Cisco Secure Email Reviews

Our customers use the solution as an email security tool.

The product blocks spam emails.

The scalability must be improved. The product is a bit traditional. There are many vendors in the market. A customer might not always choose Cisco.

I have been reselling the solution since 2010.

I rate the tool’s stability an eight out of ten.

I rate the tool’s scalability a seven out of ten. Our customers are medium and enterprise-level businesses.

I rate the ease of setup a seven or eight out of ten. The deployments takes one to two weeks.

I rate the product a seven out of ten on a scale where one is cheap and ten is expensive.

Sometimes, customers choose Forcepoint or Barracuda. Usually, if the customers have a Cisco setup, they choose Cisco Secure Email.

Cisco is an integrated solution. Overall, I rate the product an eight out of ten.

I work at S21sec, which is a partner of Cisco in Portugal. We do integration of different Cisco solutions for our customers. Nowadays, we mostly do integration of Cisco cloud solutions for customers.

Cisco Secure Email is the solution that we deploy for customers in Portugal mostly as a backup of an existing solution such as Office 365 because it guarantees that the customer never falls out of options if the main product has some problem. If they rely on having an email solution that cannot fail, that's an excellent option for them to have in place. It's the oldest solution that we deploy for customers in Portugal. It has a very nice history and very good quality. It's perceived by our customers as an email solution that functions all the time.

One benefit is the resilience of the solution when implemented in conjunction with other solutions, and the other one is the new features that Cisco is adding to the solution itself, such as awareness of advanced phishing threats. The environment that Cisco is building around this primary product in its catalog is helpful.

We offer almost all of the Cisco Security solutions, but recently, we've been working more with cloud solutions. It's easier for customers to adopt them. We also continue to deploy some of the firewall solutions with the physical devices and also email protection solutions either with the VM solutions or with the physical appliances. We've been seeing evermore integration of the products based on the browsing console, which is very nice for customers because they only need to have a browser to access all the different consoles of different products. They can be consolidated with SecureX. It's an advantage for the customer to be able to handle all the different consoles for different integrations that the customer has in one place.

Cisco Talos is a very nice complementary solution to the email protection suite. It gives you the threat intel regarding the latest news and infections that can be problematic for the customers. They become aware of what's happening and any latest vulnerabilities they may have on-prem.

The advanced phishing protection and the integration with the awareness tool that Cisco has embedded into the solution to bring awareness to the customers about the dangers of phishing attacks and other things that come from email are the most valuable features.

Cisco has already improved this solution with some add-ons to the basic product. Cisco is already providing a very good environment with the IronPort solution, but there could be some more integration with other products. For instance, an integration with the EDR solution could be there to raise an alert.

We've been a partner of Cisco for more than 10 years, and we've mostly done integration of solutions. 

We usually give the first line of support to the customer, and then only, we go to the Cisco support. We have a very strong Cisco security team in Portugal, so whenever we need any support, we use those resources. I don't remember a time when I had to open a ticket because the local team has been very good.

Positive

Cisco Secure Email hasn't helped clients consolidate any applications. In Portugal, there's no business for that because what you usually do is implement several solutions that are regarded as the better solutions in terms of the market. In some cases, it could be Cisco, and in other cases, it could be another player. At S21sec, we try to give a better solution to customers and adapt and customize it to the specific needs of our customers.

The main difference between Cisco Secure Email and other solutions is the reliability and the capability to offline the email if there are some problems on the customer side. We can also overcome problems that may arise in terms of the local telecommunication operators that handle the communication. If there's a failure there, we can overcome those problems with the relays from the Cisco solution.

The deployment model varies a little bit. In Portugal, some sectors still rely on on-prem solutions, but we are trying to build awareness that the new solutions relying on the cloud are better for the customers because they don't have to worry about getting new patches and new security updates and patching the infrastructure. They only need to rely on having a service that is provided by Cisco for having the best security. They don't have to worry about the maintenance of the platform itself. The cloud provider that our clients use varies. We work a lot with the banks and financial organizations in Portugal. They are historical customers that don't want to go for public cloud solutions. They still rely on on-prem solutions. They have evolved to having virtualized solutions instead of appliance solutions, but they still rely on having mostly private cloud solutions. They use local providers. We are seeing a shift to global providers but not with all of them.

It's a very modular solution. We have some customers who have deployments all over the world. We clusterize the solutions in each of those locations, and then they connect them with the global management solution. We can manage all the operations of the different clusters spread around the world from one site. It's a very good solution in terms of redundancy even in different geographies.

It's a very easy solution. You can go for a very customizable environment, but usually, for the day-to-day needs of most customers, it's very easy to deploy. You can just customize the options to make it more secure for a customer's environment.

It's adapted to the market. It's similar to other vendors. We at least don't have many problems regarding that because Cisco is adaptable on that side. When we present the solutions to the customers, we tend to achieve the goals that the customer has in terms of the budget for such implementations.

We offer the best solution for what customers intend to do and the type of problems that their business may have. When a solution is adaptable and customizable to the customer environment, customers tend to go ahead with it. Even if it requires more investment, we find a way of getting it to the budget and getting a good return on investment.

To those evaluating this solution, I'd recommend trying the product. Cloud solutions are very easy to use, and you can do a PoC. In a matter of hours or a day, you can deploy the solution and use it fully.

We are Cisco partners. Cisco has a very nice solution and a very good security team in Portugal, but obviously, they can't cater to all the customers. An integrator does that part. With the relationship that we have with the customers, we can apply and customize the solutions that Cisco has in its portfolio according to the environment and specific needs of each customer.

Our partnership with Cisco is pretty close to a 10 out of 10 because we are getting different kinds of solutions. We at S21sec handle just security. We don't do storage, and we don't do servers. We are very focused on security, and the partnership that we have with Cisco is ever-growing because nowadays, for instance, OT solutions are also a very huge concern for us, and what we have seen with Cisco solutions that are being brought to the market is that they also started to handle the new security issues that we find in other sectors. They are not only into IT. They are also going into the OT and the IoT world. They are able to customize and bring new solutions, even some developed insights, by buying other companies and adapting them to the Cisco reality. They are able to devise a product that handles the needs of different kinds of customers in different areas of the business, not just the IT world but also the industrial world.

I would rate Cisco Secure Email a nine out of ten. It's growing up to be much more than just an email protection tool. It's going for the awareness of the customers, and that's a good complementary solution that addresses other problems that come from using email nowadays.

It is our email gateway. We have the Exchange Servers, but the Exchange Servers don't relay directly with the internet. We have ESA in-between, and every incoming and outgoing email must pass through ESA before it gets to the internet.

We are using Email Security Appliance C690, and we have three of them in a cluster. They are on-premise. We have decided not to go to the cloud. It is primarily because most of our clients are government agencies and the government, and they have this suspicion about the cloud. So, right now, we are still on-premise. 

Currently, we are on version 13.8. There is a newer version, but we are yet to migrate to that version.

We use ESA with Security Management Appliance (SMA). We have SMA M690. The integration of ESA and SMA makes the whole work easier. SMA is the central content appliance, and we have three ESAs. The SMA is able to collaborate with the clustered ESAs for log management and other things. It gives some stability in terms of what is happening. ESA keeps a lot of logs, so SMA is able to move through ESA and get those logs out. This integration has really helped us to drive our operation in the email platform.

It does a lot in terms of preventing phishing and business email compromise with DP and Advanced Phishing Protection. DMARC gives visibility for preventing spoofing and social engineering attacks. ESA has been able to help and protect us from those attacks. It is doing a lot of work. Gartner has always rated Cisco's ESA appliance as one of the major players.

It is doing a lot to prevent spam, malware, and ransomware. Everything is also tied to how you have configured it. Some of the spam emails don't get to the customers. We can quarantine a spam email, which gives us the visibility to look at it and see if it is actually spam or not. It is doing its work. It is. There are no false positives. It is working perfectly.

Email service is one of the services that we offer at Galaxy. ESA has improved our business. Our customers want to maintain their business with us for email security. We have over 500 domains on our email platform. It has improved our profitability in everything.

They have a lot of features such as Advanced Malware Protection, Email Protection, Advanced Phishing Protection, Antispam, Antivirus, and Outbreak Filters. They are very important.

It is doing its work. It is doing what it was actually designed to do. It has ensured we don't have business email compromises, and it has also ensured that our brand Galaxy is unique all year round. 

The area of license renewal should be improved. We normally renew our license every year. There is a feature called smart licensing, and I switched from the legacy mode to the smart licensing mode because of what I thought smart licensing does. I thought it would make licensing renewal seamless and very swift, but ever since I've switched to smart licensing, each time I want to renew my license, it is a whole lot of headache. The process is not smooth, and I had to keep calling Cisco TAC to see how the issue can be resolved. At one point, I wanted to revert back to the legacy mode, but I can't revert. Once you switch from the legacy mode to the smart licensing mode, you can't revert. They should improve on the visibility of the smart licensing mode so that it can indeed be smart and easier to use for the license renewal every year. That is one challenge.

Another challenge is that there is no way for me to know my level of utilization. For example, if I have a subscription of 2,000, there should be a way for me to know my level of utilization. Currently, I don't know my level of utilization. So, if my license is renewed on 20,000 subscribers and I'm using less than 20,000, I wouldn't know. It doesn't improve my ROI. If I'm using less than the subscription I've applied for, there should be a way the system should tell me, rather than me going to find out manually. When I go to the smart licensing profile, I should be able to see my utilization. I should be able to see that I've subscribed for 20,000 but I'm only using 12,000. This means that if I'm going to renew, I should reduce my licensing mode from 20,000 to maybe 15,000. This kind of information should be given to the customers, but right now, we don't have that.

I've been using this solution since 2017. My organization has been using it before that. It has always been in use as our email security gateway.

It is very stable. They have AsyncOS, which is the OS that runs on the appliance. They've released different versions. There is a general version, a limited version, etc. They keep coming with more services just to improve the platform. 

We never experienced downtime. We have ESAs, and they are in a cluster. If one ESA fails, there is no downtime. The remaining two can handles email communication and relay. We have high availability and redundancy. So, we don't experience any downtime.

We do ESA health checks with OEM during which they connect with us virtually. They connect to the device and then check if all security features are still well configured and if there is any other way to improve. Doing this quarterly has really helped to make sure that the appliances are up to date.

It is scalable.

They are very good. I would rate them a nine out of 10. If possible, I would rate them a 10, but I just want to be a little bit reserved. 

They've really been very knowledgeable and very patient, and they've always ensured that for any issue, any ticket, or any case that is opened with them, they are prompt. They are quick to ensure that they resolve an issue as soon as possible.

It has always been ESA from the onset.

I wasn't part of the team from the beginning to the end. I came when they were almost done. It was complex but also very interesting. It took two weeks or so if I'm not mistaken.

For the setup, you need to look at the low-level design and the architecture, and then you look at the network interfaces, listeners, routes, default routes, etc. If there is a way they can come up with step-by-step information about configuring it, that would really be nice. The guide right now is too cumbersome and bulky. If there is more straight-to-the-point and procedural information, it would be better. 

Cisco service engineers were the ones in charge. 

We have seen an ROI.

At times, we feel the pricing is a bit too high, but then, there is also room for discounts. We enjoy a lot of discounts, and that is why we are still with them. There are no costs in addition to the standard licensing fees.

We have evaluated other solutions, such as FortiMail from Fortinet, but we stuck with Cisco ESA. ESA's pricing and licensing were what led to us trying to see how we can bring it all together.

It is stable and credible. I would always tell someone else to try it out. Of course, before you try it out, you can look at what Gartner is saying. Gartner has always placed the Cisco Email Security Appliance up there along with Mimecast and other top players. 

It is well-secured. Security is everyone's concern, so I will always tell people to go for it. It is very secure. Its pricing has been a little bit high, but you can always ask for a discount from your account managers, country manager, or whoever is in charge in your region.

I would rate this solution an eight out of 10.

We use the solution for endpoint protection, including email protection, such as antivirus, anti-phishing, content filtering, outbreak filtering, and greymail protection.

An important feature is retrospective analysis, which allows the solution to retrieve emails sent even a week ago, even if they have already been delivered. This is done by analyzing emails for malicious content after they have been sent.

Cisco Secure Email focuses on cloud-based threat intelligence and endpoint security. The current version improves on the on-premises version by integrating Threat Grid and Advanced Malware Protection, which helps users quickly identify malicious emails.

The product is stable. We never had issues. If everything is configured right, it's something you can easily forget about.

The solution is scalable.

1300 users are using this solution.

We used it once when the appliance was acting up and then realized that an upgrade was needed. We follow up on the requirements upgrades and patching. It doesn't require much patching.

The initial setup is straightforward.

Cisco Secure Email can be integrated in-house, but we are too busy. Therefore, we have decided to use an integrator.

Even though Cisco Secure Email is not cheap, it offers a good return on investment. Cisco needs to ensure that its products are functional and have a long support timeline.

The solution is not cheap.

Cisco Secure Email is a fast data service. Because of this, most of its features are already pre-configured. All clients need to do is customize and tailor the service to their specific use cases.

I would recommend anyone using the on-premise ports move to the cloud.

Overall, I rate the solution a ten out of ten.

It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

The bulk of the email stopped would be marketing. Spam-related email tends to be our biggest issue. The most dangerous contain malicious content, and those tend to be the worst.

The biggest issues are the social engineering and phishing. A lot of the spammers are actually quite good at spear phishing attacks and social engineering our emails. We obviously do checks. We run some simulations for our staff, where we try and train them so they are aware of what not to click on. Also, we have installed Umbrella and had it for a long time as well. Therefore, if something was malicious, and one of our users had clicked on it, Umbrella would usually stop anything outgoing. The combination of the two solutions has really helped secure our organization.

I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does.

The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have.

Over seven years.

We really haven't seen any issues on the stability side of it being cloud-based. We also have three virtual hosts that run in our environment. in the event that we lose one, there are two others. We have never seen any issues with the environment, which Cisco proactively monitors. They'll come back to us and indicate if there are any hardware performance issues and schedule appropriate restarts to appliances, if required. This happens occasionally. 

Given a lot of people target hospitals, we tend to be attacked more than other corporations because there are health records, health information, financial information, and research information. Cisco Secure Email Cloud Gateway and some other products have definitely allowed us not to have the downtime that we may have had if our previous products and solutions were in place. As far as I'm aware, we haven't had any downtime since we put in Cisco Secure Email Cloud Gateway and Umbrella several years ago, which has been fantastic. 

We have our security analyst who gets feeds out of Cisco Secure Email Cloud Gateway into our other products. We also get feeds into AMP for Endpoints, so we see what happens because we have our Cisco Secure Email Cloud Gateway integrated with AMP for Endpoints. That goes into our Threat Grid and Threat Response. 

Our server team might get queries about messages that might have been quarantined or someone having trouble receiving external emails. That's usually where a domain might be rated above our parameters and gets blocked. With something like 3,000 mailboxes, we spend at most an hour a day checking on the Cisco Secure Email Cloud Gateway environment. 

Our environment is scalable, and we monitor that with Cisco. When we do our periodic Health Checks, we look at the performance of the appliances and how they're doing. They're handling the 10 to 12 million emails that we do receive through Cisco Secure Email Cloud Gateway a month. There are about 90 percent which are not even forwarded onto us. Therefore, it's handling the capacity that we have at the moment. At this stage, there's no need for any increase in our hardware.

It's an invisible service where every piece of email going in and out of the organization goes through CES.

We are doing more integrations with other security products, like Threat Grid, Threat Response, and AMP, along with SecureX. Getting the Cisco Secure Email Cloud Gateway feed into that and have one pane of glass to see the threats of the organization through both emails, firewalls, routers and VPN is fantastic. 

We have a team of resources at Cisco that we can call on, if we need things escalated. Having great customer-centered service and support is one of the reasons why going with Cisco has been such a fantastic decision for both organizations that I've been at.

Positive

Prior to using Cisco Secure Email Cloud Gateway and my being at the organization, they had a Qbot massive issue. I don't know a lot of the detail, but at the time, we had a lot of machines that had to run certain versions of software. Because of it being older software, legacy-type applications, they were more susceptible to issues. Qbot just went through the organization and took out a lot of that equipment/machines. Cisco actually came in and assisted to get rid of all the issues that we saw with Qbot, etc. It took several weeks spent by Cisco and other organizations trying to resolve our issues with Qbot to get things operational and back to normal. That was really the catalyst to get Cisco Email Secuity into the organization.

We were previously using McAfee for both their Endpoint Protection as well as for Email Servers. The difference was the volume of emails hitting our email servers. The servers had to deal with 10 million emails a month. Having to process those additional emails and pushing them onto users took a massive amount of infrastructure and resources at a server level. Whereas, at the moment, our servers are not having to deal with that because we have Cisco Secure Email Cloud Gateway right outside of our perimeter.

One of the reasons that we switched away from McAfee is that we moved to an enterprise agreement with Cisco. Under that, we get the Cisco Advanced Malware Protection (AMP) for Endpoints. Once we went down that path and install it, there was no point in having McAfee as well when the AMP for Endpoints already has some of the different engines. Plus, there was a duplication of costs and applications, such as the support costs as well as to maintain multiple antivirus and endpoint protection software.

At my previous organization, we were using the standard Office 365 controls and Email Gateway before we put in CES. The amount of email and spam that we got, even malicious emails, through Microsoft was horrendous. We ended up having four different massive outages because of getting some viruses in the organization and some of our file servers along with encrypted user hard drives. We had four instances of major outages where we were down for probably 24 hours each time, and that was only because we had the backups. We also had some other measures where as soon as we saw any change in the root directory (as that data encrypts our file shares), we'd automatically shut the services down. However, this was an inconvenience for the users. You would end up getting the initial malware, then also having to do remediation to get it back to normal. When you have potentially hundreds of staff who are offline for 24 hours, it's a very big cost to the organization when you don't have your systems up and running. 

When the malware got through Office 365 on four different instances, that was directly attributable to the difference between Office 365 and CES. Our users still had to get their email through our on-prem server, but we did not let staff get their emails directly from the Microsoft 365 Server.

Once we put in CES, these issues disappeared altogether, and we were thankful that the volume of spam emails decreased considerably. Office 365 is a good second check to CES, but there's nothing that I've ever seen which has gotten through Cisco Secure Email Cloud Gateway that Office 365 has picked up.

The initial setup is straightforward. Cisco does a very good job of onboarding customers and setting it up so it's very much ready to go based on some fairly standard settings from Cisco's point of view. 

The deployment took only a few hours. Even at my previous organization, it was very quick. Once it was done, we changed our MX records to go to Cisco Secure Email Cloud Gateway instead of Office 365. From there, email went from Cisco Secure Email Cloud Gateway to Office 365. It was pretty simple. We had control of our DNS so it was very quick and easy for us to change the records and get our email flowing through Cisco Secure Email Cloud Gateway. We could see the benefits straightaway. We could see just how much volume was coming in, e.g., in my previous organization, we had something like a million emails per month, of which eight percent would be delivered to our end users.

In terms of switching from one solution to another, it's seamless for the user. They are not seeing the downtime because they're connected to the local Exchange Server. Therefore, they're not seeing the upstream components. There might be a slight delay in terms of the MX records globally, but that is, at worst, 24 hours. So, there might be some delayed emails, but that's probably the only thing. Once we had switched over, we received positive feedback saying, "Hey, what have you done? It's been fantastic. You've reduced the amount of spam messages we used to get."

It was easy enough to do the implementation with Cisco and their support because we had adopted an enterprise agreement with them. Therefore, we had the support of Cisco implementing both Cisco Secure Email Cloud Gateway and Umbrella into our organization. They were very good at helping getting up and running.

There was one of my other staff who assisted me in setting up Cisco Secure Email Cloud Gateway with Cisco. It was relatively simple and easy. 

Doing Health Checks with Cisco have been fantastic. Being able to do those every few months and going through what other options that we might want to lock down or change gives us an opportunity to ask them questions, see what we could be doing better, or what new measures/features have been deployed, furthering securing our organization. The Health Checks are an invaluable service that Cisco provides to CES.

In my previous organization, avoiding four instances of CryptoLocker within an estimated six month period is approximately $600,000 in lost time and effort. Our five year cost was about a million dollars, and the four outages that we had equated to 65 percent of that five year cost. It ended up being a very simple decision to go with the security enterprise agreement with Cisco, which included Cisco Secure Email Cloud Gateway and all their other cybersecurity products.

Office 365’s native security controls to protect your organization compared to this solution are terrible. With Office 365, unless you actually pay for the advanced options with email security, they're actually quite useless. You've no control over the standard offering.

My previous organization did look at the Symantec Cloud solution. At both organizations, it didn't really make any economical sense to look at other vendors. If we had an enterprise agreement with Cisco, then you get the support from Cisco that's second to none, where you get somebody on the phone straightaway to work through your issue until it's resolved. My previous dealings with Symantec and McAfee are that they're not as customer-focused in terms of their support. Cisco has been.

Don't have an organization that doesn't have this sort of protection in place. If I was to be in another organization, and they didn't have this sort of protection, I would definitely be advocating that they get something in very quickly.

Don't hesitate: The benefits are there. It can be seen as being a large cost. However, if you've ever had any instances where you've been affected by malware or CryptoLocker, there are a number of things that you should be doing as an organization: perimeter email security, DNS protection, and removing USB access on devices. These are probably the top three things that I'd be advising people to do.

We don't use Office 365 (which is now Microsoft 365) at the moment, but it's something that we are looking at. Being a large hospital, we're looking at aligning ourselves with our Department of Health so Office 365 is something that we will be using that to a certain extent. However, we would still be using Cisco Secure Email Cloud Gateway if we did move to that. We would deliver emails from Cisco Secure Email Cloud Gateway into Office 365. That way, we would still have the security. That's how I've set it up at previous organizations: Going from Cisco Secure Email Cloud Gateway into Office 365, delivering to our on-prem Exchange Server, and then onto our users.

The amount of traffic that it stops is massive. I would rate it a 10 out of 10.

The main use case is simply as a point of contact for all the emails to go through first, before they ever get into the Office 365 environment, so they can be scanned and checked for malware and spam, all before Office 365 even sees it.

We're currently on version 12. Our instance is in the cloud and we don't actually upgrade it, they do it for us. It should be upgraded to 13 in the next month or two.

The last time I checked, which was about a month ago, when I looked at all the emails sent to any of our domains — because we have about 10 email domains, and they all go through the appliance — by looking at a report the solution has, I saw that 84 percent of the email sent to those domains never got to our Office 365, because it was spam, malware, phishing, or there was something wrong with it. So it stopped 84 percent which was bad email. Based on my experience and talking to users, 99.8 or 99.9 percent of those emails that were stopped were spam or malware. There might've been 0.1 percent that was caught by the mistake. But that's 84 percent of email not even getting into our systems.

It has prevented downtime. The simple fact that 84 percent of them were stopped keeps people from having to look at those in their mailbox. If you take 1,000, out of that number 840 didn't even come through. That's less wasted time going through your mailbox and reviewing your messages. It also frees up the users, when they do see something that's not anywhere near normal, to clue in that there might be something wrong. We have had emails get through, phishing emails and things like that — it has happened — but I would say we probably get one through about twice a month, at most. The users will immediately shoot it right to the help desk. "Is this real? Is this spam? Is this something I should do?" There's no way to really put a number on it, because I've never really looked into it, but if nothing is coming through that you didn't want to see, then there's no downtime.

Only in a couple of cases have we had a user actually do something they shouldn't have done before they notified us, but that's training. You never have a perfect solution. Two a month is our average, over the last year, of emails that got through that we wished hadn't gotten through, but no harm came of it because the user notified us, and we just told them, "Delete it." We make sure everything is working right and that there was no malware involved and we let it go.

Also, as far as the IT department goes, it's made our lives a lot easier. We get emails if anything does happen. We've chosen to see any event. We only get notified of exceptions that we want to investigate or we want to look into. That makes things easier because we're not out looking all the time. We can wait for the email to come in.

We can look at the updates and the different changes Cisco makes to the system to see if any of those things is going to help us. We think about whether we want to invest any time in configuring those? And once it's configured, you're done. The most difficult part of that is remembering what you did. So we've learned to do our documentation that much better because we need to be able to go back and read what we did before, what we configured.

Our company might buy another company, so we have another domain to add our list of domains for email. In less than an hour we have all that set up and the whole system working, with emails going through the appliance. It's saved us a tremendous amount of time daily, just in terms of keeping track of things.

Their trajectory feature is the most valuable. What I mean is that it has the ability to tell us, after an email has been delivered, where else it went, once it got inside. Maybe it's something we wanted it to stop and it didn't stop it, but it notified us later that it was something that it should have stopped. It can give us a trajectory of all the other places that it went internally and it can tell us what files were transferred as well.

It does a great job of preventing spam, malware, and ransomware. I can only go by what people have told me and what I've seen, but I have not seen spam in a year and a half to two years in my own company mailbox. And there are not a lot of catches where it's catching something that should have gotten through, either. We have an email going out daily of everything it puts into quarantine for a user, so the user can release it if it was caught accidentally. In the last six months, I have probably have had to release six or seven emails. It's not catching them. It's doing a good job of striking a good balance.

That is partly due to how you configure it, but we used the standard, best practices when we configured it. We do go back to Cisco, when they offer a free evaluation to review our configuration every nine to 12 months. That helps us make sure that it's set up right and, if there are any new features, that we're aware of them. We do take them up on that every time they offer it.

When it comes to phishing, I would not give this appliance a perfect score by any means. It's hard to get a perfect score on phishing with any solution. But typically, in a phishing email, they try to use a name everybody's going to recognize, like the CEO's name or the CFO's name. They might spell it wrong, but they will try to get your attention so that you'll do something.

With this appliance, the way it's designed at the moment, for us to really stop that with any level of confidence, we have to build a dictionary of all the names of the people we want it to check, and all the ways they could be spelled. My name would be in there as Phillip Collins, Phillip D. Collins, Phillip Dean Collins, Phil Collins, Phil D. Collins. There could be eight or 10 variations of my name that we'd have to put in the dictionary. There's no artificial intelligence to say "Phil Collins" could be all these other things, and to stop phishing from coming through in that way. It is stopping a lot of phishing when we do use that dictionary. We essentially let the email come in, but we put a header at the top, in red, telling the user to be very careful, this may not be a real email, and let the user decide at that point, because it's looking at whether or not it came from a domain outside our domains.

If I have to send myself an email from my personal domain at home, it has my name in it, Phillip Collins. We want it to notice that Phillip Collins is a name that's in the company directory, but it's not coming from one of our domains. We want the user to understand that that is how they get around it. Phishing emails will come from the attacker's own email address, but they will set the display name, what you'll see, as something familiar. That's why I wouldn't give it anywhere near a perfect score, because the artificial intelligence just isn't there yet. You have to manually put these things. As you have people come and go in your organizations, you have to decide if you want these people in that dictionary or not. If they leave then you've got to take them out. There's a lot of work to doing that with this solution at the moment.

Another minor thing is the interface that you work with as an administrator. It is not as intuitive as I would like it to be. It's all there, if you understand what you're doing; what email is doing and how you detect certain things. It is not difficult at all to work with, but it could be more intuitive for somebody starting out.

Finally, they separate the email security appliance from the reporting appliance. It's the Cisco Secure Email Gateway and the SMA; they are two separate appliances. The reporting appliance just gets information from the email security appliance and helps you formulate reports. To me, that should all be one. It doesn't bother me that it's not, but sometimes I have to think, "Do I need to go to this appliance or this appliance to get that information?" It should all be in one place, but those are minor things.

I have been using Cisco Email Security for two-and-a-half years.

It's extremely stable. It hasn't gone down on us since we've had it. They made a major move, moving their appliances out of the AWS cloud into Cisco's cloud. They notified us they were moving and we talked about it. We really didn't have to do much of anything, and there was no downtime at all when that happened.

We do have two security appliances in the cloud, so if one went down, the other would pick up. There is redundancy at the hardware level, but we've never gone down.

It's extremely scalable, especially with it being a cloud appliance, because you're not bound by the hardware like you might be if you bought from an on-prem installation. If we need to go from 500 to 1,000 users, they can just tweak the hardware settings on their end and we're ready to go. I don't think scalability is an issue at all with it being in the cloud.

There are approximately 425 email accounts that it's monitoring and when I last looked at the report about a month ago, there were 25,000 emails a day, on average, that it was analyzing for those 425 users. We're about to add another 50 to 60 new users from a company we just bought. We'll go up to nearly 500 in the next month or two, but I don't see any issues with that . We'll be adding their domain to our system and then adding the users.

I've worked with Cisco support two or three times in the two-and-a-half years we've had it and it's been wonderful. Most of what I've done is through email because it hasn't been an issue where the system is down. It was just that I wanted to understand something better or I wanted to implement something and needed to know if it was included. And if it was included, how would I work with it and could they send me the documentation? Always, within two or three hours, I've gotten a response, which is very acceptable to me considering we're not down. They've always gotten back rather quickly, and resolved almost everything within one or two emails.

Before this, we really didn't have a comprehensive email solution. We were simply using the antivirus on the machines. We didn't have anything to stop it from ever getting in, in the first place. Comparing it to other products I used before I came to this company, just about four years ago, it's done much better than any other product I've ever used.

I don't have any way to compare it to anything my current company had before because it didn't have much of anything before. When I came in, that was one of the tasks I was given —securing the email — along with moving us to Office 365. The company had been hit with ransomware before I got here. It had that experience of being attacked and being caught with ransomware, and it didn't have an IT department before I got there. I was the IT department for the first year. We've grown tremendously since then.

On a scale of one to 10, with 10 being complex, the initial setup is about a four. It's not that complex. But that's what I meant about the interface. You've got to jump around from place to place to do it. It does have some good menus, but a quick wizard is something that would be nice, where you could just walk through it, and not have to jump between different sections of the menu.

The original deployment took about half a day, if that long. There were probably another eight hours' worth of work on my part going into it, getting familiar with it, and finishing some things here and there.

When they went through it with us, we hit the high points and the main things. I did most of the connecting it to Office 365. Once you do the main things, you always need to go back and you look for those little things that might help you. A little tweak here, a little tweak there — sensitivity settings. So I spent about another eight hours going back and reviewing everything and making myself feel comfortable that it was actually doing what it was supposed to do. There were probably another eight hours over the next couple of months after that, watching the reports and spending enough time with the reports to make sure that it was operating the way we wanted it to.

In terms of our staff involved in deploying and maintaining CES, it's me and there's a junior infrastructure engineer who works with me.

The simple fact that users don't get trashed by email means we're working a fraction of the time that we used to work on emails and dealing with the results. It's paid for itself twice over, in my opinion. It has to have done so, based on the time we were spending on it.

You're going to get what you pay for. If you're not willing to pay the price of Cisco, you're not going to get a product that's as good as Cisco. I don't think Cisco is overpriced, because for the last two years I've been comparing it to Microsoft and Cisco has been cheaper and given us more features.

It really comes down to analyzing what you are actually getting. You might find something at half the price, but what are they not giving you that Cisco's giving you, and do you think that that matters to your company or not? It's an individual thing, but that was what we looked at. Does that make a difference to Revolution as a company or is it something we can do without? Cisco gave us the best overall package.

The only other vendor we really looked at seriously at the time was going with a Microsoft solution and Office 365. Even back then they had something, not that it was very good. But it's simply that we were a Cisco shop, in the sense that we've had Cisco firewalls and Cisco switches for the infrastructure. At that point we had already committed to their Firepower option on the firewalls that collected the information. We had been doing that for about a year. I went to one of their events in Little Rock and that's where they talked about it. I was intrigued and did some more research on my own and determined that this was something we couldn't pass up. 

We were a Cisco AMP shop for our antivirus already, which is part of Firepower in a sense. Everything was going to Talos already. The email just made sense because they would all talk to each other and they would get all the information from all the different angles, even across to web access through their Umbrella system. We used that for about a year. When we got our new SD-WAN, it had a lot of the same features the Umbrella system had and we dropped it at that point.

You can put all your eggs in one basket and that can be bad, but in this case it wasn't. It actually worked out well for us.

Everything goes through Cisco so we don't really see anything happening in Office 365. We do have the basic settings for this or for that set in Office 365, but we haven't gone in and fine tuned it the way we did Cisco, because Cisco's the main point of blocking things. When we chose the Cisco solution, there was no way Microsoft's Office 365 solution could have done what we needed it to do. There was no way it would have had any of these major capabilities we needed. It wouldn't have blocked a fraction of the email that the Cisco appliance does. I try to keep up on this and it could be that Microsoft's new ATP might be a game-changer. What I've read sounds a lot like the Cisco appliance. But Microsoft has thrown a kicker in there by adding artificial intelligence. With Microsoft, I wouldn't have had to put in all the name combinations because it would interpret all the names I need it to interpret, even with characters and symbols. I haven't tried it, and I don't have plans at the moment to do so, but from what I've read, Microsoft is catching up.

There are some issues with Microsoft with their integration, simply because you pretty much have to go all-in with Intune, Autopilot — all those features and tools they have to get Microsoft ATP to work. And then you've got to buy the Microsoft 365 E5 license to get all of those security features.

If things are similar, it all comes down to cost and we look at that every year when we renew. What are we paying Microsoft in subscription fees and what is Cisco costing us? So far, Cisco's been cheaper than upgrading Microsoft to the license level we need. Our contract renews in November, so we'll look at it again. That's when we really delve into Microsoft's capabilities. We would want to make sure it would do everything Cisco is doing, before we would make a change, if Microsoft were price-competitive.

Take Cisco up on the offer to walk you through the implementation. It's not that it's a necessity, but it certainly gives you a good feeling, when you're done, that you've covered all your bases. It gave me a good feeling that we covered this and we covered that and they showed me where things were. They give you a copy of the recording where you were on with them and went through everything. You can go back and watch it again later to review it. The same thing is true with their reviews every nine to 12 months. They record them and send you a copy of the recording so you can go back and look at it.

Take them up on that and be willing to sit there and just ask pertinent questions and make sure you understand as you go through it.

As far as the threat assessment analysis goes, what they analyze is what that the appliance decides to send them. That is part of the way it works. When it thinks it has found something and it's not certain, it sends that to Talos first. We don't even know it happened. They get a chance to review it and make a decision of yes or no: this should be stopped or we should go ahead and let it through. We have not leveraged anything other than that from the Talos threat management. We lean on them to help us make sure the right things come through. There have been several times that I have gotten an email as an administrator — you get these emails about statuses — that says, "This has been quarantined in the cloud until we can make a decision," and it will hold it. And once they make the decision, it either stops it or lets it go.

Something else that we're going to begin this year is a training solution to help our users understand what to look for.

I would give Cisco Email Security a nine out of ten. I would give it a 10 if it had a more intuitive interface and the artificial intelligence so we didn't have to do some of that manual stuff.

Our primary use case for Cisco Secure Email is placing it at the edge and then passing it off to another service, like, for example, Postfix. We have security policies that allow certain clients to email.

The user interface massively improved our organization. The device itself works perfectly fine and it's not too complicated to write policies.

What I find the most valuable about Cisco Secure Email is that the logs are not that difficult to see even if you're not used to them. The logs are reasonably readable and diagnosing the problem is not too hard with them.

Cisco Secure Email could rename features in the menus. They could also show a flow of how things go and where the policies sit in conjunction with the actual application.

I have been using Cisco Secure Email for about seven years.

I would say that we hardly had any issues with the stability of this solution.

Tech support can be a bit of a hit-and-miss. Depends on what type of engineer you get when you contact them. Whenever we had an issue, we would either go to the account manager or another engineer.

Positive

My opinion on the licensing of this solution is that it is a mess that needs sorting out. I am not particularly bothered by pricing as I administer it and make recommendations for people to buy or not to buy.

We would use multiple vendors to secure our infrastructure from end to end so that we can detect and remediate threats. We would take everything through email. Email Security Appliance has antivirus and IDS and IPS on anyway. We've got policies in place that only we can receive from certain domains and certain emails within those domains from the customers that they were a part of. We would then pass that on to another service like Postfix. They would then sort out anything that needs to do attachment-wise or anything similar. Eventually, it would go through the Palo Alto firewall as well for the traffic, so anything malicious is picked up across all sets of vendors in that solution.

This solution did not save time for our IT staff, not particularly. It was something we had to deal with and as a network engineer, I had to deal with that aspect of it.

This solution did not save our organization's time because it was a new product that we were selling, so we had more work.

This tool did not help us consolidate our tools because it was a new solution.

We chose Cisco Secure Email because, as the phrase goes, you can't get fired for buying Cisco. We are used to the Cisco product stack as we used the Cisco suite in previous companies.

We started using Cisco Secure Email because we had a lot of junk emails, phishing, and things like that. We wanted to secure the email sites for the end users.

It has had an impact on the awareness of the employees. Previously, a lot of employees were complaining about junk emails, phishing, etc. After using Cisco Secure Email, spam, and other things have been reduced drastically. I'm not sure how it filters them out, but it just learns based on the email subject and other factors. It just filters them and sends them to the junk box. There is an add-on, and if you think that an email is suspicious, you just add it to the add-on or move it to the junk box.

It saves time. Previously, we had to filter the emails and see which ones are junk and if it has been reported or not. There was a daily checking of the mailboxes to see what was going on and what had been blocked, but with Cisco Secure Email, all of that is just in one tab. You see all the emails that have been blocked and the reason they have been blocked. It saves a lot of time for us. It does the job that we need it to do. 

It's flexible. There are a lot of rules and policies that can be easily applied for certain employees or certain mailboxes.

If you are not a technical guy, it is hard to maneuver, but as soon as you work on it, it gets better and better. If there was a better way to know how to do things or how to find things, it would be good.

We have been using Cisco Secure Email for two and a half to three years.

It's stable. We haven't had any issues with it.

After moving from Exchange to Office 365, we thought that we needed to upgrade the license or do a couple of changes, but it was already a part of the plan from the product itself. So, it was easily scalable.

We didn't have to contact them. Our partner did all the jobs that were needed. It was part of the AMC, and since they set it up, it needed just a couple of tweaks when we shifted from Exchange to Office 365. All the support has always been through the partner. Our experience with them has been good. 

Based on my knowledge, its implementation was fast, and there were no issues when it was implemented.

We did a couple of PoC, and it was leading at that time in the market. We compared it to Barracuda and a couple of others. Its ability had set it apart from others. The partner was good, and the PoC was on point. It did what needed to be done. 

I would rate Cisco Secure Email an eight out of ten.