What is our primary use case?
It is used as the primary perimeter gateway for our organization before you can access our environment. Being hosted with Cisco, it goes through Cisco Secure Email Cloud Gateway. Spam, marketing, malicious or virus-enabled emails are not delivered to us 90 to 91 percent of the time because they are stopped external to the organization. That is a massive win for us. We don't have to worry about having to deal with all those emails going through our email servers.
How has it helped my organization?
Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails.
From a user's point of view, if we're stopping them getting spam, they're happy.
The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.
Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.
It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.
What is most valuable?
The bulk of the email stopped would be marketing. Spam-related email tends to be our biggest issue. The most dangerous contain malicious content, and those tend to be the worst.
The biggest issues are the social engineering and phishing. A lot of the spammers are actually quite good at spear phishing attacks and social engineering our emails. We obviously do checks. We run some simulations for our staff, where we try and train them so they are aware of what not to click on. Also, we have installed Umbrella and had it for a long time as well. Therefore, if something was malicious, and one of our users had clicked on it, Umbrella would usually stop anything outgoing. The combination of the two solutions has really helped secure our organization.
What needs improvement?
I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does.
The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have.
For how long have I used the solution?
What do I think about the stability of the solution?
We really haven't seen any issues on the stability side of it being cloud-based. We also have three virtual hosts that run in our environment. in the event that we lose one, there are two others. We have never seen any issues with the environment, which Cisco proactively monitors. They'll come back to us and indicate if there are any hardware performance issues and schedule appropriate restarts to appliances, if required. This happens occasionally.
Given a lot of people target hospitals, we tend to be attacked more than other corporations because there are health records, health information, financial information, and research information. Cisco Secure Email Cloud Gateway and some other products have definitely allowed us not to have the downtime that we may have had if our previous products and solutions were in place. As far as I'm aware, we haven't had any downtime since we put in Cisco Secure Email Cloud Gateway and Umbrella several years ago, which has been fantastic.
We have our security analyst who gets feeds out of Cisco Secure Email Cloud Gateway into our other products. We also get feeds into AMP for Endpoints, so we see what happens because we have our Cisco Secure Email Cloud Gateway integrated with AMP for Endpoints. That goes into our Threat Grid and Threat Response.
Our server team might get queries about messages that might have been quarantined or someone having trouble receiving external emails. That's usually where a domain might be rated above our parameters and gets blocked. With something like 3,000 mailboxes, we spend at most an hour a day checking on the Cisco Secure Email Cloud Gateway environment.
What do I think about the scalability of the solution?
Our environment is scalable, and we monitor that with Cisco. When we do our periodic Health Checks, we look at the performance of the appliances and how they're doing. They're handling the 10 to 12 million emails that we do receive through Cisco Secure Email Cloud Gateway a month. There are about 90 percent which are not even forwarded onto us. Therefore, it's handling the capacity that we have at the moment. At this stage, there's no need for any increase in our hardware.
It's an invisible service where every piece of email going in and out of the organization goes through CES.
We are doing more integrations with other security products, like Threat Grid, Threat Response, and AMP, along with SecureX. Getting the Cisco Secure Email Cloud Gateway feed into that and have one pane of glass to see the threats of the organization through both emails, firewalls, routers and VPN is fantastic.
How are customer service and technical support?
We have a team of resources at Cisco that we can call on, if we need things escalated. Having great customer-centered service and support is one of the reasons why going with Cisco has been such a fantastic decision for both organizations that I've been at.
Which solution did I use previously and why did I switch?
Prior to using Cisco Secure Email Cloud Gateway and my being at the organization, they had a Qbot massive issue. I don't know a lot of the detail, but at the time, we had a lot of machines that had to run certain versions of software. Because of it being older software, legacy-type applications, they were more susceptible to issues. Qbot just went through the organization and took out a lot of that equipment/machines. Cisco actually came in and assisted to get rid of all the issues that we saw with Qbot, etc. It took several weeks spent by Cisco and other organizations trying to resolve our issues with Qbot to get things operational and back to normal. That was really the catalyst to get Cisco Email Secuity into the organization.
We were previously using McAfee for both their Endpoint Protection as well as for Email Servers. The difference was the volume of emails hitting our email servers. The servers had to deal with 10 million emails a month. Having to process those additional emails and pushing them onto users took a massive amount of infrastructure and resources at a server level. Whereas, at the moment, our servers are not having to deal with that because we have Cisco Secure Email Cloud Gateway right outside of our perimeter.
One of the reasons that we switched away from McAfee is that we moved to an enterprise agreement with Cisco. Under that, we get the Cisco Advanced Malware Protection (AMP) for Endpoints. Once we went down that path and install it, there was no point in having McAfee as well when the AMP for Endpoints already has some of the different engines. Plus, there was a duplication of costs and applications, such as the support costs as well as to maintain multiple antivirus and endpoint protection software.
At my previous organization, we were using the standard Office 365 controls and Email Gateway before we put in CES. The amount of email and spam that we got, even malicious emails, through Microsoft was horrendous. We ended up having four different massive outages because of getting some viruses in the organization and some of our file servers along with encrypted user hard drives. We had four instances of major outages where we were down for probably 24 hours each time, and that was only because we had the backups. We also had some other measures where as soon as we saw any change in the root directory (as that data encrypts our file shares), we'd automatically shut the services down. However, this was an inconvenience for the users. You would end up getting the initial malware, then also having to do remediation to get it back to normal. When you have potentially hundreds of staff who are offline for 24 hours, it's a very big cost to the organization when you don't have your systems up and running.
When the malware got through Office 365 on four different instances, that was directly attributable to the difference between Office 365 and CES. Our users still had to get their email through our on-prem server, but we did not let staff get their emails directly from the Microsoft 365 Server.
Once we put in CES, these issues disappeared altogether, and we were thankful that the volume of spam emails decreased considerably. Office 365 is a good second check to CES, but there's nothing that I've ever seen which has gotten through Cisco Secure Email Cloud Gateway that Office 365 has picked up.
How was the initial setup?
The initial setup is straightforward. Cisco does a very good job of onboarding customers and setting it up so it's very much ready to go based on some fairly standard settings from Cisco's point of view.
The deployment took only a few hours. Even at my previous organization, it was very quick. Once it was done, we changed our MX records to go to Cisco Secure Email Cloud Gateway instead of Office 365. From there, email went from Cisco Secure Email Cloud Gateway to Office 365. It was pretty simple. We had control of our DNS so it was very quick and easy for us to change the records and get our email flowing through Cisco Secure Email Cloud Gateway. We could see the benefits straightaway. We could see just how much volume was coming in, e.g., in my previous organization, we had something like a million emails per month, of which eight percent would be delivered to our end users.
In terms of switching from one solution to another, it's seamless for the user. They are not seeing the downtime because they're connected to the local Exchange Server. Therefore, they're not seeing the upstream components. There might be a slight delay in terms of the MX records globally, but that is, at worst, 24 hours. So, there might be some delayed emails, but that's probably the only thing. Once we had switched over, we received positive feedback saying, "Hey, what have you done? It's been fantastic. You've reduced the amount of spam messages we used to get."
What about the implementation team?
It was easy enough to do the implementation with Cisco and their support because we had adopted an enterprise agreement with them. Therefore, we had the support of Cisco implementing both Cisco Secure Email Cloud Gateway and Umbrella into our organization. They were very good at helping getting up and running.
There was one of my other staff who assisted me in setting up Cisco Secure Email Cloud Gateway with Cisco. It was relatively simple and easy.
Doing Health Checks with Cisco have been fantastic. Being able to do those every few months and going through what other options that we might want to lock down or change gives us an opportunity to ask them questions, see what we could be doing better, or what new measures/features have been deployed, furthering securing our organization. The Health Checks are an invaluable service that Cisco provides to CES.
What was our ROI?
In my previous organization, avoiding four instances of CryptoLocker within an estimated six month period is approximately $600,000 in lost time and effort. Our five year cost was about a million dollars, and the four outages that we had equated to 65 percent of that five year cost. It ended up being a very simple decision to go with the security enterprise agreement with Cisco, which included Cisco Secure Email Cloud Gateway and all their other cybersecurity products.
Which other solutions did I evaluate?
Office 365’s native security controls to protect your organization compared to this solution are terrible. With Office 365, unless you actually pay for the advanced options with email security, they're actually quite useless. You've no control over the standard offering.
My previous organization did look at the Symantec Cloud solution. At both organizations, it didn't really make any economical sense to look at other vendors. If we had an enterprise agreement with Cisco, then you get the support from Cisco that's second to none, where you get somebody on the phone straightaway to work through your issue until it's resolved. My previous dealings with Symantec and McAfee are that they're not as customer-focused in terms of their support. Cisco has been.
What other advice do I have?
Don't have an organization that doesn't have this sort of protection in place. If I was to be in another organization, and they didn't have this sort of protection, I would definitely be advocating that they get something in very quickly.
Don't hesitate: The benefits are there. It can be seen as being a large cost. However, if you've ever had any instances where you've been affected by malware or CryptoLocker, there are a number of things that you should be doing as an organization: perimeter email security, DNS protection, and removing USB access on devices. These are probably the top three things that I'd be advising people to do.
We don't use Office 365 (which is now Microsoft 365) at the moment, but it's something that we are looking at. Being a large hospital, we're looking at aligning ourselves with our Department of Health so Office 365 is something that we will be using that to a certain extent. However, we would still be using Cisco Secure Email Cloud Gateway if we did move to that. We would deliver emails from Cisco Secure Email Cloud Gateway into Office 365. That way, we would still have the security. That's how I've set it up at previous organizations: Going from Cisco Secure Email Cloud Gateway into Office 365, delivering to our on-prem Exchange Server, and then onto our users.
The amount of traffic that it stops is massive. I would rate it a 10 out of 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?