From a security perspective, our organization is much stronger in the email domain. We have effectively monitored spam patterns, and with the rise of phishing in recent years, our capabilities have further improved. This has been beneficial for our organization since we can identify and prevent specific types of phishing emails. 

We have the ability to customize certain aspects ourselves, which has also aided our organization. Additionally, relying solely on users to make secure decisions regarding phishing emails is not always reliable. Asking non-security personnel to make security-related choices can be risky. Therefore, Cisco Secure Email has been instrumental in relieving users of this responsibility. By implementing specific metrics and criteria, we can intercept and block such emails, allowing the system to handle the workload. Although the process requires some manual intervention on our part, it is acceptable considering our large user base of 9,000 individuals. Cisco Secure Email has played a crucial role in shouldering this burden and has greatly benefited our organization.

The effects of Cisco Talos on our security operations are really good. In the past, there was a philosophy that some security professionals used called defense in depth. It has two dimensions. One is implementing defense at the edge of our network, then progressing further inside the network, all the way to the desktop. We continue to implement security at different points, including the desktop, to ensure comprehensive coverage. Another interpretation of defense in depth is implementing security measures from different vendors. Each vendor has its own strengths, such as better virus scanning or more effective firewalls. By using a mix of vendors, we cover a wider range of potential threats and minimize vulnerabilities. However, I believe this approach is no longer necessary because of tools like Cisco Talos. Talos provides such extensive coverage that it quickly addresses new threats. We no longer need to worry about relying on multiple vendors to catch up. Cisco Talos has been great for our security.

It has significantly saved our IT staff a considerable amount of time. Without it, we would likely be dedicating four times the current amount of time to managing email and spam. Currently, one staff member spends five hours per week on this task. Without Cisco Secure Email, that number would increase to twenty hours per week, equivalent to one hundred hours per month. Thus, I estimate a time saving of around three hundred percent. Additionally, the absence of Cisco Secure Email would result in a three to four hundred percent increase in staffing requirements, as we currently have a team member solely responsible for managing the product on a daily basis. However, the time spent by this individual using the solution is far less than it would be if they were dealing with email issues without the solution. Thus, Cisco Secure Email has had an immense impact.

Cisco Secure Email helps us consolidate some tools. When we installed Cisco Secure Email, we had another email PMDF gateway that had extremely outdated capabilities for blocking things. It was ineffective. Cisco Secure Email surpassed our previous methods by leaps and bounds.

Cisco Secure Email has aided our organization in enhancing its cybersecurity resilience. Without Cisco Secure Email, our cybersecurity posture and resilience would be significantly compromised.

The last time I checked, which was about a month ago, when I looked at all the emails sent to any of our domains — because we have about 10 email domains, and they all go through the appliance — by looking at a report the solution has, I saw that 84 percent of the email sent to those domains never got to our Office 365, because it was spam, malware, phishing, or there was something wrong with it. So it stopped 84 percent which was bad email. Based on my experience and talking to users, 99.8 or 99.9 percent of those emails that were stopped were spam or malware. There might've been 0.1 percent that was caught by the mistake. But that's 84 percent of email not even getting into our systems.

It has prevented downtime. The simple fact that 84 percent of them were stopped keeps people from having to look at those in their mailbox. If you take 1,000, out of that number 840 didn't even come through. That's less wasted time going through your mailbox and reviewing your messages. It also frees up the users, when they do see something that's not anywhere near normal, to clue in that there might be something wrong. We have had emails get through, phishing emails and things like that — it has happened — but I would say we probably get one through about twice a month, at most. The users will immediately shoot it right to the help desk. "Is this real? Is this spam? Is this something I should do?" There's no way to really put a number on it, because I've never really looked into it, but if nothing is coming through that you didn't want to see, then there's no downtime.

Only in a couple of cases have we had a user actually do something they shouldn't have done before they notified us, but that's training. You never have a perfect solution. Two a month is our average, over the last year, of emails that got through that we wished hadn't gotten through, but no harm came of it because the user notified us, and we just told them, "Delete it." We make sure everything is working right and that there was no malware involved and we let it go.

Also, as far as the IT department goes, it's made our lives a lot easier. We get emails if anything does happen. We've chosen to see any event. We only get notified of exceptions that we want to investigate or we want to look into. That makes things easier because we're not out looking all the time. We can wait for the email to come in.

We can look at the updates and the different changes Cisco makes to the system to see if any of those things is going to help us. We think about whether we want to invest any time in configuring those? And once it's configured, you're done. The most difficult part of that is remembering what you did. So we've learned to do our documentation that much better because we need to be able to go back and read what we did before, what we configured.

Our company might buy another company, so we have another domain to add our list of domains for email. In less than an hour we have all that set up and the whole system working, with emails going through the appliance. It's saved us a tremendous amount of time daily, just in terms of keeping track of things.

The primary consideration for adopting a new product revolves around its most valuable features, and this assessment is product-specific. In our organization, we heavily rely on this evaluation to determine if the product aligns with our needs.

One benefit is the resilience of the solution when implemented in conjunction with other solutions, and the other one is the new features that Cisco is adding to the solution itself, such as awareness of advanced phishing threats. The environment that Cisco is building around this primary product in its catalog is helpful.

We offer almost all of the Cisco Security solutions, but recently, we've been working more with cloud solutions. It's easier for customers to adopt them. We also continue to deploy some of the firewall solutions with the physical devices and also email protection solutions either with the VM solutions or with the physical appliances. We've been seeing evermore integration of the products based on the browsing console, which is very nice for customers because they only need to have a browser to access all the different consoles of different products. They can be consolidated with SecureX. It's an advantage for the customer to be able to handle all the different consoles for different integrations that the customer has in one place.

Cisco Talos is a very nice complementary solution to the email protection suite. It gives you the threat intel regarding the latest news and infections that can be problematic for the customers. They become aware of what's happening and any latest vulnerabilities they may have on-prem.

Cisco Secure Email Cloud Gateway has allowed our users to be able to concentrate on the emails that they do receive. Previously, our users had to deal with nine million additional emails across the organization, which is nearly 1,000 emails per user to have to deal with a month. That's a massive amount for our staff to deal with and probably several hours of their time. We have a lot of clinical staff, being a hospital. We want to make our staff as productive as possible. By removing a lot of that spam and phishing type emails, this allows them to do their job. A lot of our staff who are our cleaners don't necessarily use email as often as some of our clinical staff. Therefore, the numbers are worse with our clinical staff who probably end up getting double the amount of these emails. 

From a user's point of view, if we're stopping them getting spam, they're happy. 

The threat intelligence that we receive from Cisco Talos is good. We don't have the staff or SecOps to do it ourselves. We have one cybersecurity analyst who complements the rest of our IT support for communications, network, and server infrastructure. Things like Talos give us the ability to leverage what Cisco is doing without having to invest the money, infrastructure, and people.

Without it, we tend to be in our little bubble/ecosystem. We're not seeing the number of attacks. Whereas, with Talos being connected to so many organizations around the world, it gives us early warning that we wouldn't have normally had. Because we don't have many applications externally available to the organization, it's good that there's something out there looking out for our best interests. We're able to easily apply that to our infrastructure and without any effort. A lot of it's automated, so it's just applied.

It is a great benefit that we're able to run 24/7. With the help of Cisco and Talos, it helps keep our organization safe. We are very much on top of any sort of zero-day events that we hopefully don't see ourselves. So, we're able to leverage the misfortune of other organizations who have experienced events, in some instances, to our benefit.

A lot of our customers use another Cisco product already, so they have confidence in Cisco products. The firewalls they are currently deploying and using have evolved from their older ASA products. They are now moving to the new Firepower Threat Defense, which incorporates many more features and allows them to get the latest ALOFT download and feeds for any security vulnerabilities and they're able to react very quickly to any vulnerabilities that have been highlighted.

Initially, when the firewalls were first marketed and came onto the market, the visibility wasn't very good. But as the software evolved over time, that visibility has increased a lot more, and that is giving customers a lot more competence in the traffic and the traffic flows that they're seeing through the actual devices, so they can better understand the types of applications that they have on their network.

The good thing about the actual firewall itself is that it can integrate with other Cisco products, such as Cisco ISE so that it allows full end-to-end visibility of connectivity. It gives very good visibility. It's that integration with other products, not just what that individual firewall can do itself.

Talos is obviously fundamental to the actual firewall, reporting on vulnerabilities that are happening day to day. And the regular downloads, obviously, give customers confidence that their products are as secure as they can actually be.

The user interface massively improved our organization. The device itself works perfectly fine and it's not too complicated to write policies.

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

• For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
• DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

Overall, the ease of migration to Cisco's cloud email security from the on-prem solution was a positive experience. We are very happy with the change. It makes security easy. The cloud solution is doing a great job. We are stopping more emails, and in a better way, than we did in the past. It's also not stopping as many good emails, but I think this is because Talos has gotten better, rather than something to do with the cloud technology. But the numbers over the past year are significantly better compared to the past.

We use ESA with Security Management Appliance (SMA). We have SMA M690. The integration of ESA and SMA makes the whole work easier. SMA is the central content appliance, and we have three ESAs. The SMA is able to collaborate with the clustered ESAs for log management and other things. It gives some stability in terms of what is happening. ESA keeps a lot of logs, so SMA is able to move through ESA and get those logs out. This integration has really helped us to drive our operation in the email platform.

It does a lot in terms of preventing phishing and business email compromise with DP and Advanced Phishing Protection. DMARC gives visibility for preventing spoofing and social engineering attacks. ESA has been able to help and protect us from those attacks. It is doing a lot of work. Gartner has always rated Cisco's ESA appliance as one of the major players.

It is doing a lot to prevent spam, malware, and ransomware. Everything is also tied to how you have configured it. Some of the spam emails don't get to the customers. We can quarantine a spam email, which gives us the visibility to look at it and see if it is actually spam or not. It is doing its work. It is. There are no false positives. It is working perfectly.

Email service is one of the services that we offer at Galaxy. ESA has improved our business. Our customers want to maintain their business with us for email security. We have over 500 domains on our email platform. It has improved our profitability in everything.

It's cut down quite a bit on the amount of false-positive spam that we get. The spam engine that's utilized by CES, we found to be pretty effective. It's rare that things end up in a quarantine when they aren't supposed to be there, which is very beneficial. I believe that was one of the reasons that we moved from the previous hosted solution that we were utilizing to CES.

Cisco Secure Email has helped free up our IT staff for other projects because the product is so stable, and you don't have to spend so much time with the administration of the product. You free up time because you don't need to set up so many functions. Some of the functions are out of the box, and they just work.

It has had an impact on the awareness of the employees. Previously, a lot of employees were complaining about junk emails, phishing, etc. After using Cisco Secure Email, spam, and other things have been reduced drastically. I'm not sure how it filters them out, but it just learns based on the email subject and other factors. It just filters them and sends them to the junk box. There is an add-on, and if you think that an email is suspicious, you just add it to the add-on or move it to the junk box.

It saves time. Previously, we had to filter the emails and see which ones are junk and if it has been reported or not. There was a daily checking of the mailboxes to see what was going on and what had been blocked, but with Cisco Secure Email, all of that is just in one tab. You see all the emails that have been blocked and the reason they have been blocked. It saves a lot of time for us. It does the job that we need it to do. 

Users are getting a lot fewer malicious and nuisance messages. When we moved to the cloud product, we added in a service for graymail unsubscribe which we didn't have before. That makes it very easy for people to safely unsubscribe from mailing lists, especially the sort that they have been added to without knowing what the company is. That has reduced the amount of time users waste going through that process and the amount of time IT has to spend responding to questions about what they can do about things like that. In general, it's enabled us to spend less time addressing user issues regarding junk mail. It has also been better about not blocking legitimate messages, which again comes down to saving time for both users and IT.

The migration from the on-prem email security to its cloud email security saved us money, versus where we would have been if we had kept the on-prem with them. Versus the Microsoft service, it was basically a wash. But compared to Cisco's on-prem service, the cost is the same, but you don't have to pay for the hardware and you don't have to maintain the system, as far as upgrades and hardware failures are concerned. It is cheaper to operate on their cloud service than it is to operate with their on-prem service. The hardware savings are from whatever level of hardware we ended up not having to buy. If we had stayed on-prem with it, we would have needed to buy two new appliances that year, appliances which would have cost $10,000 or $12,000. I don't have a good figure on how much manpower we spent maintaining upgrades with the on-prem. It wasn't huge, but we probably save an hour a month, on average, on maintenance.

For maintenance, it depends on what's going on, but there may be a few hours a month for reviewing, reporting, and for addressing any user issues. User issues mainly revolve around things like, "Okay, the user hasn't gotten an email from so-and-so. Check and see whether or not they've got it." But as far as actually maintaining it, to ensure it keeps functioning, it's pretty minimal; maybe an hour a month. The people who handle the maintenance are from our infrastructure group, which is a combination of systems and network functions.

We didn't have an email gateway initially. As spam was ramping up, the junk was getting through. So, we needed a gateway. We then worked with a local company who sold us this product and some training as well as how to get it up and running, configuring it. Over the years, they have been constantly changing it.

At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage.

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

We already used this system on-premise. So there is no real difference except for the encryption plugin that is used. That's beneficial value. You also don't need to invest in physical hardware, location, and physical connections, and an on-premise data center.

The added value of it is that every migration to a new version is initiated by the Cisco personnel, so that is a bunch of work that you don't have to do on the Cisco ESA system on-premise. As it becomes a SAAS-platform, you don't need to invest anything in your own data center or in your upgrade path. 

There was no downtime involved in the migration from Cisco's on-premise to the Cloud Secure Email. It was important to have this business continuity going on and not to lose any emails. We have implemented everything first in a test environment. We had the test Cisco CES in the cloud together with the test exchange system and so forth. Such a smooth transition was possible because we could test everything in a test environment.

If you have the knowledge of the Cisco on-premise solution, it was more like a copy-paste of the settings on the Cisco cloud solution. So the learning curve is rather low if you have the knowledge already of the Cisco system on-premise.

The pricing is more or less the same, but you have to take into consideration all the work that the people have to do. If they need to patch the new system, if they need to do the patching cycle on the ESA itself, and so forth, that's where the money goes.

It's not out-of-pocket money that you gain, but you gain time from people to focus on other systems.

With Talos threat intelligence we are protected. I cannot guarantee, 100 percent, that the protection will always be there because something new can appear on the market, something that Talos doesn't know, but we are confident that Talos assures us of all the security we need. We are happy to be using it.

We have customers who was looking at our product catalog, what we offer, and they said, "I don't need the email security appliance because at my company things are secure without that." The prices are quite expensive for the security appliance and the customer wanted to manage his business without it. After some weeks, we get a feedback from the same customer that the malware is already in his company and now all the data are compromised." After that, the customer chose to buy this email security appliance because his security was as important as anything else. We have more examples like that, that have happened in the last year. You are never secure without some solution from Cisco.

When it comes to preventing downtime, the Cisco Security Email appliance protects our customers so that they don't lose their information and can continue working. I am sure that many of our customers have been attacked with ransomware and with malware and this solution protects them.

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

Less spam means more productivity; less time is wasted, helping both users and the security team.

It means less malicious email, fewer interruptions, and less risk. It actually circumvents malicious emails; rather than getting to the users, the users don't see them. End of story. There's a risk without it. The user might get the email and might click on the link. Once that happens, they are toast, as is the network.

The number of malicious emails it blocks differs from one company to another. It depends on the volume of email they get. I would say on average, depending on how many users there are, it could block 1,000 emails a day.

This product has made my messaging platform more secure. it contain and extended security feature ,policy rules for filtering , and multiple engine for scaning add to that encription , security is very important for critical business with data inhouse.

We faced a targeted attack. Most of our customers were targeted, but no one got the email. It was quarantined by Cisco. That is why we are still using Cisco.

Before we had Cisco Secure Email Gateway, so we had more spam emails. In fact, we had some other solutions in place, but there was more spam going to the Exchange Server when we compare between we didn't have Cisco Secure Email Gateway deployed and when we deployed it. We cannot say it's 100 percent, but we're covered for 90 to 95 percent of spam. No spam is going to the user right now.

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

Because we can customize policies with it, we have good documentation.

We're now protected against spam emails.

We need to differentiate among users with specific boundaries. Some users have full access and some users only have limited access. That is what we are using it for.

It saves a lot of time wasting. For example, phishing attacks distract a user's attention, and forged emails waste a lot of time. A user can lose data. This solution helps protect user data.

The system enables end users to manage their own whitelists/blacklists and provides our service desk with the means to troubleshoot email delivery issues with ease.

I have been able to help customers improve their email security, both new customers purchasing Cisco Secure Email Gateway, as well as long-time users. 

We used to get emails with viruses that would impact the business or we would get emails with malware. We were able to scan the email and clear it or block emails with viruses. That was the business justification. On a weekly basis, it was blocking about 2,000 or 2,500 emails.

It protects you, it protects your network, it protects you from phishing emails and malicious content and the like.