Cisco Secure Email Reviews

It is easy to use. It is not widely used, but it is not tough to understand. Usually, it takes five to six months to become an expert in that particular product because there is not much in it.

The Cisco database is more bug-prone and less accurate than the databases of other email security solutions. Whenever we get a phishing email, Microsoft email server, TruePoint, or Barracuda, they have a much better database. Because Cisco is using Talos, which is not a good database, they do not have much information in the database. So that is really lagging very much behind.

So that is not much recommended by the customers. Every time, customers get frustrated by using them.

There's room for improvement in the DevOps database. It has many spam emails. Usually, we have to report to the Telos team for samples, whether it's spam or a legitimate email. If that is done, then the customer environment won't get compromised easily because more than 80% of cyber-attacks are through emails. So email is like sanitizer it was used in hospitals before COVID, but after, it's provided widely to users.

I used this solution for a year. 

I would rate the stability a six out of ten. We had multiple issues with the stability. Usually, the customer complains that there's an email coming from an outside sender, and it enters our environment, and our email gets multiple emails from a single sender. There might be suspicious emails or multiple things that we usually get from customers.

I would rate the scalability a seven out of ten. Cisco has to improve its database because email security is something like DNS servers. So we have to improve the database and put more information initially in it. 

The initial setup is easy. It starts with the VLS for Open IT. Initially, the host access table is there in the front end. Based on that, we can filter out traffic with IPs from the scale of -10 to +10 if it applies. If you want to whitelist an IP, you need to check the IVRX code. If that code is okay, then we provide a list based on the organization. 

It's a bit easy to handle Cisco Secure Email; it's not that difficult. For the logs, which are in PDF format, it's not hard to read them. We don't need Wireshark much to analyze the logs.

Usually, it's GUI-friendly, and also, the Relics are there on the GUI. We can create some relics, or it's automated from the backend by the development team. We just put in our initial setup requirements, and based on that, we create a red x rule. Then we can implement it into the message filter, and we can handle whatever we want, whether it's blocking emails coming from spam or anything else.

Overall, I would rate the solution a seven out of ten. Once you have hands-on experience with it over a period of time, you will get hands-on experience, and you will be able to understand it. It's easy to use, not that much complicated.

Protection against external email threats is our primary use case.

Less spam means more productivity; less time is wasted, helping both users and the security team.

Anti-Spam and Advanced Malware Protection are the most valuable features. They provide protection from most email threats and we also have the option to block Zero-day attacks.

The configuration UI should be made more intuitive. Currently, it takes a while to understand how to do the basic configurations.

In terms additional features, I would like to see customization of reports and dashboards. 

There should be separately module for Phishing and Fraudulent emails

More than 4 years

IronPort is indeed a very stable solution, including both software and hardware.

Scalability is very good. We have not faced any hiccups over the years with a 15 percent increase per year in the number of users. We currently have 3,000-plus users in our organization.  It is one of the main security controls we have and is used extensively. We don't have any plans at the moment to increase usage, but that might change.

We connect through a local/regional partner. Cisco is not good in dealing proactively or even reactively, so we end up relying on partners.

I cannot answer in detail about the initial setup because it was done before my tenure began. In general, it is a complex configuration.

Regarding an implementation strategy, it is best to define basic policies that deal with malware and spam-blocking which apply to the whole organization and then configure specific policies for individual and departmental needs.

Deployment shouldn't take more than a couple of hours for a team of two engineers.

We have seen ROI in the processing time. It processes efficiently and fast. It is almost transparent in its operation. We only need to worry about our email infrastructure. Security and performance-wise, it does not add any overhead or latency.

I am familiar with McAfee and Symantec to some extent. But we have not used those solutions in our production environment. I can't say much about specific differences between the solutions, but Cisco is more stable and we have not faced any issues with its detection capabilities that would make us look at other solutions.

My advice would be to have a very good partner because Cisco will not be proactive in helping and educating you. They will do proactively health check on their device but they don't offer education/training free to the customers like other vendors do. 

It has a complex UI and configuration menu but the product works well, both in terms of security and performance.

Our main deployment is for a shipping company. We're protecting their local Exchange Server and their online Exchange email.

It means less malicious email, fewer interruptions, and less risk. It actually circumvents malicious emails; rather than getting to the users, the users don't see them. End of story. There's a risk without it. The user might get the email and might click on the link. Once that happens, they are toast, as is the network.

The number of malicious emails it blocks differs from one company to another. It depends on the volume of email they get. I would say on average, depending on how many users there are, it could block 1,000 emails a day.

The most valuable features are protection against ransomware and spam. Those are the main two features. It also adds an additional layer to your networks. Cybersecurity isn't a comprehensive solution. You have to keep on adding layers without disrupting the flow of the business. The Cisco Secure Email Gateway does that, where it adds another layer without slowing down the business or the performance of the network.

The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user.

The solution has flexibility. I think they are working on improving it as we speak. They're responsive to the feedback we give.

One to three years.

It's very stable. We haven't had any issues or downtime.

It's very scalable, especially the cloud version. You can get up to about 100,000 users on the appliance but the cloud version is more flexible. When you do scale it up you don't see slower performance.

In the largest environment in which we've implemented it, there are 200-plus users. It's utilized by 100 percent of the users. It's not at 100 percent capacity.

Their technical support is very good. We haven't had any issues. Their response is very prompt and they are very knowledgeable.

The initial setup is straightforward. There are two flavors. There's the cloud-based and the appliance. With the cloud-based solution you just point your email server to the IP address in the cloud. With the appliance, you just install it into your rack and connect it to the Exchange Server. The cloud deployment takes about ten to 15 minutes, and the appliance, because you have to install it, takes about 60 minutes.

It requires just one person for deployment. It doesn't require anybody for maintenance. You just set it and go.

The return here is more security and fewer interruptions. It's more stability and productivity versus less productivity, although I'm not sure how you can quantify it.

It's a time-saver. If you get interrupted by ransomware or a hack, it could be costly. Every breach, just the cybersecurity breach, on average costs at least $65,000 to fix, let alone the interruption in work and retrieving data, according to industry sources. You could say that you're minimizing your costs by $65,000.

Licensing costs depend on how many users there are. It could range between $5 and $7 per month, per user. There are no costs other than the standard licensing fees.

There is no totally comprehensive solution in cybersecurity. I find Cisco Email Security to be comprehensive, but it's not 100 percent. There is no silver-bullet solution when it comes to cybersecurity. You better keep on adding protection layers to your network. Don't think you're not going to be a target. As a small or medium business, you will be targeted. It's so easy to get through a firewall nowadays. One layer of cybersecurity is not going to do it. You need to add two, three, four layers. 

It's just like going to the airport. The first thing you see is the check-in desk. They check who you are, that you have valid credentials, where you're going and why. Then you go through the scanners. Then you go through another layer of security. Once you get through, you're also being watched to make sure that you don't become "malicious." There are a lot of layers.

I would rate the solution at nine out of ten. What comes to mind when giving it that rating is ease of use. Just set it and go. A better UI would make it a ten.

i'm usining it as frontal gateway for controlling and securing the mails flows to my on-premises exchange servers

This product has made my messaging platform more secure. it contain and extended security feature ,policy rules for filtering , and multiple engine for scaning add to that encription , security is very important for critical business with data inhouse.

after doing a third party pentesting, they found the security at a high level regarding the messaging security part testing,and the only recommendation they gave and need improvement is adding the sendboxing, for those attack ranked at zero day attack, which can't be detected.

knowing i'm using premium licensing, i checked the Advanced Malware Protection (AMP), which is on-demand feature, i found that, this feature act like a sendboxing

With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it.

More than five years.

It is currently stable. I will upgrading next year, but the current version has been working great for six year.

We have two people (system administrators) performing maintenance for the system and security part for the company.

Everything is fine with the scalability.

We have 400 users on this product, with two site, 2 physical appliance in one site and one physical appliance in the second site the three working as a cluster, and next year, we plan to increase our usage and move to the newer physical appliance version. because those we're using , are arriving to them end of life soon.

The technical support is good.

Right now, I am paying for it, but I don't use it because the solution is stable.

I have previously used McAfee, Kaspersky, TrendMicro, barracuda, websense.

The initial setup was complex because I have two sites with physical clusters. and i made it alone during the working hour without interruption.

The length of deployment will depend on the complexity of your infrastructure and your knowledge.

This product is the complete solution and the real deal.

I am using the on-premise version.

Cisco Secure Email is our primary gateway. We are a service provider in India. Cisco scans every email that gets into our system.

We faced a targeted attack. Most of our customers were targeted, but no one got the email. It was quarantined by Cisco. That is why we are still using Cisco.

The solution has no competition. ATP has been the most valuable in improving our email security posture. It has helped our customers too. The click-time URL protection is also valuable.

When we use multiple Cisco devices, we cannot manage the servers with a single UI. We must log in to each server for the management. We cannot manage multiple devices from a single UI. The solution has some inhibitions. They need to be finetuned.

I have been using the solution for 15 years. I am using the latest version.

I rate the tool’s stability an eight out of ten.

We are supporting around two million mailboxes. I rate the tool’s scalability a seven out of ten. It is a multi-server architecture, and I have to manage them separately.

We hardly get in touch with the support team. Whenever we got in touch with the team, the support was good.

Positive

We are using both cloud and on-prem versions. The deployment took less than two hours. We keep a backup of the configuration ready. Once we implement the server, we just put in the configuration and start.

We do the deployment ourselves. We also do maintenance and troubleshooting. We have around 20 L3 engineers on our technical team.

The pricing is good. We do not have any issues. I rate the pricing a five to six out of ten. There are no hidden costs. We know about the additional costs associated with the tool.

We do not integrate the product with other tools. I will recommend the product to others. Overall, I rate the solution an eight out of ten.

We have around 500 to 600 users and we use it for services like Anti-Spam, Advanced Malware Protection (AMP), and scanning. We are also using also multiple content filters, and it's working pretty well for us. In combination with Cisco Secure Email Gateway, we are using Trend Micro.

Before we had Cisco Secure Email Gateway, so we had more spam emails. In fact, we had some other solutions in place, but there was more spam going to the Exchange Server when we compare between we didn't have Cisco Secure Email Gateway deployed and when we deployed it. We cannot say it's 100 percent, but we're covered for 90 to 95 percent of spam. No spam is going to the user right now.

We are using almost all the features because they are necessary to protect emails. The most valuable feature is the different content filters we are using, such as DKIM. 

The Anti-Spam feature is also valuable for us because, most of the time, we notice that what is coming in is spam, and the Anti-Spam filter works very well. That's one of the features we like most.

We would like to see more options for the customization of content filters.

Three to five years.

The stability of the solution is very good. They always come out with very stable versions of firmware and it has never caused any issues.

Cisco Email Security is working well for us, but we currently have no plans to increase usage.

Technical support is very fast to respond. They are well-trained and experienced.

We were using Trend Micro and we are still using it now that we have Cisco Secure Email Gateway. Cisco's solution is more efficient and provides more options. For us, it also creates one more layer of security.

The initial setup was pretty straightforward. The basic mail policies were very easy to set up, but tuning the email flow and blocking certain things according to particular requirements takes time.

The initial deployment took about a week. Our implementation strategy was not to stop the mail flow while implementing adequate security features, including Anti-Spam, AMP, and AV.

Deployment and maintenance requires one engineer, maximum.

We used an integrator. I was not involved directly.

Licensing is done yearly, but I am not involved with purchasing side of things.

Cisco Secure Email Gateway was our first choice.

This is a great product with wonderful support. You won't have any issues.

We use it to secure our email system, to cut down on all the bad emails that we would otherwise receive. 

The reason for implementing the product was the huge increase in spam and junk mail which occurred when we were adopting these devices. There have been some changes in the way that email is delivered since then, and one or two of the major spam sources have been taken down or prosecuted or jailed. Today, we have less blanket-spam, but we have more targeted phishing emails or spear phishing.

The combination of emails with links that encourage users to give away their user login information can cause problems. When someone's account is compromised it can result in access to our global address list and access to emails that the compromised user may have sent. Therefore, they have details of the format and the style emails that our company uses. We have communication threads that they can take advantage of because they can inject their fake emails into an existing communication thread and try to fool a supplier or client into giving more information or, worst-case, giving money to the wrong person.

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. 

Since then, customized filtering has been very effective and useful for us.

In addition, Cisco has developed the product with its Talos product. They've developed the Cisco Secure Email Gateway systems so that instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they're now providing has a lot of attraction because it helps to prevent phishing emails.

Things such as Sender Domain Reputation, which is a relatively new feature, are attractive because when there's a pop-up domain, which might be a look-alike of your own company domain, or it might be a look-alike for some other company like Microsoft, it gets a bad reputation, and the Cisco Secure Email Gateway systems will reduce the possibility of these emails delivering to the recipient's desktop.

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.

More than five years.

The system is very stable. We have had very little downtime and the system is, in general, reliable. 

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems. In general, we have had a good experience with this product. The hardware, given occasional failures, has been very reliable. There is an upgrade process for keeping the system running with the most current, recommended version of AsyncOS. We have had very few problems where an upgrade has gone wrong. We've been very pleased with the solution.

The scalability is good because when you have appliances such as we have, if you have the infrastructure and the available resources, you can install additional virtual appliances. From the point of view of scalability, if there were a problem with performance, it is possible to add other systems or devices, even though they are virtual, and they all fall under the same control interface. They are all a part of the same cluster so they are all relatively easy to manage.

We currently have 11,000 employees and a large number of those users hold email accounts and email addresses.

We have a 24-hour operation because our company is located in 62 countries, so we have to respond relatively quickly because email is important. We have a department that deals with IT security and likely, at a minimum, we would have six people who have the capability to work on these systems. But in reality, because the systems are very stable, we have three or four people who regularly work on them. All the people who maintain the system are currently in the same department as me and all of them are considered IT security officers. They deal with other systems as well as the email.

Cisco's technical support is, perhaps, taking a different approach to the way that IronPort managed systems. Cisco tends to try and answer questions or problems by email more, initially, rather than talking to someone on the telephone. Sometimes that's not quite as good as IronPort was. 

But, in general, Cisco is good in that when we have a question they will respond quickly. But equally, because we've had these systems for several years, there is a good pool of experience in our security team so that we don't regularly have to ask questions of Cisco support.

We switched to using IronPort because it gives us a second line of defense from spam, phishing, and all the other problem emails. One of the reasons was that there was a major spike in the number of spam and junk emails that people were sending from when we first got these systems. 

The other system that we had was suffering from performance problems because it was being overwhelmed by the volume of emails that were being delivered to Fugro. The other product was still a good product, but it didn't have the performance to handle the volume of email. With the IronPort system being used as a first line of defense, it probably would have done everything that our previous system did, and we could have just removed it from our email processing.

However, we wanted to retain the old system because it had some nice features to do with additional email filtering. Having IronPort as a first line of defense was really good, and then, it was possible to do special filtering and other email reaping on this other system. The other system could then perform at a good level because it was not being overwhelmed by the huge volume of spam, junk, etc.

The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware.

This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco Secure Email Gateway 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed.

We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries.

Because we had the systems before Cisco bought IronPort, we used some assistance from the then-IronPort company for the initial set up. But our own personnel were involved in training courses, so most of the configuration was done by Fugro people.

The IronPort consultants were very good. Because the company was keen for business, they were keen to assist us. At the time, we were, perhaps, one of the more unusual cases because of the quantity of junk, spam, and other types of emails that were being sent to Fugro recipients. IronPort, at that time, was very responsive, very helpful, easy to deal with and, usually, very knowledgeable about the product.

It would be fair to say we have seen return on investment using this solution, but I'm not the person who spends the money or places the orders so I do not have detailed information on it.

We did evaluate other options, but it was a long time ago so I'm not sure I can remember which other options we considered.

Having a good understanding of the product helps in the implementation process, so do some upfront training before you adopt the product. Be closely involved with Cisco support or the Cisco implementation team which will help to make sure that configuration is well adjusted and suited to your company.

I've used the product for more than ten years. Prior to that, it was IronPort. Cisco bought IronPort. We were using the IronPort products before Cisco bought them. We're currently using AsyncOS version 12.

We've used this product for so long, and we've been very happy with it, that we do not have a direct comparison against other products that are available today. That said, and accepting the fact that email security systems are not cheap, this product is still a front-runner and, combined with the new things that Cisco is doing, it has a lot of scope and capability. I would suggest this product would be about a nine, if ten is the best.

The primary use case was for email security and load balancing between Exchange mail servers.

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the Cisco Secure Email Gateway in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if Cisco Secure Email Gateway and WSA could be brought together, it would make a better appliance, one wholesome appliance.

One to three years.

From my perspective, it's pretty stable. We didn't have any issues.

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two Cisco Secure Email Gateway boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

There were no other costs in addition to the standard licensing fees.

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco Secure Email Gateway at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.