Cisco Secure Email Reviews

Protection against external email threats is our primary use case.

Less spam means more productivity; less time is wasted, helping both users and the security team.

Anti-Spam and Advanced Malware Protection are the most valuable features. They provide protection from most email threats and we also have the option to block Zero-day attacks.

The configuration UI should be made more intuitive. Currently, it takes a while to understand how to do the basic configurations.

In terms additional features, I would like to see customization of reports and dashboards. 

There should be separately module for Phishing and Fraudulent emails

More than 4 years

IronPort is indeed a very stable solution, including both software and hardware.

Scalability is very good. We have not faced any hiccups over the years with a 15 percent increase per year in the number of users. We currently have 3,000-plus users in our organization.  It is one of the main security controls we have and is used extensively. We don't have any plans at the moment to increase usage, but that might change.

We connect through a local/regional partner. Cisco is not good in dealing proactively or even reactively, so we end up relying on partners.

I cannot answer in detail about the initial setup because it was done before my tenure began. In general, it is a complex configuration.

Regarding an implementation strategy, it is best to define basic policies that deal with malware and spam-blocking which apply to the whole organization and then configure specific policies for individual and departmental needs.

Deployment shouldn't take more than a couple of hours for a team of two engineers.

We have seen ROI in the processing time. It processes efficiently and fast. It is almost transparent in its operation. We only need to worry about our email infrastructure. Security and performance-wise, it does not add any overhead or latency.

I am familiar with McAfee and Symantec to some extent. But we have not used those solutions in our production environment. I can't say much about specific differences between the solutions, but Cisco is more stable and we have not faced any issues with its detection capabilities that would make us look at other solutions.

My advice would be to have a very good partner because Cisco will not be proactive in helping and educating you. They will do proactively health check on their device but they don't offer education/training free to the customers like other vendors do. 

It has a complex UI and configuration menu but the product works well, both in terms of security and performance.

I have experience as an SE for IronPort as well as a private consultant. I have used this solution in multiple environments.

I have been able to help customers improve their email security, both new customers purchasing Cisco Secure Email Gateway, as well as long-time users. 

The most valuable features are Advanced Malware Protection, URL filtering, and of course Reputation Filtering.

The reporting functionality needs to be improved.

I have been using Cisco Email Security for nearly 15 years.

We use it to secure our email system, to cut down on all the bad emails that we would otherwise receive. 

The reason for implementing the product was the huge increase in spam and junk mail which occurred when we were adopting these devices. There have been some changes in the way that email is delivered since then, and one or two of the major spam sources have been taken down or prosecuted or jailed. Today, we have less blanket-spam, but we have more targeted phishing emails or spear phishing.

The combination of emails with links that encourage users to give away their user login information can cause problems. When someone's account is compromised it can result in access to our global address list and access to emails that the compromised user may have sent. Therefore, they have details of the format and the style emails that our company uses. We have communication threads that they can take advantage of because they can inject their fake emails into an existing communication thread and try to fool a supplier or client into giving more information or, worst-case, giving money to the wrong person.

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. 

Since then, customized filtering has been very effective and useful for us.

In addition, Cisco has developed the product with its Talos product. They've developed the Cisco Secure Email Gateway systems so that instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they're now providing has a lot of attraction because it helps to prevent phishing emails.

Things such as Sender Domain Reputation, which is a relatively new feature, are attractive because when there's a pop-up domain, which might be a look-alike of your own company domain, or it might be a look-alike for some other company like Microsoft, it gets a bad reputation, and the Cisco Secure Email Gateway systems will reduce the possibility of these emails delivering to the recipient's desktop.

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.

More than five years.

The system is very stable. We have had very little downtime and the system is, in general, reliable. 

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems. In general, we have had a good experience with this product. The hardware, given occasional failures, has been very reliable. There is an upgrade process for keeping the system running with the most current, recommended version of AsyncOS. We have had very few problems where an upgrade has gone wrong. We've been very pleased with the solution.

The scalability is good because when you have appliances such as we have, if you have the infrastructure and the available resources, you can install additional virtual appliances. From the point of view of scalability, if there were a problem with performance, it is possible to add other systems or devices, even though they are virtual, and they all fall under the same control interface. They are all a part of the same cluster so they are all relatively easy to manage.

We currently have 11,000 employees and a large number of those users hold email accounts and email addresses.

We have a 24-hour operation because our company is located in 62 countries, so we have to respond relatively quickly because email is important. We have a department that deals with IT security and likely, at a minimum, we would have six people who have the capability to work on these systems. But in reality, because the systems are very stable, we have three or four people who regularly work on them. All the people who maintain the system are currently in the same department as me and all of them are considered IT security officers. They deal with other systems as well as the email.

Cisco's technical support is, perhaps, taking a different approach to the way that IronPort managed systems. Cisco tends to try and answer questions or problems by email more, initially, rather than talking to someone on the telephone. Sometimes that's not quite as good as IronPort was. 

But, in general, Cisco is good in that when we have a question they will respond quickly. But equally, because we've had these systems for several years, there is a good pool of experience in our security team so that we don't regularly have to ask questions of Cisco support.

We switched to using IronPort because it gives us a second line of defense from spam, phishing, and all the other problem emails. One of the reasons was that there was a major spike in the number of spam and junk emails that people were sending from when we first got these systems. 

The other system that we had was suffering from performance problems because it was being overwhelmed by the volume of emails that were being delivered to Fugro. The other product was still a good product, but it didn't have the performance to handle the volume of email. With the IronPort system being used as a first line of defense, it probably would have done everything that our previous system did, and we could have just removed it from our email processing.

However, we wanted to retain the old system because it had some nice features to do with additional email filtering. Having IronPort as a first line of defense was really good, and then, it was possible to do special filtering and other email reaping on this other system. The other system could then perform at a good level because it was not being overwhelmed by the huge volume of spam, junk, etc.

The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware.

This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco Secure Email Gateway 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed.

We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries.

Because we had the systems before Cisco bought IronPort, we used some assistance from the then-IronPort company for the initial set up. But our own personnel were involved in training courses, so most of the configuration was done by Fugro people.

The IronPort consultants were very good. Because the company was keen for business, they were keen to assist us. At the time, we were, perhaps, one of the more unusual cases because of the quantity of junk, spam, and other types of emails that were being sent to Fugro recipients. IronPort, at that time, was very responsive, very helpful, easy to deal with and, usually, very knowledgeable about the product.

It would be fair to say we have seen return on investment using this solution, but I'm not the person who spends the money or places the orders so I do not have detailed information on it.

We did evaluate other options, but it was a long time ago so I'm not sure I can remember which other options we considered.

Having a good understanding of the product helps in the implementation process, so do some upfront training before you adopt the product. Be closely involved with Cisco support or the Cisco implementation team which will help to make sure that configuration is well adjusted and suited to your company.

I've used the product for more than ten years. Prior to that, it was IronPort. Cisco bought IronPort. We were using the IronPort products before Cisco bought them. We're currently using AsyncOS version 12.

We've used this product for so long, and we've been very happy with it, that we do not have a direct comparison against other products that are available today. That said, and accepting the fact that email security systems are not cheap, this product is still a front-runner and, combined with the new things that Cisco is doing, it has a lot of scope and capability. I would suggest this product would be about a nine, if ten is the best.

It is an anti-spam solution, and we primarily use it for email anti-spam. It removes the spam emails, and we have our own manual filters to remove unnecessary or unwanted emails. So, it is working just fine.

We have been using the solution for more than three years. We started on version 9 and are currently on version 11.1.

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this.

The notifications about why the emails were blocked is a good feature.

Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated.

The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working.

While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.

Three to five years.

We expect 95 to 98 stability (perfection) in the product. 

We have one person doing maintenance, which is me. I handle this product along with three other security products. 

We are currently utilizing all the features in the product.

We have 1100 users.

The support is great. They are very fast with their responses and are very knowledgeable. Its support is available 24 hours. These things are very good.

We did not use a solution prior to this one.

We were looking to automate most of the stuff related to email filtering, so the solution bought from IronPort (now a part of Cisco) was to reduce our workload.

The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. 

It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security.

It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. 

An implementation partner, SecureLink, helped with the setup. They did a good job and were knowledgeable in the product. But, as an implementation partner, they do not take responsibility for any failures of the product.

Cisco helps with the day-to-day. 

We set up the filtering options ourselves.

We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company.

It is not that costly. We pay for the solution through a contractor and pay an annual fee.

We are currently using two different email security products, which is how we are able to identify the pros and cons of Cisco Email Security. We use a similar product called FireEye. It can detect based on sandboxing. Anything bad that it sees, it will detect. It is not based on file extension or file types. Recently, we have been able to block with it using some type of file extensions or hash.

I would recommend to use Cisco Email Security first as your email filtering solution, but do not rely on it as your only solution. 

I like the product because it is very easy to work with or we can make it complex if we want.

We have around 500 to 600 users and we use it for services like Anti-Spam, Advanced Malware Protection (AMP), and scanning. We are also using also multiple content filters, and it's working pretty well for us. In combination with Cisco Secure Email Gateway, we are using Trend Micro.

Before we had Cisco Secure Email Gateway, so we had more spam emails. In fact, we had some other solutions in place, but there was more spam going to the Exchange Server when we compare between we didn't have Cisco Secure Email Gateway deployed and when we deployed it. We cannot say it's 100 percent, but we're covered for 90 to 95 percent of spam. No spam is going to the user right now.

We are using almost all the features because they are necessary to protect emails. The most valuable feature is the different content filters we are using, such as DKIM. 

The Anti-Spam feature is also valuable for us because, most of the time, we notice that what is coming in is spam, and the Anti-Spam filter works very well. That's one of the features we like most.

We would like to see more options for the customization of content filters.

Three to five years.

The stability of the solution is very good. They always come out with very stable versions of firmware and it has never caused any issues.

Cisco Email Security is working well for us, but we currently have no plans to increase usage.

Technical support is very fast to respond. They are well-trained and experienced.

We were using Trend Micro and we are still using it now that we have Cisco Secure Email Gateway. Cisco's solution is more efficient and provides more options. For us, it also creates one more layer of security.

The initial setup was pretty straightforward. The basic mail policies were very easy to set up, but tuning the email flow and blocking certain things according to particular requirements takes time.

The initial deployment took about a week. Our implementation strategy was not to stop the mail flow while implementing adequate security features, including Anti-Spam, AMP, and AV.

Deployment and maintenance requires one engineer, maximum.

We used an integrator. I was not involved directly.

Licensing is done yearly, but I am not involved with purchasing side of things.

Cisco Secure Email Gateway was our first choice.

This is a great product with wonderful support. You won't have any issues.

It's our primary enterprise email gateway. It's the first stop for edge email security.

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

One of the nicest things is that parts of it are highly intuitive. For instance, black-listing, white-listing, and things of that nature are very easy to do and they're very intuitive. You wouldn't even need any training to be able to perform those actions straight out-of-the-box. 

Even though it's not perfect, it has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked. Again, it's not 100 percent, but out-of-the-box I didn't have to touch it, I didn't have to tune it, I didn't have to tweak it. I believe it leverages the threat-intelligence database and does what it needs to do in making sure that the bad stuff stays out and virtually all of the good stuff makes it through.

We find bugs, just like anyone else. We bring them to Cisco's attention. 

If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult.

But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment.

There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.

One to three years.

It's been stable. I don't have to do anything with my email gateways. They chug along and they do what they do. They don't always get it perfect, but I have never had one fail on me. And I've never had a problematic appliance that I'm aware of. We had Proofpoint for a lot longer, but if I were to compare the percentages, I would have to say that the stability of Cisco appliances is superior to that of our previous Proofpoint environment.

We haven't had to address scalability. The umbrella IronPort is broken down into two halves: email security and web security. I haven't had to deal with the scalability of the email security at all. But since they're both under IronPort, I have had to deal with scalability on the web security end. Relying on some of that experience, my assumption is that the way it worked for the Web Security Appliances is probably pretty similar to how it works for the Cisco Secure Email Gateway. With that in mind, I can say that scalability is not an issue. It's as easy as just bringing another Cisco Secure Email Gateway into the cluster.

In terms of plans to increase usage, if you ask any enterprise they're going to tell you, "Yes, of course, we're going to grow, and as we grow we're going to use more." And the reality is, any growing enterprise is going to utilize email more and more. As the landscape morphs and changes, so do your rule sets and the features available to you on these appliances. Will we be using it more and more? Absolutely. Will it be a daily thing? Absolutely. I'm in these appliances every single day, taking a look and tuning where necessary and trying to find more efficient ways to handle the email traffic flow. It's safe to say that for any enterprise that's going to be the case.

We were using Proofpoint and then we switched to Cisco. As I mentioned above, reportability was one of the main reasons we switched, but the biggest one was cost. If you can get an equivalent functionality for a better price it's wise to do so. That's what our primary decision came down to: We could get equivalent functionality at a lower price point.

There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. 

When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. 

Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do.

The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today.

In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was:

• run in parallel
• send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to 
• and then we staged it a little bit more. 

We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over.

Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. 

In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. 

One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No.

Since we are using Cisco cloud appliances, we had to have Cisco's involvement. They brought up the cloud appliances, where the initial configuration is done, and then we were the ones who started doing the final configurations, the moves and the migrations, as we entered the testing phase. We then moved more toward the final production move.

In terms of our experience with Cisco reps, I can speak on it more broadly as well, not just from a shear email-security perspective. When implementing a Cisco product, they're great in those initial stages. You get that expert help and it's a relatively smooth bring-up. For the things that go wrong, you have a Cisco person working with you who has the answer or knows who to go ping to get the answer. It's really nice.

That changes a little bit as time goes on. Once that expert is no longer helping you with your initial bring-up, then you rely more on the vendor's support matrix to get your solutions further tuned and to work out the little wrinkles as you experience them. Of course, it is universal - I haven't seen an example where this is exception - that this process is less smooth. 

As far as initial bring-up goes with Cisco, it's very smooth. Once that expert is no longer working with you on the bring-up and you run into issues and need to get help, that's less smooth. It's less smooth in that when you call any vendor's support line you get varying degrees of expertise. The same challenges are experienced with any international company where there could potentially be language barriers, based on where your call gets routed for support. That can slow the whole process down a bit.

That's just a reality of today's world, but it's workable. Unfortunately, it's a rather normal thing but there are different skillsets depending on the individual you're talking to, and then, depending on what the issue is and how complex the issue gets, your time to resolution may end up dragging out a lot longer than you had originally anticipated.

Our top-three choices were considering staying with Proofpoint, as well as Cisco, and Microsoft. We were looking at the bigger names.

In retrospect, I would probably want to talk to someone like myself. I'm now using Cisco security appliances and I can see how someone like me in another agency would benefit from talking to me about: "Hey what do you see? How's it going? What have your experiences been with the product?" If you can, find someone who is actually using it and talk to them.

In addition, it really depends on where you're coming from. The learning curve is going to be there regardless, because it's a new product. But if you're coming from a smaller email security platform up to this one, the learning curve is going to be steep. You may actually want to invest the time and the money into some additional training. Don't neglect that because if you just try to rely on Cisco support you're going to notice pretty consistent slowdowns. If that's okay, then it won't be an issue. Of course, it's always okay until something urgent comes up. If you're trained up, you can handle it yourself. Nobody knows everything, but it's in your best interest to know as much as possible. 

We used Cisco Secure Email Gateway to filter spam. My overall experience with Cisco Secure Email Gateway was pretty good. No major issues were reported in my time. It worked fine for me.

One of the most valuable features would be the logs. There were detailed logs available. That was a seriously good feature. There were cases in which some spam mails penetrated through Cisco Secure Email Gateway; users reported that these were spam. The support was also good from Cisco. I got in touch with support and they helped us. It turns out these were actually spoof emails that came into our environment. I got to know about them from the log system. I was able to create a filter as a result.

For me, the ease of use was good. From the logs, from the configuration, from the monitoring perspectives, it was all good.

They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters. They can definitely work more on that.

They can also work on the updating of the appliance. We had to do it once, when I was part of the engineering team. We had to update to a later version. It was complicated for me. I had to follow the instructions without understanding anything. Maybe there was pressure that caused me to not and understand them properly, but it was still complicated. The documentation was not there when we tried to update it. It may also have been due to my lack of experience. If I had done it twice or three times, I might have become accustomed to it and have done it more easily.

One to three years.

It was very stable. My experience with that version of it was really great. Apart from the improvement needed to the filters, it was all good.

We added one appliance to the platform and upgraded one to a newer version. The company did it quite easily. I was not part of that implementation, but the another guy told me that it was quite easy to do.

There were no plans to increase usage of it in that company at the time I was there. It was used by about 800 users and, since all of the users were using it and the organization was limited, everybody was already onboard. We had licenses for all of the users. It was all well designed from before. Apparently, they had to procure licenses for 200 to 300 more people, but that was after I left the organization. I didn't see what happened at that point.

Technical support was really good. There were two cases where we raised priority tickets and they responded well. They even helped us on Saturdays. Support was good.

When I got there, Cisco Secure Email Gateway was already implemented. We were only tuning it. Before my organization took over the operations for that bank, it was being taken care by someone else. I don't know what was implemented before that.

In terms of updating the appliance, once we set it up, it completed by itself. It was automatic mostly, but we took one night's worth of downtime. It completed in one to two hours. There were two people involved in doing the update.

We had a cluster set up, one to five devices, three in the DC and two in DR. It took only two people. For me, it was complicated. The other guy was very experienced on it. He had so much implementation experience on the appliance and he was able to guide me through it.

We did the DC first and failed over to the DR. Then we failed back and did the DR.

I don't know directly, but since there was nothing major that happened, I don't think the ROI was bad. What we're looking for is value. There should be no hampering of production and there was nothing like that, so the ROI should have been good.

Implementing it and support are good. Using it is also good. What remains is the technical expertise of the people who would be administering it. The thing you should have in mind when implementing it is that you have adequate resources, trained and skilled on this appliance so they can manage it. I was not that good. I was not that good with it at the time I started working on it. I had a few difficulties. I was lucky that nothing major happened during my time. Apart from that, the appliance itself was really good.

Considering the support and all the parameters I have talked about, I would give Cisco Secure Email Gateway a nine out of ten.

The primary use case was for email security and load balancing between Exchange mail servers.

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the Cisco Secure Email Gateway in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if Cisco Secure Email Gateway and WSA could be brought together, it would make a better appliance, one wholesome appliance.

One to three years.

From my perspective, it's pretty stable. We didn't have any issues.

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two Cisco Secure Email Gateway boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

There were no other costs in addition to the standard licensing fees.

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco Secure Email Gateway at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.