addition to the standard licensing fees.

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco Secure Email Gateway at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.

I use the solution for spam filtering.

The solution works well. Cisco claims to have the biggest threat intelligence database in the world. We trust them because they are enterprise-level products. If we are protected, then it is working well. I am satisfied with the overall performance of the solution.

The management features of the product are not up to date. It does not match the features provided by the new vendors in the market. The solution does not offer features to protect workloads on the cloud.

My organization has been using the solution for the last 20 years.

Support is not good. The support team provides a slow response. I rate the support team a six or seven out of ten.

Neutral

We pay at least 25% more for Cisco Secure Email than Trend Micro. Cisco’s support is better than that of Trend Micro.

The solution is expensive. Every additional workload or feature has an additional cost. The product should provide a single bundle for protecting both on-premises and cloud solutions. We do not have to pay for support.

We do not have the resources to review the product technically. It is very difficult to analyze these weaknesses. As an end user, we need something to defend us and block threats. If any product works with 95% efficiency, we can say that it works well. Email protection is very critical. No one should take risks.

Cloud protection apps are very critical to the business. They should be easy to configure and easy to manage. These days, there are hundreds of products available. It's very difficult to find a good solution. Just because a tool is popular, it does not mean that it will always be the best solution. The backend technique is very important. Machine learning, artificial intelligence, and threat intelligence are very important.

If we have more knowledge, we can have more protection. If we don't have the knowledge, we can't. The solution does not offer a complete bundle for on-premise and cloud protection. If we need more features, they charge us more. They do not offer all features together.

Overall, I rate the tool a seven out of ten.

My primary use case was email security, to protect against phishing mails, spam, malware, and viruses. 

We used to get emails with viruses that would impact the business or we would get emails with malware. We were able to scan the email and clear it or block emails with viruses. That was the business justification. On a weekly basis, it was blocking about 2,000 or 2,500 emails.

It protects you, it protects your network, it protects you from phishing emails and malicious content and the like.

The most valuable feature was the anti-spam feature. You could set rules to block emails based on specific words like "pornography," "sex," "guns," "violence." That was one thing I liked about it. With the anti-spam, we didn't get all those emails.

Also, Cisco was scanning our emails with their own intelligence. I liked that.

Finally, the user interface was quite friendly, it was quite easy to use, unlike some other Cisco products. Anybody could use it. You don't have to be familiar with IT to be able to handle navigating it.

There were a couple of access issues.

Also, they need to keep their intelligence top-notch. I remember a particular phishing email that came through to my then-CEO. So they could improve on their intelligence.

One to three years.

It's quite stable. We didn't have issues because, when I think about the issues, they were from us. The two boxes were in cluster, so when the guys at the other site would start without telling us, we would get cluster error messages. Apart from that, it was fine.

In terms of scalability, I'm pretty much sure we could go as high as 1,500 users.

The support is great. It's one of the best, if not the best. If you have a particular issue, Cisco can SSH tunnel into your box and help you fix it. As long as we had a running contract, their response time was five minutes, tops. 

If you don't have a running contract but there is a security issue, say malware, for example, they'll respond. But if it has to do with hardware, they don't respond. They'll tell you to get a contract before they'll respond. It depends on what the issue is.

The deployment was quite easy. We wanted it with high-availability. It wasn't a greenfield, it was just an upgrade. The initial deployment had been done before.

The GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is. It's pretty simple, a very easy-to-use GUI. If you want to buy licenses, you want to check the status of your licenses, you want to check the status of your box, you want to check the environment, it's very simple.

The upgrade took me about 30 minutes for each box. It was just me involved in the upgrade.

The ROI is about business continuity. If you get hit by malware through an email, you'll understand. Email security is a must-have; not necessarily Cisco Secure Email Gateway, but email security. It can come from any vendor, as far as I'm concerned.

The licensing was not per user, the licensing model was per feature. You could choose anti-virus, anti-spam, etc. It was feature-based and charged yearly. Aside from the standard licensing fees, you have to pay for support.

After using Cisco Secure Email Gateway we used Trend Micro. The difference between them is just the vendor. There's really no difference. Same approach. It's the same technology. I would say Trend Micro is more granular. But overall, It's the same technology. I don't think one is better than the other. Who you buy from depends on marketing.

Email security is a must-have, and as much as the cloud providers will tell you they have security, from our own experience, the vendors' security products are a bit superior. The reasons I chose Cisco Secure Email Gateway are the interface is - it's easy to use - and the support is great. Also, it's nice to have another gateway, not just the Cisco Secure Email Cloud Gateway because it has proven not to be enough.

The organization I was working in where Cisco Secure Email Gateway was implemented had about 700 staff members, roughly 700 email boxes. There were no plans to increase usage of Cisco Secure Email Gateway at that organization. The reality now is that if your emails are on O365, O365 offers you some form of Cisco Secure Email Cloud Gateway. For most organizations, they're looking for business justification to keep Cisco Secure Email Gateway when Microsoft, for example, is offering cloud protection for your mailboxes on O365. In a case like that, you really don't expand business on Cisco Secure Email Gateway. Now that mailboxes are no longer on-prem, and the cloud provider is offering you email security, the way they sell is that you cannot say have your email on the cloud without paying for cloud security. There is really not much expansion on Cisco Secure Email Gateway from a business standpoint, if your mailbox is with a cloud provider.

I would give Cisco Secure Email Gateway an eight out of ten. We didn't get any malware, but a few phishing emails, maybe one or two, slipped in. There is really no vendor, in my experience, that I would rate at ten out of ten.

We use it for email filtering, spam filtering, for phishing attacks, malware, and forged-email detection. We also use it for outbound message control, to filter attachments that are allowed to be sent and attachments that are not allowed to be sent. It's for data loss protection.

It saves a lot of time wasting. For example, phishing attacks distract a user's attention, and forged emails waste a lot of time. A user can lose data. This solution helps protect user data.

It blocks

• bulk marketing messages
• graymail
• spam

and provides advanced malware protection.

I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services. Some vendors, like Fortinet, have this feature in their firewalls, the FortiSandbox.

It's a very stable product. We hardly have any issues. Issues are mostly around license activation and the like. It's a reliable product and very popular here in the Middle East.

It's scalable. A medium-sized business would go with a C370 while a small business would use a C190. We are able to migrate users from lower-level to higher-level products. Scalability is not a big issue for this product. The same configuration can run 500 users and 3,000 users.

The few times we have contacted technical support we have received very good performance from them. This is one of the strong points. They have very good technical support. They provide timely responses. Technical support is very good from Cisco for every product.

The setup is very straightforward. It's very simple to install. It hardly takes 30 minutes.

There is a strategy for deploying, like determining how many users' emails do you want to pass through it. There is a long document, we call it High-level/Low-level deployment. And after that we, pass emails through from the Exchange Server, incoming and outgoing, to configure the kinds of emails the product should filter.

A deployment requires a maximum of two people: One is a network engineer and one is an Exchange system administrator, so if he wants to he can configure rules according to his requirements.

Pricing depends on your environment and which model you want to buy.

You need redundancy. If you have a standalone setup there is a risk of failure. If that goes down you lose email communication.

We have deployed this product for multiple customers in the Middle East, in the UAE, particularly in Dubai. We have many customers using this product, mostly medium-sized enterprises.

It provides good IT assistance. 

It is not user-friendly, and it is quite complicated. So, it should be more user-friendly. The GUI is difficult to understand. 

We have been using this solution for four years. We don't use the latest version of the hardware. 

It is a stable solution. Stability-wise, it is good.

It is not scalable. For scalability, Cisco products are not good. That is the problem. And for deployment, it's a three-tier architecture system.

We have around 200+ users.

Cisco's tech support is good. But they respond very late. The support in itself is good, so there is room for improvement. 

The setup is quite complicated. It took us one week to deploy. 

The deployment was done by the consultant company.

As per market availability, this solution is more expensive than other vendors.

My company is looking for a new email filtering server or system. So, I was just making the comparison with Cisco and FortiMail, and that's what we're actually looking for a new or updated system. So this is the reason I was doing this R&D.

Overall, I would rate the solution a seven out of ten.