Cisco SecureX [EOL] Reviews

This solution is a new solution. It gets visibility into all the components about security. For example, in the Firepower application, emails, and in the cloud, I can see across those in SecureX. It shows all the layers and the entire security solution. This is very important and key in the world of security.

Organizations are afraid of attacks. For example, many companies have an attack once a month. We need this solution's visibility into our customers' applications.

The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem. 

I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect.

We have been using it for five years. This solution is very important to us.

They are good and are graduating to the next level with this solution. We can see the security in the cloud for this solution. Whether I am working at home or out in the world, I can see all the security in my network. 

The deployment is very easy. You just log, install, and run the software. That is all.

The pricing is the best part of this solution. It is free if you buy Umbrella or Duo Security. It is also a good solution.

It is a good solution. It is Cisco's best solution.

Monitoring is easy. My engineers are monitoring this application all the time and the customer doesn't have to call me. My engineers will call the customer and say "Hey, you are having an attack."

I would rate the solution as 10 out of 10. It is the best. The SecureX solution has the best impact for the customer because it has all the visibility of my applications and my users' applications. Of course, it is also easy to manage this application.

We use it to investigate threat incidents. It lets us better manage security incidents.

We just use it for the security department.

It gives us more visibility into detected threats so we can determine their impacts.

Its cybersecurity and resilience have been extremely important for our organization. It helps us save our operations by protecting us against ransomware and most threats.

The automation and orchestration tools are the most valuable features.

It is good that it provides information. However, I think that there needs to be more actionable items for us based on the information provided.

Remediation stuff could be integrated into the product's automation.

I have been using the solution for a year.

It is really scalable. We are looking to increase usage in the future.

Overall, the technical support is great. I would rate it as eight out of 10.

Positive

We did not previously use another solution.

The initial setup was complex. It took about a month to deploy. The deployment took me about 20 hours overall of work.

I had to work with the SecureX engineer in order to get things rolling. It wasn't a very straightforward process when we rolled out the product.

We used an integrator for the deployment.

We have seen quicker response times. It took a few months to realize the benefits.

It comes free with all Cisco products. So, it is a good price.

We didn't evaluate other products.

Leaders in organizations should invest in IT, training, and staff.

The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable.

Integrating the product with most of the customers involved hasn't been difficult. There's enough documentation and support from Cisco to help put things together, making the process straightforward.

The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial.

The tool's technical support has always been good. I've never encountered any issues with them. While they may not always be the fastest, they respond and ensure that problems are resolved.

Positive

Cisco SecureX is more expensive than Trend Micro. However, considering the integration capabilities with other solutions and the quality of technical support, I believe there's justification for the price difference.

I rate the overall product a nine out of ten. 

We have a total of about 150 customers with about 6,500 users and we handle their IT. There are 300 sites all over the Netherlands from which we get all the intel and we feed it into SecureX. It's our central point where we collect everything very easily. When we see something happening we can take the security feed, look at the event in an organization, and SecureX shows us what's going on. It helps us analyze and understand things.

All the security solutions such as firewalls, email security, web security, endpoint security, and antivirus report into SecureX where we have a dashboard that shows everything that is happening.

The orchestration allows us to say, "Well, if this happens here, then we should take an automated action." For example, if an email is received on a machine and malware is being executed, it can be put into lockdown mode. It should only be accessible by the investigators. It cannot connect with any other resources within the company anymore. It cannot send or receive any files. SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together.

We're seeing and correlating things that we never expected to be able to put together. Before we had the SecureX dashboard, which ties everything together, we would have logs on some computer, or logs on a different system with timestamps. We would have to input search commands to see if there was anything happening on one machine that was also happening on another machine, or if there was anything happening in the firewall that was also happening with email.

We're also doing things with SecureX now that I didn't think were possible two years ago. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. I didn't expect there to be a product in which you can so easily change between the different parts of your security with a single click, allowing you to go from publicly available security intelligence into, "How's it looking in my environment?" 

We can do things within seconds, things which we wouldn't even have thought about doing two years ago, just because we didn't think there would be anyone combining the different sources of information together and making it easy to correlate between what's happening in the rest of the world and what's happening within our environments.

Also, SecureX provides us with contextual awareness throughout our security ecosystem.

Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out. 

You can also see not only what kind of malware you have, but what kind of damage or what kind of tech you're looking at. You can very easily see if there is somebody who is trying to find out if there's anything open or if it is somebody who has already established access and is trying to escalate from a user account to the administrator account. You can even focus on these kinds of privilege-escalation attacks and make other issues a second priority.

In addition, like every company, we have to deal with compliance. We have a compliance officer, but normally the compliance officer would not have access to the firewall logs, the email security appliance, endpoint security, etc. But he still has to get all the compliance information out of them, including details such as how are we doing, how many threats we are capturing, etc. I gave our compliance officer access to the SecureX dashboards and now, without having to log in to any of our security appliances, he has a live dashboard with an overview of what's going on. How many incidents? How have they been resolved? How much malware was seen within the company? What kind of compromises were there? Were they critical, high, medium, or low?

He can look at everything himself without him having to ask for me to create a report and without having to have access to the files themselves. He has a dashboard and can say, "I want to see the last week, last month, etc." He gets all the widgets and all the information for whatever period he wants. He can use that within his report to show the auditors how we're dealing with our security. Without any reporting, without emailing back and forth, he gets access to the live information. That's something I wasn't expecting and it has proven to be very valuable. He cannot mess anything up, however, he still has access to the live data on the entire network.

For me, the most valuable feature is the overview: seeing hundreds of sites and thousands of endpoints; everything in a single dashboard.

It can show me spam attacks, phishing attacks, malicious file transfers on our firewalls, and malicious activity on our endpoints. In addition to all the security solutions it takes in, you can add in other websites and services as well.

Threat-hunting is a specific module within SecureX. You can say, "I want to know what's been happening within my organization. I'm seeing some activity here and I want to know if this machine, which is doing something strange, has been in contact with any other suspicious machines. Has it been receiving any suspicious email? What's going on?" It can really dig into any indication you have within your network.

It also provides automatic messaging. For example, if there's malware activity, it will be automatically matched to a certain category of malware saying, "This is credential access,” or “This is a discovery,” or “This is the exfiltration of data,” or “This is privilege escalation."

There is also the possibility of integrating feeds from different products. SecureX will not only work with Cisco products, but you can also put in different kinds of feeds if you have a different type of firewall or antivirus, for example.You can get the same intel within the same dashboard. You don't need to have only Cisco products. 

SecureX integration between Cisco products and third-party solutions is very valuable due to the fact that you get the security feeds and everything on the internet. If you want to know, for example, if something is Orion malware, it will say, "Hey, I have this webpage showing me indicators of compromise. It gives me a button within my browser and I can check whatever is on this page against my live environment. If there's anything on any webpage saying, "You should pay attention to this, or you should be aware of these malicious files," with a single click I can check them against my environment. The intel you get and the different products all generate output. And you can use the toolbar within your browser to make it very easy to put anything you find into SecureX.

The ribbon feature is quite useful. The solution is great at helping you maintain context around incidents as you navigate different consoles. It's immensely valuable due to the fact that, as you navigate between products and between pages, the ribbon stays with you. I can open a case there and I can also share it with my colleagues. We're back in lockdown again here in Europe, so everybody's working from home again. I can start an investigation on my machine and share it with my colleague. He can work on the same stuff and he can add to the case. You can very easily scale up your investigation. All the notes you've been taking, all the indicators you've collected, all the interesting stuff you've noticed are logged within the ribbon and available for your colleagues to work on as well. You don't have to email back and forth saying, "I found this. Hey, did you see that?" It's all there. You can cooperate on the same issue.

It saves you a lot of time investigating. It will not just show you what's happening within your environment but also what's happening in the rest of the world. If I'm seeing a file for the first time, it's very unlikely it's the first time in the world this file has ever been scanned. I can check if it has been scanned in other antivirus engines and what they think about the file. There is the integration with the service called VirusTotal. It has about 60 or 80 different engines. If I'm seeing a file and not sure about it, with a single click I can get the opinion of 60 different antivirus products on that file to show me what the rest of the world thinks about it.

The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult. 

What would be really helpful is some sort of library from which you could pull out prefabricated actions. The tools are there to build your own, but it would be nice if there were a library saying, "If you have this and you want to do this, there's some prebuilt stuff here which you can tailor to your own environment." Right now, it's mostly a blank canvas saying, "Take whatever input you want and program your own response."

We've been using the solution for almost a year.

We've had zero issues. It's always available. There are no gaps in monitoring and no downtime.

If there are any limits, we haven't been able to find them yet. We have hundreds of sites reporting into it and I'm not seeing any limits, slowdown, or scalability issues.

I've only used the support resources during setup. There have been no issues or incidents for support so far.

That said, looking at the videos and the manuals they have, etc., there's a lot of support available to get you started. Due to the fact that it's a free add-on if you have any Cisco security products, there is no investment except for a bit of time to get it running.

We didn't previously use a different solution.

The solution's initial setup was very straightforward. It's an online service. You log in with your credentials and on the left-hand side you say, "I have this product, let me integrate." There's a guided setup that's pretty step-by-step. Then, you just go to the next component you want to integrate. It's a guided configuration.

In terms of deployment, the first integration was done within 15 minutes. With the extras we put in it was, let's say, an afternoon of work. It took maybe two or three hours to get everything set up, including all the users, and to get everything integrated and all the dashboards configured.

In terms of maintenance, we have about six people from the security team involved.

I handled the implementation myself. I did not need the assistance of a Cisco consultant.

We've reduced our workload by 20 to 30 percent just from being able to focus on the important things, as this product really does a lot of the grunt work for you. It has really increased the efficiency of the organization's security operations.

For example, if you see something and say, "This should be blocked," or "this is malicious," with SecureX, it will not only automatically block it on endpoint security, but it will also stop the malicious file from being sent or received via email. It will also stop the file from being downloaded or uploaded. That way, if I have a malicious attachment on a laptop somewhere, SecureX will block it everywhere, and it will also protect the users on the WiFi because the firewall, which is between them and the internet, will block it. I can protect devices such as guest devices in the guest WiFi, devices I don't have access to, because I have visibility of all the endpoints with a single click. It's 360-degree protection.

Without the integration, I would have to say, “Well, this email has a malicious attachment, and now I have to worry about it on 300 different firewalls. I have to put in a rule to block this attachment everywhere.” We'd need dozens of people working on that. Now, it's a simple mouse click.

On top of that, we're 50 to 70 percent more efficient in investigations. It really saves a huge amount of manual checking.

It has probably saved our compliance officer 10 percent of his time as well.

For the value you get, the pricing of the solution is excellent.

We didn't evaluate other options. There's really nothing with this type of huge scope. There were some basic logging solutions and some other incident response stuff, however, there was nothing that covers your entire security apparatus.

We haven't worked on automating all the manual processes in our security operations yet. We want to implement more of them, however, we're still looking into the details. This year we'll be starting to use the orchestration feature. That way, an end-user can forward an email and it will automatically be checked and he'll get a report back. Those are the kinds of automations we'll start using this year.

You only need two or three hours to get everything set up, to put things into it, and to see how it works, with zero impact onsite. You don't need any extra resources. There's nothing fancy to configure. It's very easy to integrate. I'd advise companies to try it and just see how it becomes the dashboard for your entire security operation.

I would rate this product at a nine out of ten due to the fact that the orchestration piece is a bit difficult. That said, everything else, especially for the price, is unbeatable.

One area for improvement in SecureX could be additional on-premises options for organizations like ours that require more control over certain aspects of the platform. I also think enhancing automation capabilities could further improve the product.

I've been using SecureX for about two months.

It has been stable with a rating of around nine out of ten for stability.

When it comes to scalability, I find SecureX easy to expand based on our needs.

Although we haven't directly contacted Cisco's technical support, I've heard positive feedback about their support services.

The setup process was straightforward, and we didn't require any third-party consultants.

Overall, I would rate SecureX at around eight out of ten for its valuable features, ease of use, and integration capabilities. It's a recommended solution for threat detection and security orchestration.