Cisco SecureX [EOL] Reviews

We use it to track our emails and to secure our endpoints. SecureX is a really big tool. If somebody tries to attack us with a virus, SecureX helps us to find that email quickly. Our staff members use laptops, computers, and other devices, but they don't have a lot of knowledge about the whole "IT war." There have been viruses and SecureX has enabled us to protect those users, and our systems and components as well. We have used it to solve spam and phishing attacks that are really popular these days. In our company we have over 20,000 users, so you can imagine how many emails we have on a daily basis. That is a really good example of what we can do really easily with SecureX.

Are you using multiple products from this vendor?

We use multiple Cisco tools within our environment. We use network solutions, products like switches, access points, routers. We also use many Cisco phones. For network solutions we use Cisco ISE and Cisco Prime. As the telephone system, we use Cisco CUCM, Cisco Unified CallManager, integrated with the Cisco Unity system for voicemail boxes. We also use Cisco Contact Center for our help desk and our employee services lines. We also provide systems to our customers. We have many government clinics. For communication, we use Cisco Webex Teams and Cisco meeting systems for video and call communications. We also use Cisco as a design solution.

Using multiple products from the same vendor is really nice and useful because many of Cisco's products are integrated. For example, we have that Cisco CallManager system which allows us to provide phone solutions for our users and that has really good integration with Webex Teams, the video conferencing platform. With the integration, we are able to provide standard phone PSTN features to our Webex Teams users. That is really great.

Using multiple solutions from one vendor saves our company time and money. With all the integrations, we also get really great support from Cisco because if you have, for example, a problem with integration between the systems there is just one company responsible for getting things right. A couple of times, in the past, I worked with two or three vendors, asking for support. We had some issues with integration and it is hard work to get good support from a couple of vendors at the same time.

Also, there have been a couple of times when I had to order physical devices and, working with Cisco, we got some better prices. Being a really big customer of Cisco allows you to also get preferred pricing.

The native integration between Cisco's products is really good because Cisco has solutions for almost every part of IT. There is a managed solution for network and unified communication. Integration between all these systems is really simple because Cisco has really good documentation. And if you need any help, you don't understand something, you are able to ask the great support.

To keep everything very simple, we use a solution provided wholly by Cisco. We grabbed SecureX from them and the cloud from them. That allows us to have better support because it's from one provider. If you have an issue with the system from Cisco, and the whole solution is based on Cisco products, the support can be moved from one team to another.

SecureX provides many measurements and has a really good dashboard. Working with it you are able to see things very clearly and you have every detail on a single display. That saves us money and time. There have been times when there have been 1,500 attacks per day. In a big company like ours, many employees are fired or leave the company and many have used the company email address for subscriptions or for personal usage and that also provides an opening for many attacks. These email addresses end up being used by fraud guys who try to get more information about the company. A couple of years ago we had a really bad situation related to something like that.

It brings all our data into a central point. It also shows us many data connections between many of our environments.

When it comes to investigation tasks, SecureX saves us time. SecureX gives you really good information about potential risks. You are able to find the source of a risk, a potential risk from a user or a machine. I can't tell you how much time it saves, but it's a really good tool that provides you many models that make your work easier and faster.

With SecureX you can see unusual activity and get more information about the machine or user involved. It provides you with more information about how to sort it out. That's a really important part of security, that you can protect your own network from unauthorized access.

In addition, using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices.

Contextual awareness is also a really good part of SecureX. It works with many areas and, with one tool, you have good visibility into many areas that you manage. That is a really good feature.

The automation process with SecureX could be simpler. When we started to use it that was not the easiest part for us.

Sometimes it's a little slow so that is also something Cisco should check. 

They should also work on the reporting.

We have been using SecureX for about two and a half years.

I'm not sure that I would call it a bug, but sometimes the solution is a little slow. But there is no other issue aside from that. Many bugs that we noticed were related to configuration changes made on our end, so we couldn't say they were system bugs. 

Anytime we are notified about patches and upgrades, we try to upgrade SecureX as soon as possible. There may, potentially, be some bugs, but Cisco also works to improve on its products. In my eight years working on Cisco products, I found one new bug in a Cisco product and I got an email from them: "Hi, Michal. You've found a bug. Thanks for that. You are the first person." But that was only once, and not in SecureX.

It's a really good solution and I haven't seen any limitations. 

I have worked with Cisco systems and products for over eight years and I have never had any issues with their support. You can open a TAC case in many ways: through your email or their support portal. And if you open a ticket with them, the engineer is assigned to your case in 30 minutes or so. With Microsoft, I had to wait one or two days. So Cisco support is really nice. If you need help with a problem, you will definitely get fast help. I only have good things to say about Cisco support.

I joined the team at the beginning of using SecureX and, to my knowledge, we didn't have anything like it. We had some really old systems and we replaced a couple of things provided by really small companies by using SecureX. Most of the things we replaced were created by our programming team, but these apps were only for our internal usage.

The initial setup was straightforward. SecureX is online. When you get your credentials to access the system, that is the only thing that you need. Just log in and start the integration with your environment. It's really simple. In the beginning we went through some manuals and documentation that we got from Cisco.

We needed something like 45 minutes, maybe an hour, to run the initial setup. That was really fast. For sure, we had to spend more time after that, but the initial setup is really easy.

Cisco has really good documentation about the product. For the last year, I worked on the Teams integration with our phone system. We immigrated from Skype for Business on-prem to Teams because we had many issues. Microsoft was not a good source of information or documentation so I had to ask their support to explain many things. The documentation Microsoft provided was really bad. By comparison, Cisco really has an advantage in this area. They have really good documentation about everything, as well as support.

In our company and in our team, we don't have roles divided into administrators and others. We are working as a security team and we try to obtain knowledge about all our systems. SecureX was implemented by me and one other guy, but after that we provided the rest of the team some training and shared our knowledge with them. We manage all our systems and help our end-users with them.

The cost has been good for us. We know the Cisco license and it is good for us. We pay for a really good solution, and that is the most important thing for us. You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending.

I don't think the company evaluated other options. We didn't talk about doing so in our team. Those things were handled by our leaders, based on the experience of many teams. In IT we have many teams that are responsible for many parts of our IT functionality. But I think the decision was made to go with SecureX because we have so many Cisco products. The thinking was: Let's ask Cisco about a solution for us, and Cisco provided it.

The biggest lesson I've learned from using SecureX is that, before, I thought that if you have a solution that handles many things and that can be used in many areas, it could not be a good solution. Working with SecureX, I realized that I was wrong. A good company like Cisco can provide a tool that you can use in many areas, a tool that provides many solutions for many models, with many features, and it can be really good. That solution can also be integrated with many other products, not only from Cisco but from third-party companies. Working with SecureX made me realize that you can have a good solution that you can use in many areas. Before that, I was a skeptic about that.

I would rate it a 10 out of 10. Using SecureX, we can aggregate the data from all our security products. It gives us the option to automate many of our tasks that we had to do manually before. It's a really huge time saver, and not only for my department, because we can also provide many reports about usage of our systems and networks to our leaders and our managers, and show what we can do to make our security better.

We have a total of about 150 customers with about 6,500 users and we handle their IT. There are 300 sites all over the Netherlands from which we get all the intel and we feed it into SecureX. It's our central point where we collect everything very easily. When we see something happening we can take the security feed, look at the event in an organization, and SecureX shows us what's going on. It helps us analyze and understand things.

All the security solutions such as firewalls, email security, web security, endpoint security, and antivirus report into SecureX where we have a dashboard that shows everything that is happening.

The orchestration allows us to say, "Well, if this happens here, then we should take an automated action." For example, if an email is received on a machine and malware is being executed, it can be put into lockdown mode. It should only be accessible by the investigators. It cannot connect with any other resources within the company anymore. It cannot send or receive any files. SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together.

We're seeing and correlating things that we never expected to be able to put together. Before we had the SecureX dashboard, which ties everything together, we would have logs on some computer, or logs on a different system with timestamps. We would have to input search commands to see if there was anything happening on one machine that was also happening on another machine, or if there was anything happening in the firewall that was also happening with email.

We're also doing things with SecureX now that I didn't think were possible two years ago. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. I didn't expect there to be a product in which you can so easily change between the different parts of your security with a single click, allowing you to go from publicly available security intelligence into, "How's it looking in my environment?" 

We can do things within seconds, things which we wouldn't even have thought about doing two years ago, just because we didn't think there would be anyone combining the different sources of information together and making it easy to correlate between what's happening in the rest of the world and what's happening within our environments.

Also, SecureX provides us with contextual awareness throughout our security ecosystem.

Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out. 

You can also see not only what kind of malware you have, but what kind of damage or what kind of tech you're looking at. You can very easily see if there is somebody who is trying to find out if there's anything open or if it is somebody who has already established access and is trying to escalate from a user account to the administrator account. You can even focus on these kinds of privilege-escalation attacks and make other issues a second priority.

In addition, like every company, we have to deal with compliance. We have a compliance officer, but normally the compliance officer would not have access to the firewall logs, the email security appliance, endpoint security, etc. But he still has to get all the compliance information out of them, including details such as how are we doing, how many threats we are capturing, etc. I gave our compliance officer access to the SecureX dashboards and now, without having to log in to any of our security appliances, he has a live dashboard with an overview of what's going on. How many incidents? How have they been resolved? How much malware was seen within the company? What kind of compromises were there? Were they critical, high, medium, or low?

He can look at everything himself without him having to ask for me to create a report and without having to have access to the files themselves. He has a dashboard and can say, "I want to see the last week, last month, etc." He gets all the widgets and all the information for whatever period he wants. He can use that within his report to show the auditors how we're dealing with our security. Without any reporting, without emailing back and forth, he gets access to the live information. That's something I wasn't expecting and it has proven to be very valuable. He cannot mess anything up, however, he still has access to the live data on the entire network.

For me, the most valuable feature is the overview: seeing hundreds of sites and thousands of endpoints; everything in a single dashboard.

It can show me spam attacks, phishing attacks, malicious file transfers on our firewalls, and malicious activity on our endpoints. In addition to all the security solutions it takes in, you can add in other websites and services as well.

Threat-hunting is a specific module within SecureX. You can say, "I want to know what's been happening within my organization. I'm seeing some activity here and I want to know if this machine, which is doing something strange, has been in contact with any other suspicious machines. Has it been receiving any suspicious email? What's going on?" It can really dig into any indication you have within your network.

It also provides automatic messaging. For example, if there's malware activity, it will be automatically matched to a certain category of malware saying, "This is credential access,” or “This is a discovery,” or “This is the exfiltration of data,” or “This is privilege escalation."

There is also the possibility of integrating feeds from different products. SecureX will not only work with Cisco products, but you can also put in different kinds of feeds if you have a different type of firewall or antivirus, for example.You can get the same intel within the same dashboard. You don't need to have only Cisco products. 

SecureX integration between Cisco products and third-party solutions is very valuable due to the fact that you get the security feeds and everything on the internet. If you want to know, for example, if something is Orion malware, it will say, "Hey, I have this webpage showing me indicators of compromise. It gives me a button within my browser and I can check whatever is on this page against my live environment. If there's anything on any webpage saying, "You should pay attention to this, or you should be aware of these malicious files," with a single click I can check them against my environment. The intel you get and the different products all generate output. And you can use the toolbar within your browser to make it very easy to put anything you find into SecureX.

The ribbon feature is quite useful. The solution is great at helping you maintain context around incidents as you navigate different consoles. It's immensely valuable due to the fact that, as you navigate between products and between pages, the ribbon stays with you. I can open a case there and I can also share it with my colleagues. We're back in lockdown again here in Europe, so everybody's working from home again. I can start an investigation on my machine and share it with my colleague. He can work on the same stuff and he can add to the case. You can very easily scale up your investigation. All the notes you've been taking, all the indicators you've collected, all the interesting stuff you've noticed are logged within the ribbon and available for your colleagues to work on as well. You don't have to email back and forth saying, "I found this. Hey, did you see that?" It's all there. You can cooperate on the same issue.

It saves you a lot of time investigating. It will not just show you what's happening within your environment but also what's happening in the rest of the world. If I'm seeing a file for the first time, it's very unlikely it's the first time in the world this file has ever been scanned. I can check if it has been scanned in other antivirus engines and what they think about the file. There is the integration with the service called VirusTotal. It has about 60 or 80 different engines. If I'm seeing a file and not sure about it, with a single click I can get the opinion of 60 different antivirus products on that file to show me what the rest of the world thinks about it.

The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult. 

What would be really helpful is some sort of library from which you could pull out prefabricated actions. The tools are there to build your own, but it would be nice if there were a library saying, "If you have this and you want to do this, there's some prebuilt stuff here which you can tailor to your own environment." Right now, it's mostly a blank canvas saying, "Take whatever input you want and program your own response."

We've been using the solution for almost a year.

We've had zero issues. It's always available. There are no gaps in monitoring and no downtime.

If there are any limits, we haven't been able to find them yet. We have hundreds of sites reporting into it and I'm not seeing any limits, slowdown, or scalability issues.

I've only used the support resources during setup. There have been no issues or incidents for support so far.

That said, looking at the videos and the manuals they have, etc., there's a lot of support available to get you started. Due to the fact that it's a free add-on if you have any Cisco security products, there is no investment except for a bit of time to get it running.

We didn't previously use a different solution.

The solution's initial setup was very straightforward. It's an online service. You log in with your credentials and on the left-hand side you say, "I have this product, let me integrate." There's a guided setup that's pretty step-by-step. Then, you just go to the next component you want to integrate. It's a guided configuration.

In terms of deployment, the first integration was done within 15 minutes. With the extras we put in it was, let's say, an afternoon of work. It took maybe two or three hours to get everything set up, including all the users, and to get everything integrated and all the dashboards configured.

In terms of maintenance, we have about six people from the security team involved.

I handled the implementation myself. I did not need the assistance of a Cisco consultant.

We've reduced our workload by 20 to 30 percent just from being able to focus on the important things, as this product really does a lot of the grunt work for you. It has really increased the efficiency of the organization's security operations.

For example, if you see something and say, "This should be blocked," or "this is malicious," with SecureX, it will not only automatically block it on endpoint security, but it will also stop the malicious file from being sent or received via email. It will also stop the file from being downloaded or uploaded. That way, if I have a malicious attachment on a laptop somewhere, SecureX will block it everywhere, and it will also protect the users on the WiFi because the firewall, which is between them and the internet, will block it. I can protect devices such as guest devices in the guest WiFi, devices I don't have access to, because I have visibility of all the endpoints with a single click. It's 360-degree protection.

Without the integration, I would have to say, “Well, this email has a malicious attachment, and now I have to worry about it on 300 different firewalls. I have to put in a rule to block this attachment everywhere.” We'd need dozens of people working on that. Now, it's a simple mouse click.

On top of that, we're 50 to 70 percent more efficient in investigations. It really saves a huge amount of manual checking.

It has probably saved our compliance officer 10 percent of his time as well.

For the value you get, the pricing of the solution is excellent.

We didn't evaluate other options. There's really nothing with this type of huge scope. There were some basic logging solutions and some other incident response stuff, however, there was nothing that covers your entire security apparatus.

We haven't worked on automating all the manual processes in our security operations yet. We want to implement more of them, however, we're still looking into the details. This year we'll be starting to use the orchestration feature. That way, an end-user can forward an email and it will automatically be checked and he'll get a report back. Those are the kinds of automations we'll start using this year.

You only need two or three hours to get everything set up, to put things into it, and to see how it works, with zero impact onsite. You don't need any extra resources. There's nothing fancy to configure. It's very easy to integrate. I'd advise companies to try it and just see how it becomes the dashboard for your entire security operation.

I would rate this product at a nine out of ten due to the fact that the orchestration piece is a bit difficult. That said, everything else, especially for the price, is unbeatable.

The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable.

Integrating the product with most of the customers involved hasn't been difficult. There's enough documentation and support from Cisco to help put things together, making the process straightforward.

The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial.

The tool's technical support has always been good. I've never encountered any issues with them. While they may not always be the fastest, they respond and ensure that problems are resolved.

Positive

Cisco SecureX is more expensive than Trend Micro. However, considering the integration capabilities with other solutions and the quality of technical support, I believe there's justification for the price difference.

I rate the overall product a nine out of ten. 

We use it to investigate threat incidents. It lets us better manage security incidents.

We just use it for the security department.

It gives us more visibility into detected threats so we can determine their impacts.

Its cybersecurity and resilience have been extremely important for our organization. It helps us save our operations by protecting us against ransomware and most threats.

The automation and orchestration tools are the most valuable features.

It is good that it provides information. However, I think that there needs to be more actionable items for us based on the information provided.

Remediation stuff could be integrated into the product's automation.

I have been using the solution for a year.

It is really scalable. We are looking to increase usage in the future.

Overall, the technical support is great. I would rate it as eight out of 10.

Positive

We did not previously use another solution.

The initial setup was complex. It took about a month to deploy. The deployment took me about 20 hours overall of work.

I had to work with the SecureX engineer in order to get things rolling. It wasn't a very straightforward process when we rolled out the product.

We used an integrator for the deployment.

We have seen quicker response times. It took a few months to realize the benefits.

It comes free with all Cisco products. So, it is a good price.

We didn't evaluate other products.

Leaders in organizations should invest in IT, training, and staff.

One area for improvement in SecureX could be additional on-premises options for organizations like ours that require more control over certain aspects of the platform. I also think enhancing automation capabilities could further improve the product.

I've been using SecureX for about two months.

It has been stable with a rating of around nine out of ten for stability.

When it comes to scalability, I find SecureX easy to expand based on our needs.

Although we haven't directly contacted Cisco's technical support, I've heard positive feedback about their support services.

The setup process was straightforward, and we didn't require any third-party consultants.

Overall, I would rate SecureX at around eight out of ten for its valuable features, ease of use, and integration capabilities. It's a recommended solution for threat detection and security orchestration.