Cisco Email Security Review

Helped with mail filtering and load balancing between Exchange servers


What is our primary use case?

The primary use case was for email security and load balancing between Exchange mail servers.

How has it helped my organization?

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

What is most valuable?

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

What needs improvement?

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the ESA in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if ESA and WSA could be brought together, it would make a better appliance, one wholesome appliance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

From my perspective, it's pretty stable. We didn't have any issues.

What do I think about the scalability of the solution?

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two ESA boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

How are customer service and technical support?

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

How was the initial setup?

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

What was our ROI?

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

What's my experience with pricing, setup cost, and licensing?

There were no other costs in addition to the standard licensing fees.

What other advice do I have?

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco ESA at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email