Cisco Web Security Appliance Reviews

The user interface that I usually provide for the web app includes malware protection, URL filtering, data loss prevention (DLP), and advanced threat analytics. This is how I typically implement user cases for my client with the codec.

The features I like most are the DLP functionality for web security and malware protection. The malware protection is especially impressive when it is integrated with other Cisco products like Cisco I and the firewall FTP. When I integrate these three products, it efficiently prevents malware, showing which endpoint is affected and providing a comprehensive view of the endpoint connections.

With the WebAssign integration, it is not easy when I am integrating policies within the company, especially with NAND and wireless policies. The challenge arises when traffic is blocked from either wireless or wired connections. Although implementing it as a standalone is quicker, integrating BYOD with Cisco I and FTB can be tiring. Once it is done correctly, the functionality and reports become valuable, although the implementation part can still be challenging.

I have used the solution for about ten years now.

It is very stable, a product that I put on the network, and it will run for a very long time. I would rate it nine out of ten.

It is very stable. I would rate it nine out of ten.

I think I will give them a seven out of ten for WSA. The support is good but slow. Generally, the response time for resolving issues is getting slower. This applies to all products, including firewalls and next solutions. It is not what it used to be.

Neutral

The setup is simple and quick. The web is already an appliance on standby. The only challenge is when I bring policies to the appliance and integrate it with my next solution and FTD. It can be tricky initially, but as I become more familiar, it becomes easier. However, it depends on the environment. Simpler environments make the setup very straightforward.

Comparing with other products, Cisco has more functionality, but pricing is a challenge. Cisco is not a product for small companies due to its pricing. Cisco has been in business for a long time, requiring a significant investment.

I can provide it with BlueCards. BlueCards is where ReliVista plays a role. In terms of functionality, BlueCards is slightly off, however, I've heard good things about WSA. While comparing it with FTP and the firewall, it is improving and becoming more competitive in the market.

I will give it a seven out of ten as the overall product rating. It is a good product, and as a Cisco partner, we sell many Cisco products.

We are using Cisco WSA as a proxy solution. We control Internet browsing so colleagues will access websites securely.

Cisco regularly upgrades features for the customer's security requirements. They've added new features to the product and upgraded the OS version so that users will get the latest security features. Cisco WSA's malware protection, AMP, and DNS security are valuable.

We are planning to migrate the solution from in-house to the cloud. We would like to see a security service head, where we can combine all the security into one solution.

I have worked with the solution for approximately 14 years.

I rate the solution's stability an eight out of ten because it's used 24/7 in my organization.

With the in-house solution, scalability depends on the fixed hardware you purchase. You would have to choose a particular-sized hardware based on the department. You must choose the right hardware box whether you want 2,000, 5,000, or 10,000 users. If you use the solution in a virtual environment, you can scale up by increasing the virtual box size. There is no limitation on the product's scalability.

I rate the in-house version a seven out of ten. When you move the same solution to a cloud, it scales properly because it's based on Umbrella. I rate the cloud solution's scalability a nine out of ten.

Thousands of users use the solution in my organization.

We used Trend Micro before Cisco WSA. We switched to Cisco based on our security requirements and Cisco's features.

I rate the initial setup an eight out of ten because it is straightforward.

When deploying the product, first of all, you need to understand the requirement for the security concerns before deploying it in an organization, which will take some time. After that, you install the software and create the policies to ensure your client is using a secure channel to access the Internet. You will need to refine policies based on the client's requirements. The process will take time to stabilize things for a new deployment. If the policies match the organization's, deploying the solution will take a couple of hours, not much more. We needed just one person for deployment and one person for maintenance and management.

We deployed the product in-house on our server.

I rate Cisco WSA a seven out of ten since it is costly. The price might be a problem for smaller businesses. There are no additional costs.

We evaluated Barracuda and other solutions.

Cisco is already launching a new product with the latest features. We will migrate to that solution once they upgrade it. We plan to migrate to a SaaS solution because everything is on the cloud.

Price is a concern because everyone wants to make money for services and might change the licensing model.

Cisco WSA is an ancient solution. Cisco is upgrading the solution on a cloud that will have old and new technology features. Cisco WSA's new name is Cisco Umbrella.

I rate the product an eight out of ten.

We use the solution for web security. We have Netskope for DLP. We opted for the Cisco solution for its cost-effectiveness. We use all its features effectively to prevent unnecessary expenses.

We implemented Cisco Web Security Appliance to address the challenge of ensuring security for remote workers. Employees working from home operate outside the company's network, potentially exposing the organization to various risks as they access the internet directly. Without enforcing company policies, there's a heightened vulnerability to data breaches. We can extend protection to remote users by deploying Cisco Web Security Appliance, even when not connected to the company's network. This ensures that corporate data remains secure regardless of the user's location.

Cisco Web Security Appliance restricts access to illegitimate websites, including those containing pornography and categories like social media platforms like Facebook. Policies must be installed on endpoints to enforce these restrictions and assist users in accessing appropriate content.

The solution offers a range of security features, including Cloud-based policies and Key Security Bundles. It includes DNS certificate functionality. These features streamline security processes and provide comprehensive solutions within a single platform.
The DNS security feature is the most effective when users transition to remote work, as we are currently in a hybrid mode due to the COVID-19 pandemic. This hybrid mode involves working from home and occasionally reporting to the office.

The solution could provide seamless integration with other technologies. Cisco's strength lies in its reliable managed services, which address any issues promptly. It is not able to integrate with existing technologies. 
The ISB component of KSB is weak, but its firewall capabilities and DNS are strong.

I have been using Cisco Web Security Appliance for one year.

It is scalable and is a very effective solution in that regard. You can size it differently according to your needs, as there are various models available. When it comes to scalability, we address five key factors.

The Cisco Web Security Appliance is indeed stable. While there have been occasional instances of instability, particularly during the August period, overall, its stability is commendable. The solution itself is robust and reliable.

Customer support is very effective. They follow up to resolve any issues. They continuously inquire if there are any outstanding concerns. Their comprehensive approach, covering many solutions, including a 360-degree block-wise strategy, is excellent.

Positive

We tried using Cisco but faced issues, especially with DDoS attacks. There were delays, and our website started to crash because of the overload on their servers. 

Cisco manages the solution's setup. We purchased their managed services, so they continue to handle its management.
The complexity arises when deploying various web security solutions, such as Kaspersky, with Cisco Web Security Appliance. Sometimes, transitioning from one solution to another, like Kaspersky to Cisco, can bring certificate installation complexities. 

If we opt for the Cloud version, implementation takes two months. On the other hand, deploying the on-premises solution usually takes three to four months.

The general investment in Cisco Web Security Appliance is relatively minimal. When considering its utility, the primary purpose is to enhance the layers of protection. If our endpoints are already secured, the justification for investment may seem less apparent. However, the significance of Web Security Appliance becomes evident in scenarios where breaches occur or security threats escalate. In such instances, the importance of investing in additional security measures becomes clear.

The Cisco Web Security Appliance provides DLP to organizations. It helps prevent the unauthorized transmission of sensitive information by blocking such attempts. Additionally, it safeguards against malware attacks, particularly on websites not authorized by our company. Its role in protecting us from malware is pivotal.

The organization itself handles the configuration and management of Cisco Web Security Appliance. Cisco assists in deploying and configuring the appliance and managing all associated services.

Integrating the Cisco Web Security Appliance with other solutions is quite challenging. For instance, when we tried to integrate Netscape KSP, we encountered difficulties retrieving logs. Additionally, our solution failed to interact with the Web Security Appliance. Overall, the integration process remains problematic, hindering the effectiveness of our security infrastructure.

We have both the cloud version and the on-premises version. For clients who require data sovereignty, we offer the on-premises version, which includes a data sovereignty tool. This allows them to enforce policies that prevent the transfer of logs to third-party data centres, ensuring compliance with their country's regulations.

Overall, I rate the solution a nine out of ten.

Cisco Web Security Appliance is used for security, proxying, and obviously proxy caching to save circuit bandwidth, but it is also used for security features because it is integrated into our ecosystem.

Use of the uncategorized feature of Cisco Web Security Appliance by placing into an immediate blocking stance has saved the organization from Zero day attacks.  Bear in mind the potential for false positives is real in the beginning, however a structured process to submit sites to Cisco for categorization does eventually aid in the maturity.

SSL decryption was one of the features we wanted to experiment with but did not get around to because of time constraints. 

What we liked best about it was the ability to apply policy to either a user ID or an IP-based network. Your customers are either people or machines. We chose not to create a service account for the server/machine, we had to have an IP address, based on a subnet and then applied policy to that.

The reporting needs improvement. We were using a stripped-down version of Splunk at the time, and as far as I recall, there was no easy way for us to send those logs to our enterprise Splunk. It kept pushing us to use the smaller version. That was probably just a sales team thing, but other than that, the product was great, but the reporting was definitely an issue.

I would like to see Risk API included, as well as the ability to automate adding things to the blacklist and whitelist without having to do it manually and having it report into the Cisco WSA cloud via risk API.

We started Cisco Web Security Appliance in 2013, we were Websense and we carried it until 2020. I had been working with it for seven years. To be clear, we decided to abandon Cisco WSA in favor of Zscaler.

We used their appliances on-premises.

We last used it approximately 18 months ago.

It was very stable. We enjoyed working with it. What we liked best about the WSA was the ability to block uncategorized traffic. 

Uncategorized is usually where you'll find your zero-day issues. A brand new website from a bad actor or bad country is unlikely to be categorized in the Cisco URL database, so we chose to block it. 

There are advantages and disadvantages to blocking that. If you block that, you are blocking a lot of things, and it becomes more of an administrative headache.

As long as you start using this Cisco WAS, URL reporting system, then there is a way around that. Because you could submit this URL we believe is business and whatever, or marketing.

Outside of that, you had to create a white list, which we were able to do due to our flexibility. If something was quick, this is an emergency, this is a valid site, it's not malware, it's not bad, you can add it to that list in your text file.

We had 50,000 people using this solution in our organization.

Cisco Web Security Appliance is a scalable solution.

Technical support was very good. 

I would rate them a five out of five.

Positive

We used to use Websense, but it was more political. The support model for Websense revolved primarily around two individuals. That person, or two people, did not want to share the responsibilities for whatever reason, so that's part of it.

When WSA was rolled out, it was given to a support team of about 20 people; the way we implemented it went beyond that. It also provided, the flexibility to apply those various policies, which was definitely beneficial.

It made use of the Cisco ecosystem. We were a large Cisco shop, like most companies, with our routers, like firewalls, not today, because we are moving, but it was good back then.

The initial setup is dependent on your knowledge of how to deploy proxy. Back when I was an engineer, I was the one who actually deployed it. I'm now a director, so my role is different, but I carried over my knowledge from my previous engagement. For me, it was easy based on what I knew.

If it wasn't parked in the ELA, which obviously has other things baked into it, such as support, NOS engineers, TAC, ECS, high-touch for example. Our ELA cost was in the multi-millions, so if it was separate, I could break down the costs, and based on that, I believe the return on investment would have been easier.

It's well worth the money. 

Based on my experience with Cisco WSA, I believe it was well worth the investment. The problem is that I don't know how much it cost.

I'm sure there was a breakdown somewhere, but we only saw one ELA cost.

At the time, licensing fees were paid on an annual basis.

I don't recall the cost; it was included in our ELA.

To be honest, nobody should consider on-premises anymore. It's a different world. There is now a cloud presence, and if Cisco WSA cloud presence matches what I know of Zscaler, you can basically go anywhere in the world and your laptop is forced to use it. Then you have coverage and monitoring.

If it meets your requirements, the person who is interested should use it. If it does not meet your personal criteria, they should look for a different solution; today is a different world, and I believe everyone works from home.

We are no longer working on-premises. If you work from home, you have two options: force people to connect to the network via VPN.

If you force people to use the VPN, you can force them to use a WSA in Cisco on-premises. I'm not familiar with the WSA cloud, but if you could force them to go directly to the cloud from your home, it's well worth considering. That's fantastic, in my opinion. Cloud definitely alters the dynamic here. It's borderless nowadays, with thoughts on everyone flowing through the inside. They need to be more open about borderless, and it appears that they are.

I would rate Cisco Web Security Appliance an eight out of ten, because, for one thing, we had issues with the reporting and didn't like the stripped-down version of the reporter. The other is that they were not in the cloud at the time, but I believe they are now.

I use Cisco Web Security Appliance in my company for proxy-related purposes.

The most valuable features of the solution are the functions of proxy for the users who use the internet and the security it offers against the not-so-secure web pages.

There are certain shortcomings related to the product's management capabilities, where improvements are required. The solution needs to provide better management of the category of web pages.

I have three years of experience with Cisco Web Security Appliance. My company is a customer of the solution. I use the solution's previous or the previous to previous version.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a seven out of ten.

Around 300 people in my company use the solution.

I use the solution every day in my company.

At times, the product's technical support takes a long time to provide solutions.

I rate the technical support a six out of ten.

Neutral

I have experience with GFI KerioControl. I also have experience with other devices from Cisco. I have done some integration of the Cisco Web Security Appliance with other systems.

I rate the product's initial setup phase a seven on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup phase.

The solution is deployed on an on-premises model.

It took quite a long time to implement the solution, maybe seven to eight months. The deployment phase took a few weeks.

Two or three specialists who are network administrators in my company were involved in the deployment and maintenance phases of the product.

The product's reseller helped my company with the product's implementation phase.

From an ROI perspective, I rate the product a nine out of ten.

I rate the product price a ten on a scale of one to ten, where one is low price and ten is high price.

During the evaluation phase, my company considered GFI KerioControl and Fortinet FortiProxy against Cisco Web Security Appliance.

I rate the overall product a seven out of ten.

We use Cisco Web Security Appliance as a forward proxy, and all the web requests to the web servers are filtered through it.

Cisco Web Security Appliance has very good security benefits for any company and is easy to integrate. The primary use of having a proxy is to hide the actual user from the open internet. We opted for Cisco Web Security Appliance because Cisco's TAC support is outstanding. It's good to have products from Cisco. All the network equipment, like the routers and firewalls, are usually from Cisco.

Cisco lacks a GUI-based troubleshooting feature compared to products by other vendors. There might be some instances where the proxy is blocking some genuine traffic. It could take a lot of troubleshooting with Cisco Web Security Appliance proxy, which could otherwise be easily identified by a GUI-based troubleshooting tool.

I have been using Cisco Web Security Appliance for the last three years.

Around 60 to 70 users are using Cisco Web Security Appliance in our organization.

I haven't set it up, but I believe Cisco Web Security Appliance's initial setup is easy.

I wouldn't recommend the solution to other users because Cisco has already announced the end of the light for the Cisco Web Security Appliance proxy. Cisco is no longer going to support it.

Overall, I rate Cisco Web Security Appliance a six out of ten.

We are just using the solution for internal purposes. When we need to browse the internet, our staff will either be allowed or refused access to the internet. All of the internet is accessed via the server.

The bandwidth limit is useful. The categories are pre-defined by Cisco. 

It's a very user-friendly product and is easy to set up.

The product is stable.

It's a scalable product.

It should have a user-based quota, per-user quota, that can be defined on the appliance. That way, if a user reaches their quota individually, they should be blocked for the next day. 

One major feature that is still not in this product and that should be implemented by Cisco is that it should have a live graph. We'd like to see, for example: What is the user consumption at the right now? What is the bandwidth, when bandwidth is used by the user? There is no current graph of it and I would recommend it should be in the product.

I've been using the solution for five years. 

The product is stable. I have not seen any issues in five years. We have not had any unintentional reboots or downtime. It is very reliable and is a stable product.

We haven't had any issues with scalability.

In my first company, there were 2,000 people on the solution. In my latest organization, we have 15,000 people on it. 

We've reached out to support for day-to-day challenges. They've been very helpful and responsive and we have been happy with their level of service. 

Positive

The solution is very easy to set up. It's user-friendly. The process isn't difficult. It took us about a day to set up.

You do need to pay for a license. It's not cheap or expensive. It's mid-level in terms of price. 

We did look at other solutions. We conducted a comparison of options and did a POC. In the end, we found this product very helpful. We looked at, for example, Fortigate, among others. 

We're a customer and end-user.

I'd advise users to give the solution a try. It's a very easy-to-use product and everything is working without any issue with the appliance. I would recommend others to use it.

I'd rate the solution nine out of ten.

Cisco Web Security Appliance is user-friendly and easy to manage. It protects your environment while accessing the internet. 

The tool needs to improve cloud-based decryption. 

Cisco Web Security Appliance's stability is good. 

The product is scalable. We have 1500 to 2000 users. 

The tool's deployment is very straightforward. The only process that can take time is aligning the policies as per your use case. 

Getting a partner from Cisco to help with the deployment is good. 

You can get a good ROI in the long run. 

The tool's licensing is yearly. 

I rate the product a ten out of ten. 

Cisco Web Security Appliance can be used as a proxy for sending all traffic to the internet. In that case, I can apply security policies and provide anti-malware, protection, and attack prevention with this security appliance. Additionally, there is some advanced functionality, such as security orchestration and security incident management appliance integration. You are able to have full protection and incident management.

This solution can be deployed in the cloud or on-premise.

I am using a virtual infrastructure which is the easiest infrastructure.

The most valuable feature of Cisco Web Security Appliance is the provided anti-malware functionality and URL categorization. I can block access to malicious websites. 99 percent of the cases are related to a malicious website. If I cannot browse those malicious websites, then we are 99 percent protected. 

We have SSL decryption and we receive full visibility of what is happening on the network. With SSL decryption, most of the traffic is encrypted and if I had the traffic recorded, I could see what is happening inside that traffic.

The solution could improve the graphical user interface. It is not up to the regular standard of what we would expect from Cisco. Additionally, they need to improve the categorization when blocking in the settings. The CLI could have a better view than the graphical user interface but I did not investigate further.

I have been using Cisco Web Security Appliance for approximately seven years.

The solution is stable and has high availability.

I rate the stability of Cisco Web Security Appliance a nine out of ten.

The scalability of Cisco Web Security Appliance is high.

I rate the scalability of Cisco Web Security Appliance a ten out of ten.

Cisco is the best support team available on this planet. I am happy with the support I have received.

I have worked with Cisco Firepower and the Cisco DNA Center Platform. It is a stable solution, but they are working on improving it.

The initial setup is complex. The is not much flexibility when creating policies. As per the design guide, they have provided a lot of limitations for creating policies. For example, if I create 30 access policies, 30 customization decryption policies, and 30 custom complex policies, there is a complexity in the qualification. If the policy is complex then CP gets high, which is a problem. 

Following the best practice guide, I have to follow that constraint. However, customers, are not happy with the restriction and policies. They want to create as much policy as possible. 

The implementation took approximately two weeks or ten working days.

I do the implementation of this solution.

There is a subscription-based license needed to use this solution.

I rate Cisco Web Security Appliance a nine out of ten.

I am a reseller and work with clients to set up web and email security. Most of my clients focus on web security where they connect with proxy servers to view security items that relate to antivirus, threat defense, and anti-malware. 

The solution is used to enforce security when accessing the web and as a transparent proxy for smartphones and tablets. 

The solution provides good web reputation and anti-malware protection. 

URL filtering and parameter controls are not used in business or enterprise implementations but are good. 

The transparent proxy is quite difficult to enforce on smartphones and tablets because it is on a sticker implementation rather than a line mode. The WCCP ID is the biggest IP address of the appliance but it is not able to be reached by the user. 

The addition of inbound features such as a reverse proxy and load balancers would be very useful.

Reporting could be improved so that a central management solution is not required. 

I have been using the solution for more than ten years.

The virtual appliance is very easy to implement and is stable with no crashes. 

Power outages may affect the hardware appliance because its hard disk is encrypted. 

There are some issues with scalability when adding new devices that are related to clustering and load balance in the Active Directory. 

Technical support is quite good compared with other solutions. 

I rate support a ten out of ten. 

Positive

The initial setup for a basic implementation with direct access to the proxy is straightforward. 

I rate setup a ten out of ten. 

We implement the solution for our customers. 

For a security solution, there isn't an ROI but you can evaluate how much data or money you will lose if attacked.  

The licensing options begin with 100 users and this is a high threshold for smaller networks that might only have 25-75 users. 

It would be a benefit to offer one-year licenses in addition to the already available multi-year packages. 

The premium or bundle licenses require additional support from third-party vendors to ensure there are no disruptions in service for customers. 

It is important to be confident in the solution even though it is new because any challenges are minor. 

The solution is one of the best enterprise-based products in the market and is not expensive compared to others. 

The solution is not perfect because it has transparent proxy issues so I rate it a nine out of ten.