Cisco Email Security (ESA) Initial Setup

Information Security Analyst at a healthcare company
There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do. The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today. In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was: * run in parallel * send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to * and then we staged it a little bit more. We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over. Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No. View full review »
Regional ICT Security Officer EMEA at a energy/utilities company with 10,001+ employees
The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware. This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco ESA 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed. We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries. View full review »
Security Engineer at a energy/utilities company with 201-500 employees
The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security. It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. View full review »
Find out what your peers are saying about Cisco, Proofpoint, Fortinet and others in Messaging Security. Updated: March 2020.
407,845 professionals have used our research since 2012.
John Agunbiade
Network Security Engineer at a tech services company with 11-50 employees
The deployment was quite easy. We wanted it with high-availability. It wasn't a greenfield, it was just an upgrade. The initial deployment had been done before. The GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is. It's pretty simple, a very easy-to-use GUI. If you want to buy licenses, you want to check the status of your licenses, you want to check the status of your box, you want to check the environment, it's very simple. The upgrade took me about 30 minutes for each box. It was just me involved in the upgrade. View full review »
Gaurav Shakya
Information Security Administrator at a tech vendor
In terms of updating the appliance, once we set it up, it completed by itself. It was automatic mostly, but we took one night's worth of downtime. It completed in one to two hours. There were two people involved in doing the update. We had a cluster set up, one to five devices, three in the DC and two in DR. It took only two people. For me, it was complicated. The other guy was very experienced on it. He had so much implementation experience on the appliance and he was able to guide me through it. We did the DC first and failed over to the DR. Then we failed back and did the DR. View full review »
Network Security Engineer at Konga Online Shopping Ltd
Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it. The deployment I did last was done within five to ten days. IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again. I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two. View full review »
Ed Dallal
Founder, CEO, & President at Krystal Sekurity
The initial setup is straightforward. There are two flavors. There's the cloud-based and the appliance. With the cloud-based solution you just point your email server to the IP address in the cloud. With the appliance, you just install it into your rack and connect it to the Exchange Server. The cloud deployment takes about ten to 15 minutes, and the appliance, because you have to install it, takes about 60 minutes. It requires just one person for deployment. It doesn't require anybody for maintenance. You just set it and go. View full review »
Keith Kroslow
Senior Email Engineer at a legal firm with 1,001-5,000 employees
The initial product setup was easy. However, it was a bit more complex on our side because of some of the rules that we had set up on a previous appliance, which was not Cisco. Trying to match some of those to Cisco was a little complex. We had some consultants help us out with that. Overall, it wasn't too bad. The deployment took three to five days. View full review »
Mir Mustafa Ali
Network Engineer at a hospitality company with 10,001+ employees
The initial setup was straightforward. There was nothing complicated. It doesn't take more than two engineers. When it comes to the software, if there is good coordination between a Cisco guy and an email-server guy, the two of them would be enough to implement it. It was really easy to implement. Even a newcomer joining the company could easily implement it. There is nothing complicated in the device. It can be easily implemented without headaches. View full review »
Muhammad Qureshi
Network Security Consulting Engineer at a manufacturing company
The initial setup was pretty straightforward. The basic mail policies were very easy to set up, but tuning the email flow and blocking certain things according to particular requirements takes time. The initial deployment took about a week. Our implementation strategy was not to stop the mail flow while implementing adequate security features, including Anti-Spam, AMP, and AV. Deployment and maintenance requires one engineer, maximum. View full review »
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
The setup is very straightforward. It's very simple to install. It hardly takes 30 minutes. There is a strategy for deploying, like determining how many users' emails do you want to pass through it. There is a long document, we call it High-level/Low-level deployment. And after that we, pass emails through from the Exchange Server, incoming and outgoing, to configure the kinds of emails the product should filter. A deployment requires a maximum of two people: One is a network engineer and one is an Exchange system administrator, so if he wants to he can configure rules according to his requirements. View full review »
Syed A. Raheem
Group Head of Cyber Security at a transportation company with 10,001+ employees
I cannot answer in detail about the initial setup because it was done before my tenure began. In general, it is a complex configuration. Regarding an implementation strategy, it is best to define basic policies that deal with malware and spam-blocking which apply to the whole organization and then configure specific policies for individual and departmental needs. Deployment shouldn't take more than a couple of hours for a team of two engineers. View full review »
Sofiane Medhkour
Head System /Solution Architect at sorfert
The initial setup was complex because I have two sites with physical clusters. and i made it alone during the working hour without interruption. The length of deployment will depend on the complexity of your infrastructure and your knowledge. View full review »
Setu Bandhan Saha
System Administrator at a financial services firm with 1,001-5,000 employees
The implementation is quite straightforward, but the customization can is a bit difficult. It took us three hours to implement and three to seven days to configure. Before implementing, we had to design a new program. View full review »
Find out what your peers are saying about Cisco, Proofpoint, Fortinet and others in Messaging Security. Updated: March 2020.
407,845 professionals have used our research since 2012.