Cisco Email Security Room for Improvement

Phillip Collins
Sr Infrastructure Engineer at Delta Plastics of the South
When it comes to phishing, I would not give this appliance a perfect score by any means. It's hard to get a perfect score on phishing with any solution. But typically, in a phishing email, they try to use a name everybody's going to recognize, like the CEO's name or the CFO's name. They might spell it wrong, but they will try to get your attention so that you'll do something. With this appliance, the way it's designed at the moment, for us to really stop that with any level of confidence, we have to build a dictionary of all the names of the people we want it to check, and all the ways they could be spelled. My name would be in there as Phillip Collins, Phillip D. Collins, Phillip Dean Collins, Phil Collins, Phil D. Collins. There could be eight or 10 variations of my name that we'd have to put in the dictionary. There's no artificial intelligence to say "Phil Collins" could be all these other things, and to stop phishing from coming through in that way. It is stopping a lot of phishing when we do use that dictionary. We essentially let the email come in, but we put a header at the top, in red, telling the user to be very careful, this may not be a real email, and let the user decide at that point, because it's looking at whether or not it came from a domain outside our domains. If I have to send myself an email from my personal domain at home, it has my name in it, Phillip Collins. We want it to notice that Phillip Collins is a name that's in the company directory, but it's not coming from one of our domains. We want the user to understand that that is how they get around it. Phishing emails will come from the attacker's own email address, but they will set the display name, what you'll see, as something familiar. That's why I wouldn't give it anywhere near a perfect score, because the artificial intelligence just isn't there yet. You have to manually put these things. As you have people come and go in your organizations, you have to decide if you want these people in that dictionary or not. If they leave then you've got to take them out. There's a lot of work to doing that with this solution at the moment. Another minor thing is the interface that you work with as an administrator. It is not as intuitive as I would like it to be. It's all there, if you understand what you're doing; what email is doing and how you detect certain things. It is not difficult at all to work with, but it could be more intuitive for somebody starting out. Finally, they separate the email security appliance from the reporting appliance. It's the ESA and the SMA; they are two separate appliances. The reporting appliance just gets information from the email security appliance and helps you formulate reports. To me, that should all be one. It doesn't bother me that it's not, but sometimes I have to think, "Do I need to go to this appliance or this appliance to get that information?" It should all be in one place, but those are minor things. View full review »
Andrew Fisher
Digital Program Manager at a healthcare company with 10,001+ employees
I would like more functionality and how to use it for Level 2 type staff. The biggest issue is it needs to be easier to use and navigate. I know there are a lot more documents in the later versions about how to do things. This is a great improvement from a few years ago when you would have to call a tech to get them to assist you, which they're more than happy to do, but now there are a lot more how-to guides. If they could continue to do that, then it would make the product even more usable. Also, it needs more detail/documentation around what different features do. That would be valuable for the product. That way, when you do have lower level staff who are using it, they will actually know what it can do, e.g., having help icons for each section, and even each setting, does make it easier for the users. As they can click on the question mark for that setting, then they can then see what it does or have it take them to a how-to page on what it does. The reporting could be improved, especially at a senior management level. The reporting side of things is a big component of what people, especially executives, want to see. In that way, it can justify its use ongoing. The executives want to know the volume of traffic that it's stopping. While users have to deal with the potential loss of income and hours. With reporting, it becomes a no-brainer. It's one of those things on an IT budget that you need to have. View full review »
Informate83d
Information Security Analyst at a healthcare company
We find bugs, just like anyone else. We bring them to Cisco's attention. If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult. But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment. There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful. View full review »
Learn what your peers think about Cisco Email Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,141 professionals have used our research since 2012.
Security Officer
Regional ICT Security Officer EMEA at a energy/utilities company with 10,001+ employees
We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. View full review »
HeadOfSe948f
Security Engineer at a energy/utilities company with 201-500 employees
Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated. The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working. While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc. View full review »
John Agunbiade
Network Security Engineer at a tech services company with 11-50 employees
There were a couple of access issues. Also, they need to keep their intelligence top-notch. I remember a particular phishing email that came through to my then-CEO. So they could improve on their intelligence. View full review »
Gaurav Shakya
Information Security Administrator at a tech vendor
They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters. They can definitely work more on that. They can also work on the updating of the appliance. We had to do it once, when I was part of the engineering team. We had to update to a later version. It was complicated for me. I had to follow the instructions without understanding anything. Maybe there was pressure that caused me to not and understand them properly, but it was still complicated. The documentation was not there when we tried to update it. It may also have been due to my lack of experience. If I had done it twice or three times, I might have become accustomed to it and have done it more easily. View full review »
MichaelLawrence
Network Security Engineer at Konga Online Shopping Ltd
One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions. I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the ESA in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor. Also, if ESA and WSA could be brought together, it would make a better appliance, one wholesome appliance. View full review »
Ed Dallal
Founder, CEO, & President at Krystal Sekurity
The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user. The solution has flexibility. I think they are working on improving it as we speak. They're responsive to the feedback we give. View full review »
Keith Kroslow
Senior Email Engineer at a legal firm with 1,001-5,000 employees
On their roapmap, they are looking to integrate with different cloud features, like Office 365. I would like them to add some clustering or high availability features. View full review »
Mir Mustafa Ali
Network Engineer at a hospitality company with 10,001+ employees
I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side. Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now. View full review »
Muhammad Qureshi
Network Security Consulting Engineer at a manufacturing company
We would like to see more options for the customization of content filters. View full review »
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services. Some vendors, like Fortinet, have this feature in their firewalls, the FortiSandbox. View full review »
Syed A. Raheem
Group Head of Cyber Security at a transportation company with 10,001+ employees
The configuration UI should be made more intuitive. Currently, it takes a while to understand how to do the basic configurations. In terms additional features, I would like to see customization of reports and dashboards. View full review »
Sofiane Medhkour
Head System /Solution Architect at sorfert
With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it. View full review »
Setu Bandhan Saha
System Administrator at a financial services firm with 1,001-5,000 employees
There should be some type of help section that can help us configure clients' emails. Sometimes, we just need to customize the quality. The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI. It's very difficult to configure at that time. View full review »
Enrique Diaz Jolly
Principal Consultant, Engineer, Owner at Jolly Security Inc
The reporting functionality needs to be improved. View full review »
Learn what your peers think about Cisco Email Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,141 professionals have used our research since 2012.