Cisco Secure Email Threat Defense Reviews

Cisco Secure Email Cloud Mailbox can handle a complete portfolio, which is required to protect any kind of attack coming from emails. However, it does not have advanced phishing, but it is available through Cisco. If you compare Cisco Secure Email Cloud Mailbox with the competition, in the competition you have to have one or two solutions together to address the customer's requirement, whereas Cisco Secure Email Cloud Mailbox is addressing everything, such as web domain and email protection. If there is any kind of challenge it will come across through email.

Cisco Secure Email Cloud Mailbox can improve by adding advanced phishing, then the solution would become the best in the market. However, this could increase the price even more. Additionally, if CES with domain protection could be added it would be an even better solution.

I have used Cisco Secure Email Cloud Mailbox for two years.

I have Cisco Secure Email Cloud Mailbox to be stable.

The scalability of the Cisco Secure Email Cloud Mailbox is good.

The support from Cisco Secure Email Cloud Mailbox is excellent. Regardless of the solution that Cisco carries, the advanced sales and support they provide their partners are beneficial. All mechanisms are put together, they have excellent support and infrastructure.

I have used other solutions, such as Trend Micro.

For the initial setup, it's a matter of adaptability. If the adoption is taken at the early stage, then the implementation becomes smoother. The more the setup is larger and when introducing any new team, you will have challenges.

Cisco Secure Email Cloud Mailbox does not have any competition with Sophos, Trend Micro, or other vendors of the world. However, there is a pricing premium for the solution. One has to look at it from that angle that while they are buying Cisco, there will be a premium, and Cisco justifies that premium value. That's why they're charging a high price. 

The cost comes from their support and the feature set of the complete portfolio. If somebody is only buying Cloud Email Security from Cisco, and they have many other solutions, which are non-Cisco, he may not see the value, but fully Cisco-based customers, are more than willing to have more solutions from Cisco.

When comparing Cisco Secure Email Cloud Mailbox to other solutions they are the leading in the market for a particular point. When it comes to an enterprise-level solution, CES with APP and domain protection becomes a very strong proposition.

The market is going towards clientless and agentless requirements. 

Microsoft has its own email security solutions, but there are a lot of reasons for customers to look at cloud email security vendors. However, most people, don't even explore other options. They have their own perception that one must be a costlier solution than the other. They're giving three or four additional features, which they might think are not required, but when it comes to a discussion, then one would realize that all these are required over a period of time. With the kind of variety of attacks that happen these days, your solution has to have a wider range of features for protection.

I rate Cisco Secure Email Cloud Mailbox a nine out of ten.

We're using it to collect data. We haven't fully implemented any of the features to stop any attacks. At this point we're using it for informational purposes, until we get a better grasp on everything. It's gathering any spam messages or malicious email messages that come through.

It's in the cloud and hosted by Cisco.

I can't provide a detailed example of how the product has improved our organization but only because I don't want to give out too much information. In broad strokes, being able to go in there and see where stuff is coming from and who it's going to, and being able to see, hour-by-hour, where threats came in, we can help pinpoint when issues started, who an issue started with and who it's going to, to best remediate issues.

Because the user interface is very intuitive and doesn't require specialized training, less time is needed to dive in to get to the basics of it before a deep-dive ever happens.

The most valuable feature that I have found so far is that it actually works within our tenant. If we have anybody that we serve the email that it would go to, and someone else that we serve the email to, it will find that; it will go through that filter as well. And it will do it quickly and efficiently for us. It's not something that we need to push out to then have it circle back in so that our email filters or spam filters will catch things.

On ease of use, it rates very high. It's something that I was able to get into without really looking at any documentation. I wanted to see what it felt like before I started looking at any documentation on how to use it, and it was very easy to use. It works very smoothly. The user experience is very intuitive. They did an amazing job on that.

The solution also provides a diversity of intelligence, the way that we have it implemented. Since it's not taking anything out, it can bring stuff to our attention and we can remediate it if there is actually a threat. And it shows us the links, and all the information regarding why it caught something.

The search area has room for improvement. When you go to the next page, it remains at the bottom of the current page that you're on.

Also, under the reports section, it allows you to see any "convictions," but if you want to search for those convictions you have to remember when they all came in and go back and edit the search accordingly. You cannot click on the list of convictions to actually see if you had a spike at a certain time.

We've been using it for at least four weeks.

So far, we haven't seen any issues with it. It seems very stable.

It appears to be doing a very good job in terms of scalability. With the transition from one mailbox to all mailboxes, we really didn't see an impact on the time that it was processing information.

We have about 3,000 to 5,000 mailboxes covered under Cisco Secure Email Cloud Mailbox.

We haven't used technical support yet.

We have used other Cisco items to accomplish some of the same tasks we're using Cisco Secure Email Cloud Mailbox for, so we're beta-testing Cisco Secure Email Cloud Mailbox.

Our initial deployment of the solution took well under an hour, and that includes the configuration because we had to go into Office 365 and set it up and then actually deploy it. That time, altogether, was very short and it was very smooth.

When it came to the deployment process for Cisco Secure Email Cloud Mailbox in our Office 365 environment, I had to read the document again because I couldn't believe that the initial setup was that easy. The concern that we have is the amount of rights that it needs. It doesn't seem like it should need that many rights to be able to do what it does. But overall, just implementing it was very smooth and very easy.

Our implementation strategy was that we did it on a single mailbox as a proof of concept, and from there we expanded it to our tenant.

In terms of staff involved in deployment and maintenance of this solution, two of us, as systems administrators, have been the focus on this, along with a security person, who is involved in security analysis.

We did it ourselves.

We didn't evaluate any other products. Cisco reached out to us to have us test this.

Lock down who has access to the product, for the purpose of being able to see all email coming in and out; seeing who it's to, who it's from, and the subject. To best protect data, you would want to limit who has access to that data.

In terms of the solution's ability to prevent phishing and business email compromise, it's kind of hard to evaluate because we haven't fully implemented it. It will show us what it catches, and the implementation will actually take it out of the user's mailbox. I feel like that would be good. It seems to still catch some stuff as spam that may not be spam, according to the user.

We're using Cisco AMP on our desktops and it seems to be doing fine as a virus scanner. The only issue I have seen is that on a few machines it spikes the CPU utilization for the whole time that it's scanning.

I would give the solution an eight out of 10, just because we haven't implemented everything yet. The parts that we have implemented have been very smooth and very easy to use. There are small portions that we haven't fully implemented yet.

I am a solution provider. When it comes to email security, the main threat factor today is email. So we follow the rule of thumb that any and all customer emails must be malware-free. That is how we intend to approach it.

I would say it's very comprehensive, with multiple antivirus OEMs, virus encrypt features, encryption, and more.

In terms of email security, I believe Trend Micro is similar to this solution to some extent it is closest, otherwise, it has no competition.

The distributors provide an annual billing option, but we do not have a monthly billing option. Customers will benefit greatly from monthly billing because the majority of customers today use the cloud, be it Office 365, or Google Cloud. Monthly billing will be extremely beneficial.

Maybe the end DLP can be a bit more granular in email security. DLP is already present, but it could be more in-depth.

I have been selling Cisco Secure Email Cloud Mailbox for the last eight years.

It's a hybrid solution, but most are moving toward on-premises or the cloud.

We have not had any issue with the stability of the Cisco Secure Email Cloud Mailbox.

It is a scalable solution. It is easy to scale. 

They increase the number of users we can use by 20% for the duration of the year. And the coming year they will bill for the 20 percent, and you can increase the number of users.

We don't find any issues that need security technical support. Once you implement, we are well versed in implementation and have the technical results. There is no further support required once it is implemented and the pointer is pointed towards the mailboxes. With so many data centers in India and Singapore, support is never an issue.

We sell Fortinet as well as Cisco.

We haven't sold a lot of FortiMail. We've sold a lot of Fortinet firewalls, but not a lot of FortiMail. We have also sold a few FortiWeb web application firewalls.

It is dependent on a specific customer segment and a specific vendor. Fortinet, we take it to a lot of small and medium-sized customers.

The initial setup is easy, it is not at all complex.

The feedback from vendors and customer is that it is expensive. 

It's expensive, but if customers want the best product they will have to pay for the best product.

I would rate Cisco Secure Email Cloud Mailbox an eight out of ten.

Our primary use case is the ability to see email activity in the east-west traffic. It does internal email tracking as well as leveraging it as another layer of email defense. We utilize Microsoft 365 (enterprise service) and its Advanced Threat Protection solution, which networks inline with Cisco Secure Email Cloud Mailbox. Then, Cisco Secure Email Cloud Mailbox does an additional layer of detection and protection against malicious email.

Business email compromise is the internal user use case, then phishing and malware delivery are certainly others. They are pretty common and definitely answered by Cisco Secure Email Cloud Mailbox.

After several months of use, Cisco Secure Email Cloud Mailbox has provided additional capabilities (and value) which enables much faster mal-email remediation times.

Having Cisco's solution gives us a fast way to track and identify. We haven't seen any specific events yet, but certainly having another layer that's able to give us visibility and detect malicious email from an insider is definitely useful. Insiders are typically the hardest to detect, including in an email environment.

So far, we haven't had any detections, which is a good thing. This just means that our traditional use cases of egress-ingress type monitoring work pretty well. However, we have seen some spam being detected. Even internal email forwarding, where an internal enterprise account will forward a spam message to another internal account. This speaks to the system's ability to detect these and fairly quickly categorize them as spam, which is good. Luckily, it wasn't malware. Cisco Secure Email Cloud Mailbox seems to be working well.

Our administrative overhead costs are low, both for time and dedicating human resources. We set the solution, then check it daily. Because we haven't had any detections, which is a good thing, we don't really need to dedicate any additional resources in terms of generating an incident response process. 

The ability to see east-west traffic is its most valuable feature. Traditionally, email defense focuses on north-south, inbound-outbound, egress-ingress traffic. With Cisco Secure Email Cloud Mailbox, it's able to quickly identify, track, tag, and categorize emails that are internal. That can typically give us visibility into if there's an internal compromised account (for example). Someone can then use that internal compromised account to email additional accounts with either malicious software or links, but internal within that Office tenant. Effectively, that email message never leaves the tenant. Any of the mail gateways really do not have any method or way of seeing this traffic since it's not leaving the environment. 

The solution is very easy to use. It's just a single pane of glass, single screen web page that you access. Then, there are a small number of clicks necessary to get at the information you need. Reporting is easily generated. Likewise, the search capability is easily accessed and usable as well as provides the first initial information that you need about messages identified, categorized, and total volumes. All that information is easily identifiable and quickly accessible as soon as you log in. It is an easy to use, single web page, SaaS application.

Cisco Secure Email Cloud Mailbox’s user interface is intuitive. We didn't need any training. There was a quick deployment document that you skim through, and it's fairly easy to both deploy as well as start using. 

Threat Grid is a capability which allows for running or executing software in a special sandbox environment where it's not affecting your enterprise or corporate systems. For that particular use case, Threat Grid works really well. It also ties in with various threat intelligence sources, e.g., detonating/testing our particular software or file in the sandbox can immediately identify indicators of compromise and share them with other clients that leverage Threat Grid. Likewise, the software that I uploaded for sandboxing is immediately validated and checked against all other client submissions as well as open source and Cisco Talos Threat Intelligence Sources. I find that really valuable. While there are other sandboxing solutions out there, I use Threat Grid quite a bit and I find it to be extremely useful and very usable.

Threat Grid also gives us a sense of safety because I don't have to test it or build out custom virtual machines to do the testing. I don't have to test it on enterprise systems. From that perspective, Threat Grid is definitely a very good solution. Its ability to integrate with other Cisco portfolio tools is helpful because then you can tie in and quickly view what malicious files might've been found in your environment regardless of what Cisco security solution you are using, whether it's AMP, Email Security, Cisco Secure Email Cloud Mailbox, or anything else.

AMP for Endpoints is something that I've used extensively. We have also used AMP for Network and Email. Collectively, it seems to be doing a pretty good job, especially when combined with Threat Grid because it's quickly able to identify files by hashing them and figuring out within the databases that Cisco owns, as well as open source threat intelligence databases, whether that particular hash is found in those databases. If it is, then it is malicious. It takes corresponding action pretty quickly.

If it's an unknown hash (after it identifies the file by hash value), and if it's unknown and not found in the databases, then it automatically uploads that file to Threat Grid for sandboxing and analysis. That layered approach with respect to treating the files as they come in works well, whether via email, network, or found on an endpoint, especially as an ecosystem solution that integrates with other Cisco components and security tooling that one may have in the enterprise. This works well because the information found on a single endpoint, for example, can then immediately take action on an email by blocking that identified malicious file. Likewise, if there is a file that's coming in via email and it's found to be malicious by AMP or Threat Grid, then the information about that file is immediately known by the endpoints. The endpoint solution can then take action on that malicious file. As an ecosystem, it works really well.

If Cisco could continue to develop integrations, whether it's internal tooling, Threat Grid, or AMP reporting which could be accessible via a single web page, that would be helpful. This would essentially add additional context on messages as well as files or links being detected. Potentially adding additional context on why certain messages are tagged as spam or malware. In our case, malware hasn't been detected yet, but spam certainly has been. Knowing what engines or which components of the message make it identifiable as spam, that could be useful. Additional context and reporting accessibly via the main dashboard would be great.

There is still room for improvement in terms of integrations with other Cisco tools and non-Cisco tools. There is also some room for improvement needed in terms of the reporting.

6 months.

The solution is set and forget in our experience. It seems to be working pretty well. In our experience, we don't require any dedicate resources for maintenance.

So far, we have had no issues with stability. I could see how if there was an issue with Microsoft 365 tenant, then Cisco Secure Email Cloud Mailbox would not work, but so far we have had zero issues.

We are a fairly large company who sees a sizable number of email messages daily. Cisco Secure Email Cloud Mailbox is able to keep up with the messages and message classifications, along with capturing and sending files to Threat Grid. The solution has the potential to be scalable to extremely large organizations as well as serve small to medium-sized businesses as well.

We have two individuals who are both members of the security team: one is a senior security analyst and the other is a security director.

We did experience a false positive match where an email exhibiting spam behavior was actually legitimate. I had to escalate this issue with technical support to make sure to get it whitelisted or the engine tuning changed. 

Our experience has been pretty good so far.

We previously used Microsoft native ATP, which is a built-in Microsoft email protection solution. We added added Cloud Mail Defense because it gives us another layer of protection for east-west traffic.

The ease of the deployment process of Cisco Secure Email Cloud Mailbox is extremely simple. The methodology that Cisco uses to scan email is extremely usable and very simple. Likewise, to set it up, the only requirement is to have administrative level privileges for the Microsoft 365 tenant. Having those rights and permissions, that's really all an organization will need to add Cisco Secure Email Cloud Mailbox into its tenant.

The deployment took us five minutes or less.

There was no effect on our administrative costs at all. In terms of configuration, we didn't have to do anything. The system comes preconfigured by Cisco, so we didn't have to do any configuration or setup. It's a set and forget kind of thing.

In our case, downtime certainly arrives from a detection of malicious software, like malware being delivered via email or identifying internal compromised users. Given the extra visibility that we have with this tool, it has the potential to prevent downtime. In our case, that hasn't been proven out yet.

In terms of spam detection, we have seen where Microsoft misses spam and is not quarantining it (taking any action against it), whereas Cisco Secure Email Cloud Mailbox is identifying it as spam. We have seen some success from that perspective.

The files being captured by Cisco Secure Email Cloud Mailbox are pushed into Threat Grid for analysis. We do have a Threat Grid license, so that integration works for us. It was easy for us to integrate these two solutions.

If someone is only relying on Microsoft 365 Advanced Threat Protection (ATP), or even without the ATP solution as an add-on, then having Cisco Secure Email Cloud Mailbox would definitely introduce diversity and provide another view of emails coming through or being generated inside the tenant. Because Cisco Talos is unique and different from Microsoft's information, Microsoft will do its own analysis as well as introduce its own threat intelligence and machine learning logic to detect threats. However, as a company, it's resources don't cover everything. Layering it with Talos and Cisco's resources is definitely a good idea.

Overall, it's certainly a very good idea to integrate another layer on top of Microsoft Advanced Threat Protection. Cisco Secure Email Cloud Mailbox being a player in this market is definitely a good option. Cisco Secure Email Cloud Mailbox is competitive, and it seems to be working pretty well for us. Personally, it gives me peace of mind as well as flexibility in terms of locating internal email traffic. I also know that if Microsoft misses something that there is a chance that Cisco will detect it.

The tool gives false positives and it needs to be more accurate. I would like to see AI as a new feature. 

I have been working with the product for two years. 

I would rate the tool's stability a nine out of ten. 

Secure Email Threat Defense's scalability is good and I would rate it an eight out of ten. 

Cisco offers better support. 

Positive

Secure Email Threat Defense's setup is complicated and took around one month to complete. 

The product is good and robust and I would rate it a nine out of ten. 

The solution's most valuable feature is email filtering.

We encounter issues while searching for missing emails. They should improve this particular feature.

I have been using the solution for five years.

The solution is stable.

It is a scalable solution. Although, it is complicated to add new signatures.

The solution's technical support team responds quickly to queries.

Positive

The solution's initial setup process is easy. It takes three to six months to complete.

We implemented the solution with the help of a Cisco partner.

The solution is expensive compared to other vendors. There are additional costs for support apart from the standard licenses. We have purchased the license for three years.

I advise others to keep checking new patch updates for the solution. I rate it as a nine out of ten.

My primary use case is to protect cloud-based emails. 

This solution is easy to use. 

This solution could be improved by integration with Sandbox. 

I have been working with this solution for a few years, since 2018. 

This solution is scalable. 

Cisco's technical support is very good. 

The installation was straightforward since it's a cloud-based solution. 

This solution was implemented through an in-house team. I did it myself for a customer. 

My customers pay for a one year license. 

Fortinet is a better solution than Cisco.

I rate this product an eight out of ten. I wouldn't recommend Cisco to others because I think Fortinet is better. 

Customers are moving on-premises exchanges to the cloud. Within the next two or three years, cloud security will be better than on-premises. 

It can be deployed either on-premise or in the cloud. We have two options if it is in the cloud, a private cloud or a public cloud.

Cisco Cloud Mailbox is used for copying emails, anti-spamming, and securing the company's email. We really enjoy the anti-spamming capabilities as well as the rejecting of bulk emails. We can customize these actions by adjusting the variables. It is very user-friendly.

Currently, Cisco Cloud Mailbox meets all of our requirements. If I had to say something, maybe they could have a more regular update schedule or perhaps hire more support engineers to get service faster.

We have been using Cisco Cloud Mailbox for about two years. We used the latest version.

Cisco Cloud Mailbox is very stable.

Cisco Cloud Mailbox is easily scalable.

The customers are very good. They can connect to the support engineer or install built-on mail through the Support ID. The issue will be monitored and resolved within a standard amount of time.

The initial setup for Cisco Cloud Mailbox is easy and straightforward. It takes our technical team a maximum of one day.

We handle all deployments with our in-house technical team.

Customers pay for licencing based on the number of user mailboxes they have.

We would recommend Cisco Cloud Mailbox very highly. I would rate it at a nine on a scale of ten.