We just raised a $30M Series A: Read our story

Cisco Secure Email OverviewUNIXBusinessApplication

Cisco Secure Email is #1 ranked solution in top Email Security tools. IT Central Station users give Cisco Secure Email an average rating of 8 out of 10. Cisco Secure Email is most commonly compared to Fortinet FortiMail: Cisco Secure Email vs Fortinet FortiMail.Cisco Secure Email is popular among Large Enterprise, accounting for 68% of users researching this solution on IT Central Station. The top industry researching this solution is Comms Service Provider, accounting for 27% of all views.
What is Cisco Secure Email?

Customers of all sizes face the same daunting challenge: email is simultaneously the most important business communication tool and the leading attack vector for security breaches. Cisco Email Security enables users to communicate securely and helps organizations combat Business Email Compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multilayered approach to security.

Cisco Secure Email is also known as Cisco Email Security, IronPort, Cisco Email Security, ESA, Email Security Appliances.

Cisco Secure Email Buyer's Guide

Download the Cisco Secure Email Buyer's Guide including reviews and more. Updated: October 2021

Cisco Secure Email Customers

SUNY Old Westbury, CoxHealth, City of Fullerton, Indra

Cisco Secure Email Video

Archived Cisco Secure Email Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AS
Regional ICT Security Officer EMEA at a energy/utilities company with 10,001+ employees
Real User
Customized filtering has been very effective and useful for us

Pros and Cons

  • "Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number..."
  • "We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems."

What is our primary use case?

We use it to secure our email system, to cut down on all the bad emails that we would otherwise receive. 

The reason for implementing the product was the huge increase in spam and junk mail which occurred when we were adopting these devices. There have been some changes in the way that email is delivered since then, and one or two of the major spam sources have been taken down or prosecuted or jailed. Today, we have less blanket-spam, but we have more targeted phishing emails or spear phishing.

The combination of emails with links that encourage users to give away their user login information can cause problems. When someone's account is compromised it can result in access to our global address list and access to emails that the compromised user may have sent. Therefore, they have details of the format and the style emails that our company uses. We have communication threads that they can take advantage of because they can inject their fake emails into an existing communication thread and try to fool a supplier or client into giving more information or, worst-case, giving money to the wrong person.

How has it helped my organization?

When we first had Cisco hardware, we were having significant problems in that we were getting something like 10,000 emails per device per hour. We have four devices, so if we calculate that up it was like 1,000,000 emails a day, and most of those, about 99 percent, were junk mail or spam.

We had a major problem with email, and introducing Cisco Secure Email Gateway systems was a set change for us. It reduced the number of unwanted emails by a huge factor. That has continued to be the case, from when we first got the devices, until today.

Previously, we had other email security appliances, and they were overwhelmed by the volume of email that we are receiving as a company. The introduction of the Cisco Secure Email Gateway systems had two effects for us: 

  1. They significantly reduced the number of emails that were even considered for delivery or for being accepted into our company for internal routing.
  2. It gave us another line of defense. We use the Cisco Secure Email Gateway systems as our first line of defense which we then follow up by another manufacturer's email security appliance, which gives us a second level. Subsequent to that, we've adopted another layer of email security. So we now run three layers.

What is most valuable?

Initially, the most valuable feature for us was the SenderBase Reputation, because that reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. 

Since then, customized filtering has been very effective and useful for us.

In addition, Cisco has developed the product with its Talos product. They've developed the Cisco Secure Email Gateway systems so that instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they're now providing has a lot of attraction because it helps to prevent phishing emails.

Things such as Sender Domain Reputation, which is a relatively new feature, are attractive because when there's a pop-up domain, which might be a look-alike of your own company domain, or it might be a look-alike for some other company like Microsoft, it gets a bad reputation, and the Cisco Secure Email Gateway systems will reduce the possibility of these emails delivering to the recipient's desktop.

What needs improvement?

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The system is very stable. We have had very little downtime and the system is, in general, reliable. 

We have occasionally had hardware problems because we are using an appliance-based solution, but that might change. We may consider going to virtual systems. In general, we have had a good experience with this product. The hardware, given occasional failures, has been very reliable. There is an upgrade process for keeping the system running with the most current, recommended version of AsyncOS. We have had very few problems where an upgrade has gone wrong. We've been very pleased with the solution.

What do I think about the scalability of the solution?

The scalability is good because when you have appliances such as we have, if you have the infrastructure and the available resources, you can install additional virtual appliances. From the point of view of scalability, if there were a problem with performance, it is possible to add other systems or devices, even though they are virtual, and they all fall under the same control interface. They are all a part of the same cluster so they are all relatively easy to manage.

We currently have 11,000 employees and a large number of those users hold email accounts and email addresses.

We have a 24-hour operation because our company is located in 62 countries, so we have to respond relatively quickly because email is important. We have a department that deals with IT security and likely, at a minimum, we would have six people who have the capability to work on these systems. But in reality, because the systems are very stable, we have three or four people who regularly work on them. All the people who maintain the system are currently in the same department as me and all of them are considered IT security officers. They deal with other systems as well as the email.

How are customer service and technical support?

Cisco's technical support is, perhaps, taking a different approach to the way that IronPort managed systems. Cisco tends to try and answer questions or problems by email more, initially, rather than talking to someone on the telephone. Sometimes that's not quite as good as IronPort was. 

But, in general, Cisco is good in that when we have a question they will respond quickly. But equally, because we've had these systems for several years, there is a good pool of experience in our security team so that we don't regularly have to ask questions of Cisco support.

Which solution did I use previously and why did I switch?

We switched to using IronPort because it gives us a second line of defense from spam, phishing, and all the other problem emails. One of the reasons was that there was a major spike in the number of spam and junk emails that people were sending from when we first got these systems. 

The other system that we had was suffering from performance problems because it was being overwhelmed by the volume of emails that were being delivered to Fugro. The other product was still a good product, but it didn't have the performance to handle the volume of email. With the IronPort system being used as a first line of defense, it probably would have done everything that our previous system did, and we could have just removed it from our email processing.

However, we wanted to retain the old system because it had some nice features to do with additional email filtering. Having IronPort as a first line of defense was really good, and then, it was possible to do special filtering and other email reaping on this other system. The other system could then perform at a good level because it was not being overwhelmed by the huge volume of spam, junk, etc.

How was the initial setup?

The initial setup was very straight forward. Having said that, we had a lot of experience in email systems before we set up these devices. But to get the most out of the functionality of the devices it took us some time to implement custom email filters. These were detecting targeted phishing email, although they weren't called that back in the days when we first got this type of hardware.

This was in the days before it was common to have virtualized systems. The systems we had at the time were probably the type that might have been considered by a small ISP. At the time it might have been Cisco Secure Email Gateway 310 or 320 systems. It was a long time ago. We have had those systems on contract since then. We've regularly upgraded the systems when the contract has been renewed.

We've had the systems configured in a cluster where the cluster spans more than one email gateway. Email gateways are located in different countries, so although we have different places where the email can be delivered to Fugro and from where Fugro sends email, the systems are all managed from the same interface and console, even though the systems are in different countries.

What about the implementation team?

Because we had the systems before Cisco bought IronPort, we used some assistance from the then-IronPort company for the initial set up. But our own personnel were involved in training courses, so most of the configuration was done by Fugro people.

The IronPort consultants were very good. Because the company was keen for business, they were keen to assist us. At the time, we were, perhaps, one of the more unusual cases because of the quantity of junk, spam, and other types of emails that were being sent to Fugro recipients. IronPort, at that time, was very responsive, very helpful, easy to deal with and, usually, very knowledgeable about the product.

What was our ROI?

It would be fair to say we have seen return on investment using this solution, but I'm not the person who spends the money or places the orders so I do not have detailed information on it.

Which other solutions did I evaluate?

We did evaluate other options, but it was a long time ago so I'm not sure I can remember which other options we considered.

What other advice do I have?

Having a good understanding of the product helps in the implementation process, so do some upfront training before you adopt the product. Be closely involved with Cisco support or the Cisco implementation team which will help to make sure that configuration is well adjusted and suited to your company.

I've used the product for more than ten years. Prior to that, it was IronPort. Cisco bought IronPort. We were using the IronPort products before Cisco bought them. We're currently using AsyncOS version 12.

We've used this product for so long, and we've been very happy with it, that we do not have a direct comparison against other products that are available today. That said, and accepting the fact that email security systems are not cheap, this product is still a front-runner and, combined with the new things that Cisco is doing, it has a lot of scope and capability. I would suggest this product would be about a nine, if ten is the best.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SS
Information Security Analyst at a energy/utilities company with 501-1,000 employees
Real User
While the tool does a good job of blocking malicious emails, it does have limitations with its sandboxing

Pros and Cons

  • "We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this."
  • "The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working."

What is our primary use case?

It is an anti-spam solution, and we primarily use it for email anti-spam. It removes the spam emails, and we have our own manual filters to remove unnecessary or unwanted emails. So, it is working just fine.

We have been using the solution for more than three years. We started on version 9 and are currently on version 11.1.

How has it helped my organization?

In regards to what we filter out, we don't have a lot of information. We have a small team who handles most of the software, including the email filtering and email security. 

The solution drops bad email, like the spam or emails with viruses. We are not currently doing further analysis to indicate what was really targeted, or determining if something else with generated, malicious or spam. The filtering is okay, and we don't have complaints from our customers or users, so we aren't doing any further steps.

The email processing and event logging are very detailed and valuable. They are also helpful when we troubleshoot email issues and perform email analysis, even though the logs are not structured properly.

What is most valuable?

We like the in-built features, like the email filtering based on the IP and domain. Cisco has its own blacklisted domains and IPs, which is very good. This filters around 70 percent of emails from spam, and we are seeing fewer false positives with this.

The notifications about why the emails were blocked is a good feature.

What needs improvement?

Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated.

The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working.

While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We expect 95 to 98 stability (perfection) in the product. 

We have one person doing maintenance, which is me. I handle this product along with three other security products. 

What do I think about the scalability of the solution?

We are currently utilizing all the features in the product.

We have 1100 users.

How are customer service and technical support?

The support is great. They are very fast with their responses and are very knowledgeable. Its support is available 24 hours. These things are very good.

Which solution did I use previously and why did I switch?

We did not use a solution prior to this one.

We were looking to automate most of the stuff related to email filtering, so the solution bought from IronPort (now a part of Cisco) was to reduce our workload.

How was the initial setup?

The initial setup was straightforward, but very lengthy, because it powers up most of the options from the email filtering solutions. While it is good, it will take some time to implement all the features, compared to other solutions. 

It is very simple to set up, but we decided to set it up with exceptional cases. Cisco is more flexible compared to other solution, but it could still improve, especially in the area of ruling logic and enhanced communications. With some other email security products, we can have very complex conditions which we can filter out. This is still not available with Cisco Email Security.

It takes a minimum of a month to build the setup. However, for a good set-up, it will require one year to put in place all the options in place. We had to understand how the emails flowed. 

What about the implementation team?

An implementation partner, SecureLink, helped with the setup. They did a good job and were knowledgeable in the product. But, as an implementation partner, they do not take responsibility for any failures of the product.

Cisco helps with the day-to-day. 

We set up the filtering options ourselves.

What was our ROI?

We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company.

What's my experience with pricing, setup cost, and licensing?

It is not that costly. We pay for the solution through a contractor and pay an annual fee.

Which other solutions did I evaluate?

We are currently using two different email security products, which is how we are able to identify the pros and cons of Cisco Email Security. We use a similar product called FireEye. It can detect based on sandboxing. Anything bad that it sees, it will detect. It is not based on file extension or file types. Recently, we have been able to block with it using some type of file extensions or hash.

What other advice do I have?

I would recommend to use Cisco Email Security first as your email filtering solution, but do not rely on it as your only solution. 

I like the product because it is very easy to work with or we can make it complex if we want.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Cisco Secure Email. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,424 professionals have used our research since 2012.
Muhammad Qureshi
Network Security Consulting Engineer at a manufacturing company
Real User
Multiple content filters, such as DKIM, are among the key aspects of our email security

Pros and Cons

  • "The most valuable feature is the different content filters we are using, such as DKIM."
  • "We would like to see more options for the customization of content filters."

What is our primary use case?

We have around 500 to 600 users and we use it for services like Anti-Spam, Advanced Malware Protection (AMP), and scanning. We are also using also multiple content filters, and it's working pretty well for us. In combination with Cisco Secure Email Gateway, we are using Trend Micro.

How has it helped my organization?

Before we had Cisco Secure Email Gateway, so we had more spam emails. In fact, we had some other solutions in place, but there was more spam going to the Exchange Server when we compare between we didn't have Cisco Secure Email Gateway deployed and when we deployed it. We cannot say it's 100 percent, but we're covered for 90 to 95 percent of spam. No spam is going to the user right now.

What is most valuable?

We are using almost all the features because they are necessary to protect emails. The most valuable feature is the different content filters we are using, such as DKIM. 

The Anti-Spam feature is also valuable for us because, most of the time, we notice that what is coming in is spam, and the Anti-Spam filter works very well. That's one of the features we like most.

What needs improvement?

We would like to see more options for the customization of content filters.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability of the solution is very good. They always come out with very stable versions of firmware and it has never caused any issues.

What do I think about the scalability of the solution?

Cisco Email Security is working well for us, but we currently have no plans to increase usage.

How are customer service and technical support?

Technical support is very fast to respond. They are well-trained and experienced.

Which solution did I use previously and why did I switch?

We were using Trend Micro and we are still using it now that we have Cisco Secure Email Gateway. Cisco's solution is more efficient and provides more options. For us, it also creates one more layer of security.

How was the initial setup?

The initial setup was pretty straightforward. The basic mail policies were very easy to set up, but tuning the email flow and blocking certain things according to particular requirements takes time.

The initial deployment took about a week. Our implementation strategy was not to stop the mail flow while implementing adequate security features, including Anti-Spam, AMP, and AV.

Deployment and maintenance requires one engineer, maximum.

What about the implementation team?

We used an integrator. I was not involved directly.

What's my experience with pricing, setup cost, and licensing?

Licensing is done yearly, but I am not involved with purchasing side of things.

Which other solutions did I evaluate?

Cisco Secure Email Gateway was our first choice.

What other advice do I have?

This is a great product with wonderful support. You won't have any issues.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AD
Information Security Analyst at a healthcare company
Real User
Black-listing and white-listing are highly intuitive and easy to do

Pros and Cons

  • "It has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked."
  • "It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance."

What is our primary use case?

It's our primary enterprise email gateway. It's the first stop for edge email security.

How has it helped my organization?

One of the things that I like most is that, since we do have a Cisco Enterprise agreement - we have a lot of Cisco products - we're able to consolidate reporting a lot better. Reportability is a lot more end-user accessible, or easier to acquire. The solution overall does what it does, but being able to quantify that, put it into reports that are easy to analyze, is probably the best and the largest gain that we acquired in switching.

What is most valuable?

One of the nicest things is that parts of it are highly intuitive. For instance, black-listing, white-listing, and things of that nature are very easy to do and they're very intuitive. You wouldn't even need any training to be able to perform those actions straight out-of-the-box. 

Even though it's not perfect, it has the IMS engine, Intelligent Multi-Scan engine, and it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked. Again, it's not 100 percent, but out-of-the-box I didn't have to touch it, I didn't have to tune it, I didn't have to tweak it. I believe it leverages the threat-intelligence database and does what it needs to do in making sure that the bad stuff stays out and virtually all of the good stuff makes it through.

What needs improvement?

We find bugs, just like anyone else. We bring them to Cisco's attention. 

If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult.

But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment.

There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's been stable. I don't have to do anything with my email gateways. They chug along and they do what they do. They don't always get it perfect, but I have never had one fail on me. And I've never had a problematic appliance that I'm aware of. We had Proofpoint for a lot longer, but if I were to compare the percentages, I would have to say that the stability of Cisco appliances is superior to that of our previous Proofpoint environment.

What do I think about the scalability of the solution?

We haven't had to address scalability. The umbrella IronPort is broken down into two halves: email security and web security. I haven't had to deal with the scalability of the email security at all. But since they're both under IronPort, I have had to deal with scalability on the web security end. Relying on some of that experience, my assumption is that the way it worked for the Web Security Appliances is probably pretty similar to how it works for the Cisco Secure Email Gateway. With that in mind, I can say that scalability is not an issue. It's as easy as just bringing another Cisco Secure Email Gateway into the cluster.

In terms of plans to increase usage, if you ask any enterprise they're going to tell you, "Yes, of course, we're going to grow, and as we grow we're going to use more." And the reality is, any growing enterprise is going to utilize email more and more. As the landscape morphs and changes, so do your rule sets and the features available to you on these appliances. Will we be using it more and more? Absolutely. Will it be a daily thing? Absolutely. I'm in these appliances every single day, taking a look and tuning where necessary and trying to find more efficient ways to handle the email traffic flow. It's safe to say that for any enterprise that's going to be the case.

Which solution did I use previously and why did I switch?

We were using Proofpoint and then we switched to Cisco. As I mentioned above, reportability was one of the main reasons we switched, but the biggest one was cost. If you can get an equivalent functionality for a better price it's wise to do so. That's what our primary decision came down to: We could get equivalent functionality at a lower price point.

How was the initial setup?

There were definitely parts that were straightforward. The initial bring-up of the gateways was actually cloud-hosted and was done primarily by Cisco. There were definitely aspects of it that I didn't even have to touch and it was wonderful. They just did it for me and that was great. 

When I took over administration there were aspects that were definitely easy and intuitive like the basics of being able to set blocks and set allowances when you have false-positives and false-negatives. It kept the basics simple. 

Of course, just like with any enterprise technology product, it can get as complicated as you want it to. There are a lot of granular controls that you have the ability to tune, but doing so requires more in-depth knowledge and more in-depth training and making sure you know what you're doing. Otherwise, you can end up doing things you never intended to do.

The initial bring-up, the initial switch from Proofpoint to Cisco, was pretty quick. We had a little bit of redundancy but the overlap was a couple of weeks at most. I would condense it down to about a week, because there was one week where it was mainly status updates. As far as tuning the appliances and tuning the filters go, that's an ongoing process for me. I still do that today.

In terms of implementation strategy, you want to minimize downtime, so it's important tor run in parallel for a little while. Thankfully, we had the ability to point some test traffic to the new appliances before moving the rest of the enterprise over. So it was:

  • run in parallel
  • send test traffic to the new Cisco gateway appliances, to make sure that things are flowing the way we'd expect them to 
  • and then we staged it a little bit more. 

We accept emails from multiple domains and we moved our primary domain last. We started by moving over some of the lesser-used domains to verify things were okay and then moved over the primary domain last. It was a typical implementation that most people have: Run in parallel until you verify, and then move everything over.

Regarding staff for deployment and maintenance, right now it's just me, but it's unwise to have just one. What happens if I get hit by a bus? To do this properly you would need at least two. 

In an enterprise you end up with a myriad of email hiccups. Email hiccups are one of the most common. Being on the information security team, you have to look at it in a multi-faceted way. That means I'm not just looking at the flow of data. I'm also having to analyze the contents of the data and then start to determine whether I need to dig further into it to see if this particular message possibly went to multiple recipients. That's the investigative piece. The administrative piece is a given, but then you also have an investigative piece on top of that. That can be a lot to do, it could be an overwhelming amount for a single person to try to do. That's especially true when something does happen. 

One person is probably going to be consumed with trying to do all that. Is it doable? Sure. Is it advisable? No.

What about the implementation team?

Since we are using Cisco cloud appliances, we had to have Cisco's involvement. They brought up the cloud appliances, where the initial configuration is done, and then we were the ones who started doing the final configurations, the moves and the migrations, as we entered the testing phase. We then moved more toward the final production move.

In terms of our experience with Cisco reps, I can speak on it more broadly as well, not just from a shear email-security perspective. When implementing a Cisco product, they're great in those initial stages. You get that expert help and it's a relatively smooth bring-up. For the things that go wrong, you have a Cisco person working with you who has the answer or knows who to go ping to get the answer. It's really nice.

That changes a little bit as time goes on. Once that expert is no longer helping you with your initial bring-up, then you rely more on the vendor's support matrix to get your solutions further tuned and to work out the little wrinkles as you experience them. Of course, it is universal - I haven't seen an example where this is exception - that this process is less smooth. 

As far as initial bring-up goes with Cisco, it's very smooth. Once that expert is no longer working with you on the bring-up and you run into issues and need to get help, that's less smooth. It's less smooth in that when you call any vendor's support line you get varying degrees of expertise. The same challenges are experienced with any international company where there could potentially be language barriers, based on where your call gets routed for support. That can slow the whole process down a bit.

That's just a reality of today's world, but it's workable. Unfortunately, it's a rather normal thing but there are different skillsets depending on the individual you're talking to, and then, depending on what the issue is and how complex the issue gets, your time to resolution may end up dragging out a lot longer than you had originally anticipated.

Which other solutions did I evaluate?

Our top-three choices were considering staying with Proofpoint, as well as Cisco, and Microsoft. We were looking at the bigger names.

What other advice do I have?

In retrospect, I would probably want to talk to someone like myself. I'm now using Cisco security appliances and I can see how someone like me in another agency would benefit from talking to me about: "Hey what do you see? How's it going? What have your experiences been with the product?" If you can, find someone who is actually using it and talk to them.

In addition, it really depends on where you're coming from. The learning curve is going to be there regardless, because it's a new product. But if you're coming from a smaller email security platform up to this one, the learning curve is going to be steep. You may actually want to invest the time and the money into some additional training. Don't neglect that because if you just try to rely on Cisco support you're going to notice pretty consistent slowdowns. If that's okay, then it won't be an issue. Of course, it's always okay until something urgent comes up. If you're trained up, you can handle it yourself. Nobody knows everything, but it's in your best interest to know as much as possible. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
GS
Information Security Administrator at a tech vendor
Real User
The logs, configuration, and monitoring were all key features for me

Pros and Cons

  • "There were detailed logs available. That was a seriously good feature... It turns out these were actually spoof emails that came into our environment. I got to know about them from the log system."
  • "They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters."

What is our primary use case?

We used Cisco Secure Email Gateway to filter spam. My overall experience with Cisco Secure Email Gateway was pretty good. No major issues were reported in my time. It worked fine for me.

What is most valuable?

One of the most valuable features would be the logs. There were detailed logs available. That was a seriously good feature. There were cases in which some spam mails penetrated through Cisco Secure Email Gateway; users reported that these were spam. The support was also good from Cisco. I got in touch with support and they helped us. It turns out these were actually spoof emails that came into our environment. I got to know about them from the log system. I was able to create a filter as a result.

For me, the ease of use was good. From the logs, from the configuration, from the monitoring perspectives, it was all good.

What needs improvement?

They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters. They can definitely work more on that.

They can also work on the updating of the appliance. We had to do it once, when I was part of the engineering team. We had to update to a later version. It was complicated for me. I had to follow the instructions without understanding anything. Maybe there was pressure that caused me to not and understand them properly, but it was still complicated. The documentation was not there when we tried to update it. It may also have been due to my lack of experience. If I had done it twice or three times, I might have become accustomed to it and have done it more easily.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It was very stable. My experience with that version of it was really great. Apart from the improvement needed to the filters, it was all good.

What do I think about the scalability of the solution?

We added one appliance to the platform and upgraded one to a newer version. The company did it quite easily. I was not part of that implementation, but the another guy told me that it was quite easy to do.

There were no plans to increase usage of it in that company at the time I was there. It was used by about 800 users and, since all of the users were using it and the organization was limited, everybody was already onboard. We had licenses for all of the users. It was all well designed from before. Apparently, they had to procure licenses for 200 to 300 more people, but that was after I left the organization. I didn't see what happened at that point.

How are customer service and technical support?

Technical support was really good. There were two cases where we raised priority tickets and they responded well. They even helped us on Saturdays. Support was good.

Which solution did I use previously and why did I switch?

When I got there, Cisco Secure Email Gateway was already implemented. We were only tuning it. Before my organization took over the operations for that bank, it was being taken care by someone else. I don't know what was implemented before that.

How was the initial setup?

In terms of updating the appliance, once we set it up, it completed by itself. It was automatic mostly, but we took one night's worth of downtime. It completed in one to two hours. There were two people involved in doing the update.

We had a cluster set up, one to five devices, three in the DC and two in DR. It took only two people. For me, it was complicated. The other guy was very experienced on it. He had so much implementation experience on the appliance and he was able to guide me through it.

We did the DC first and failed over to the DR. Then we failed back and did the DR.

What was our ROI?

I don't know directly, but since there was nothing major that happened, I don't think the ROI was bad. What we're looking for is value. There should be no hampering of production and there was nothing like that, so the ROI should have been good.

What other advice do I have?

Implementing it and support are good. Using it is also good. What remains is the technical expertise of the people who would be administering it. The thing you should have in mind when implementing it is that you have adequate resources, trained and skilled on this appliance so they can manage it. I was not that good. I was not that good with it at the time I started working on it. I had a few difficulties. I was lucky that nothing major happened during my time. Apart from that, the appliance itself was really good.

Considering the support and all the parameters I have talked about, I would give Cisco Secure Email Gateway a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MichaelLawrence
Network Security Engineer at Konga Online Shopping Ltd
Real User
Helped with mail filtering and load balancing between Exchange servers

Pros and Cons

  • "Users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification."
  • "One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances."

What is our primary use case?

The primary use case was for email security and load balancing between Exchange mail servers.

How has it helped my organization?

From a security standpoint, IronPort really helped with the mail filtering and load balancing between the Exchange servers they had. IronPort enabled us to blockade domains that send these emails. IronPort gave us fantastic service.

By the time I administered it, I was able to block some 25 or more domains.

What is most valuable?

The filtering is something I found very valuable. 

Also, the users were able to do a check by themselves on quarantined emails. They could check if a valid email had been stopped, if it matched up with the SPF certification. The kind of environment we ran was a kind of complex environment. For us to be in compliance with PCI DSS and ISO 27001, the users needed to implement this and we needed to know how often we got unsolicited emails and how to mitigate users being victims of spear-phishing or phishing attacks.

What needs improvement?

One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions.

I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the Cisco Secure Email Gateway in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor.

Also, if Cisco Secure Email Gateway and WSA could be brought together, it would make a better appliance, one wholesome appliance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

From my perspective, it's pretty stable. We didn't have any issues.

What do I think about the scalability of the solution?

It's scalable. In the enterprise in which I had to deploy it, there were between 500 and 1,000 users, so the scalability is quite okay. We had two Cisco Secure Email Gateway boxes and there was load balancing using Cisco ACE. The scalability is okay.

There weren't any plans to increase usage, as far as I can remember. It was used very well and they're still using it. I do interact with the current engineer now, and I don't think there has been a serious issue of late. The only issue he told me about is some outside mail is being trapped by the current site.

How are customer service and technical support?

I did contact support once or twice before I left and that was during the license regeneration. We had an issue which was more like a wrong configuration. There were some steps that needed to be taken to correct it. Support was awesome, although it took a while.

How was the initial setup?

Because I had a video walkthrough that I made use of, I found the configuration pretty easy, not so difficult. Also, the prior knowledge of my then-line manager gave me an edge, helping me with using and administrating it.

The deployment I did last was done within five to ten days.

IronPort has been in production before I got the job. They had issues because the configuration was not suited to the business. What I had to do was a clean configuration, reload it, and start the configuration all over again.

I and my line-manager were the ones who were involved. I did a larger chunk of the job. I was the only one maintaining it until I handed it over to the network engineer who took over from me. Maintenance takes one person or two.

What was our ROI?

It reduced the costs resulting from phishing attacks on the organization. That was one of the major reasons for deploying Cisco IronPort.

What's my experience with pricing, setup cost, and licensing?

There were no other costs in addition to the standard licensing fees.

What other advice do I have?

So far, so good. IronPort was fantastic. It's an awesome solution, but I don't think it's something for a small-sized organization due to the licensing cost. I think it's a great solution for email security.

I would rate Cisco Secure Email Gateway at eight out of ten because of the awesome functionality and features. The only downside with it is the knowledge about it. When I was trying to enable cloud encryption services on it, allowing you to encrypt emails to send confidential emails to a third-party, the resources on that were not that grounded and the technology was somewhat difficult to configure. The way the technology works for email encryption services is not ideal because once you send an email to someone, he has to click on a link and be redirected to a web portal, rather than having everything done on his email platform.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
John Agunbiade
Network Security Engineer at a tech services company with 11-50 employees
Consultant
Enabled us to set rules to block spam, and the user interface was easy to use

Pros and Cons

  • "The user interface was quite friendly, it was quite easy to use, unlike some other Cisco products. Anybody could use it. You don't have to be familiar with IT to be able to handle navigating it."
  • "We didn't get any malware, but a few phishing emails, maybe one or two, slipped in."

What is our primary use case?

My primary use case was email security, to protect against phishing mails, spam, malware, and viruses. 

How has it helped my organization?

We used to get emails with viruses that would impact the business or we would get emails with malware. We were able to scan the email and clear it or block emails with viruses. That was the business justification. On a weekly basis, it was blocking about 2,000 or 2,500 emails.

It protects you, it protects your network, it protects you from phishing emails and malicious content and the like.

What is most valuable?

The most valuable feature was the anti-spam feature. You could set rules to block emails based on specific words like "pornography," "sex," "guns," "violence." That was one thing I liked about it. With the anti-spam, we didn't get all those emails.

Also, Cisco was scanning our emails with their own intelligence. I liked that.

Finally, the user interface was quite friendly, it was quite easy to use, unlike some other Cisco products. Anybody could use it. You don't have to be familiar with IT to be able to handle navigating it.

What needs improvement?

There were a couple of access issues.

Also, they need to keep their intelligence top-notch. I remember a particular phishing email that came through to my then-CEO. So they could improve on their intelligence.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's quite stable. We didn't have issues because, when I think about the issues, they were from us. The two boxes were in cluster, so when the guys at the other site would start without telling us, we would get cluster error messages. Apart from that, it was fine.

What do I think about the scalability of the solution?

In terms of scalability, I'm pretty much sure we could go as high as 1,500 users.

How are customer service and technical support?

The support is great. It's one of the best, if not the best. If you have a particular issue, Cisco can SSH tunnel into your box and help you fix it. As long as we had a running contract, their response time was five minutes, tops. 

If you don't have a running contract but there is a security issue, say malware, for example, they'll respond. But if it has to do with hardware, they don't respond. They'll tell you to get a contract before they'll respond. It depends on what the issue is.

How was the initial setup?

The deployment was quite easy. We wanted it with high-availability. It wasn't a greenfield, it was just an upgrade. The initial deployment had been done before.

The GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is. It's pretty simple, a very easy-to-use GUI. If you want to buy licenses, you want to check the status of your licenses, you want to check the status of your box, you want to check the environment, it's very simple.

The upgrade took me about 30 minutes for each box. It was just me involved in the upgrade.

What was our ROI?

The ROI is about business continuity. If you get hit by malware through an email, you'll understand. Email security is a must-have; not necessarily Cisco Secure Email Gateway, but email security. It can come from any vendor, as far as I'm concerned.

What's my experience with pricing, setup cost, and licensing?

The licensing was not per user, the licensing model was per feature. You could choose anti-virus, anti-spam, etc. It was feature-based and charged yearly. Aside from the standard licensing fees, you have to pay for support.

Which other solutions did I evaluate?

After using Cisco Secure Email Gateway we used Trend Micro. The difference between them is just the vendor. There's really no difference. Same approach. It's the same technology. I would say Trend Micro is more granular. But overall, It's the same technology. I don't think one is better than the other. Who you buy from depends on marketing.

What other advice do I have?

Email security is a must-have, and as much as the cloud providers will tell you they have security, from our own experience, the vendors' security products are a bit superior. The reasons I chose Cisco Secure Email Gateway are the interface is - it's easy to use - and the support is great. Also, it's nice to have another gateway, not just the Cisco Secure Email Cloud Gateway because it has proven not to be enough.

The organization I was working in where Cisco Secure Email Gateway was implemented had about 700 staff members, roughly 700 email boxes. There were no plans to increase usage of Cisco Secure Email Gateway at that organization. The reality now is that if your emails are on O365, O365 offers you some form of Cisco Secure Email Cloud Gateway. For most organizations, they're looking for business justification to keep Cisco Secure Email Gateway when Microsoft, for example, is offering cloud protection for your mailboxes on O365. In a case like that, you really don't expand business on Cisco Secure Email Gateway. Now that mailboxes are no longer on-prem, and the cloud provider is offering you email security, the way they sell is that you cannot say have your email on the cloud without paying for cloud security. There is really not much expansion on Cisco Secure Email Gateway from a business standpoint, if your mailbox is with a cloud provider.

I would give Cisco Secure Email Gateway an eight out of ten. We didn't get any malware, but a few phishing emails, maybe one or two, slipped in. There is really no vendor, in my experience, that I would rate at ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ed Dallal
Founder, CEO, & President at Krystal Sekurity
Consultant
Adds another security layer without slowing down the business or network performance

Pros and Cons

  • "The most valuable features are protection against ransomware and spam."
  • "The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user."

What is our primary use case?

Our main deployment is for a shipping company. We're protecting their local Exchange Server and their online Exchange email.

How has it helped my organization?

It means less malicious email, fewer interruptions, and less risk. It actually circumvents malicious emails; rather than getting to the users, the users don't see them. End of story. There's a risk without it. The user might get the email and might click on the link. Once that happens, they are toast, as is the network.

The number of malicious emails it blocks differs from one company to another. It depends on the volume of email they get. I would say on average, depending on how many users there are, it could block 1,000 emails a day.

What is most valuable?

The most valuable features are protection against ransomware and spam. Those are the main two features. It also adds an additional layer to your networks. Cybersecurity isn't a comprehensive solution. You have to keep on adding layers without disrupting the flow of the business. The Cisco Secure Email Gateway does that, where it adds another layer without slowing down the business or the performance of the network.

What needs improvement?

The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user.

The solution has flexibility. I think they are working on improving it as we speak. They're responsive to the feedback we give.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's very stable. We haven't had any issues or downtime.

What do I think about the scalability of the solution?

It's very scalable, especially the cloud version. You can get up to about 100,000 users on the appliance but the cloud version is more flexible. When you do scale it up you don't see slower performance.

In the largest environment in which we've implemented it, there are 200-plus users. It's utilized by 100 percent of the users. It's not at 100 percent capacity.

How are customer service and technical support?

Their technical support is very good. We haven't had any issues. Their response is very prompt and they are very knowledgeable.

How was the initial setup?

The initial setup is straightforward. There are two flavors. There's the cloud-based and the appliance. With the cloud-based solution you just point your email server to the IP address in the cloud. With the appliance, you just install it into your rack and connect it to the Exchange Server. The cloud deployment takes about ten to 15 minutes, and the appliance, because you have to install it, takes about 60 minutes.

It requires just one person for deployment. It doesn't require anybody for maintenance. You just set it and go.

What was our ROI?

The return here is more security and fewer interruptions. It's more stability and productivity versus less productivity, although I'm not sure how you can quantify it.

It's a time-saver. If you get interrupted by ransomware or a hack, it could be costly. Every breach, just the cybersecurity breach, on average costs at least $65,000 to fix, let alone the interruption in work and retrieving data, according to industry sources. You could say that you're minimizing your costs by $65,000.

What's my experience with pricing, setup cost, and licensing?

Licensing costs depend on how many users there are. It could range between $5 and $7 per month, per user. There are no costs other than the standard licensing fees.

What other advice do I have?

There is no totally comprehensive solution in cybersecurity. I find Cisco Email Security to be comprehensive, but it's not 100 percent. There is no silver-bullet solution when it comes to cybersecurity. You better keep on adding protection layers to your network. Don't think you're not going to be a target. As a small or medium business, you will be targeted. It's so easy to get through a firewall nowadays. One layer of cybersecurity is not going to do it. You need to add two, three, four layers. 

It's just like going to the airport. The first thing you see is the check-in desk. They check who you are, that you have valid credentials, where you're going and why. Then you go through the scanners. Then you go through another layer of security. Once you get through, you're also being watched to make sure that you don't become "malicious." There are a lot of layers.

I would rate the solution at nine out of ten. What comes to mind when giving it that rating is ease of use. Just set it and go. A better UI would make it a ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Setu Bandhan Saha
System Administrator at a financial services firm with 1,001-5,000 employees
Real User
Because we can customize policies with it, we have good documentation

Pros and Cons

  • "I can customize the configuration and policies."
  • "The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI."

What is our primary use case?

It's pretty normal daily incoming and outgoing emails. We have customized policies based on our security measures using this tool to scan the emails in our inboxes. We also check all incoming emails.

How has it helped my organization?

Because we can customize policies with it, we have good documentation.

What is most valuable?

I can customize the configuration and policies.

What needs improvement?

There should be some type of help section that can help us configure clients' emails. Sometimes, we just need to customize the quality. 

The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI. 

It's very difficult to configure at that time. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I have had no complaints with the stability.

What do I think about the scalability of the solution?

The scalability is quite good. We have three administrators using it. The product is serving around 2000 to 3000 people in our environment.

How are customer service and technical support?

The technical support is quite good. Whenever I need them, I just raise a case, then someone responds. I have no complaints.

How was the initial setup?

The implementation is quite straightforward, but the customization can is a bit difficult. It took us three hours to implement and three to seven days to configure.

Before implementing, we had to design a new program.

What about the implementation team?

We had a partner who did the deployment and customization, who was very good. Also the Cisco support was there, so anything that we felt uncomfortable with, or when we could not understand policy, we just raised the case, and they helped us with it.

From our end, three to four people were involved in the deployment.

Which other solutions did I evaluate?

We are also using Sophos Email Appliance in conjunction with Cisco Email Security. We use them both together as a solution.

What other advice do I have?

Overall, it is a very good product, and I'm very happy with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
Real User
Blocks bulk marketing messages and spam

Pros and Cons

  • "It blocks bulk marketing messages, graymail, spam, and provides advanced malware protection."
  • "I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services."

What is our primary use case?

We use it for email filtering, spam filtering, for phishing attacks, malware, and forged-email detection. We also use it for outbound message control, to filter attachments that are allowed to be sent and attachments that are not allowed to be sent. It's for data loss protection.

How has it helped my organization?

It saves a lot of time wasting. For example, phishing attacks distract a user's attention, and forged emails waste a lot of time. A user can lose data. This solution helps protect user data.

What is most valuable?

It blocks

  • bulk marketing messages
  • graymail
  • spam

and provides advanced malware protection.

What needs improvement?

I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services. Some vendors, like Fortinet, have this feature in their firewalls, the FortiSandbox.

What do I think about the stability of the solution?

It's a very stable product. We hardly have any issues. Issues are mostly around license activation and the like. It's a reliable product and very popular here in the Middle East.

What do I think about the scalability of the solution?

It's scalable. A medium-sized business would go with a C370 while a small business would use a C190. We are able to migrate users from lower-level to higher-level products. Scalability is not a big issue for this product. The same configuration can run 500 users and 3,000 users.

How are customer service and technical support?

The few times we have contacted technical support we have received very good performance from them. This is one of the strong points. They have very good technical support. They provide timely responses. Technical support is very good from Cisco for every product.

How was the initial setup?

The setup is very straightforward. It's very simple to install. It hardly takes 30 minutes.

There is a strategy for deploying, like determining how many users' emails do you want to pass through it. There is a long document, we call it High-level/Low-level deployment. And after that we, pass emails through from the Exchange Server, incoming and outgoing, to configure the kinds of emails the product should filter.

A deployment requires a maximum of two people: One is a network engineer and one is an Exchange system administrator, so if he wants to he can configure rules according to his requirements.

What's my experience with pricing, setup cost, and licensing?

Pricing depends on your environment and which model you want to buy.

What other advice do I have?

You need redundancy. If you have a standalone setup there is a risk of failure. If that goes down you lose email communication.

We have deployed this product for multiple customers in the Middle East, in the UAE, particularly in Dubai. We have many customers using this product, mostly medium-sized enterprises.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
MM
Network Engineer at a hospitality company with 10,001+ employees
Real User
Integrates with Active Directory and we can limit specific users to specific applications

Pros and Cons

  • "It integrates with Active Directory and we can limit specific users to using specific applications."
  • "The hardware is not up to the mark. Two to three times a year we have complete downtime."

What is our primary use case?

We are using two security appliances. One is a web security appliance, IronPort, as well as the Cisco Secure Email Gateway. They are used for web surfing.

How has it helped my organization?

We need to differentiate among users with specific boundaries. Some users have full access and some users only have limited access. That is what we are using it for.

What is most valuable?

It integrates with Active Directory and we can limit specific users to using specific applications. 

What needs improvement?

I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side.

Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now.

For how long have I used the solution?

Three to five years.

What do I think about the scalability of the solution?

The scalability is really good for multiple users. There is no issue with the scale. We have 300 to 400 users.

How are customer service and technical support?

Technical support is really good. As far as I know, whenever we need it, they help us very well. Within half an hour or an hour of our call, we get technical support to WebEx us, depending on the situation or the issue. That's pretty quick.

How was the initial setup?

The initial setup was straightforward. There was nothing complicated. It doesn't take more than two engineers. When it comes to the software, if there is good coordination between a Cisco guy and an email-server guy, the two of them would be enough to implement it.

It was really easy to implement. Even a newcomer joining the company could easily implement it. There is nothing complicated in the device. It can be easily implemented without headaches.

What's my experience with pricing, setup cost, and licensing?

We took a three-year license. In addition to the standard licensing, there is a cost for SMARTnet as well. That is necessary because the hardware device is not stable at all. So if anything goes wrong we have two appliances to use. With SMARTnet, Cisco will send a new device within a week.

Which other solutions did I evaluate?

We are looking for a solution. We are in communication with other vendors to integrate with Email Security or to provide us a new solution.

What other advice do I have?

The Cisco Secure Email Gateway, in my opinion, is a really good device. In terms of configuration of the software, it's just click, click, and you are done. If you have redundancy then you are in safe hands. It's a very good solution for email security.

We could be changing the appliance. I have heard from someone that Cisco has released some appliances for email security. I believe we need to try this. We may change our existing device and move to a new Cisco technology. We would keep the software. We usually upgrade it based on the newest versions.

Until now, I haven't seen any breach or any attack on the Cisco Secure Email Gateway.

Overall, I would rate this solution at nine out of ten. I could give it a ten if the hardware was better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sofiane Medhkour
Head System /Solution Architect at sorfert
Real User
This product has made my on-premise messaging platform more secure

Pros and Cons

  • "Because we scan products, and there is a lot of critical data, security is very important in these cases."
  • "It sends us reports, where we can see if there have been attacks, e.g. DDoS. If so, we can switch to a clean IP."
  • "The initial setup was complex because I have two sites with physical clusters."

What is our primary use case?

i'm usining it as frontal gateway for controlling and securing the mails flows to my on-premises exchange servers

How has it helped my organization?

This product has made my messaging platform more secure. it contain and extended security feature ,policy rules for filtering , and multiple engine for scaning add to that encription , security is very important for critical business with data inhouse.

What is most valuable?

after doing a third party pentesting, they found the security at a high level regarding the messaging security part testing,and the only recommendation they gave and need improvement is adding the sendboxing, for those attack ranked at zero day attack, which can't be detected.

knowing i'm using premium licensing, i checked the Advanced Malware Protection (AMP), which is on-demand feature, i found that, this feature act like a sendboxing

What needs improvement?

With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is currently stable. I will upgrading next year, but the current version has been working great for six year.

We have two people (system administrators) performing maintenance for the system and security part for the company.

What do I think about the scalability of the solution?

Everything is fine with the scalability.

We have 400 users on this product, with two site, 2 physical appliance in one site and one physical appliance in the second site the three working as a cluster, and next year, we plan to increase our usage and move to the newer physical appliance version. because those we're using , are arriving to them end of life soon.

How are customer service and technical support?

The technical support is good.

Right now, I am paying for it, but I don't use it because the solution is stable.

Which solution did I use previously and why did I switch?

I have previously used McAfee, Kaspersky, TrendMicro, barracuda, websense.

How was the initial setup?

The initial setup was complex because I have two sites with physical clusters. and i made it alone during the working hour without interruption.

The length of deployment will depend on the complexity of your infrastructure and your knowledge.

What other advice do I have?

This product is the complete solution and the real deal.

I am using the on-premise version.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
KK
Senior Email Engineer at a legal firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
The most valuable feature is the policies or rules that you can put on it

Pros and Cons

  • "At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage."
  • "I would like them to add some clustering or high availability features."

What is our primary use case?

It is just another level of protection that we use, as far as email is concerned. We use it for different policies or as another scanning engine, e.g., on the desktop or for data coming through another email gateway.

How has it helped my organization?

At one point, there was a zero-day attack. The Cisco appliance detected it and stopped it, helping us out. We avoided the attack and potential damage.

What is most valuable?

The most valuable feature is the policies or rules that you can put on it. This definitely helps with routing specific things to different destinations within our organization, or even potentially blocking when something is coming in and out, to where you can't do this on an email server or on our other email gateway. It's just not possible.

What needs improvement?

On their roapmap, they are looking to integrate with different cloud features, like Office 365.

I would like them to add some clustering or high availability features.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is very stable. I haven't had any issues with memory or CPU. I haven't had any unstable performances from any of the appliances. Initially, we had physical appliances, then we went and upgraded to virtual appliances at some point. However, even the physical appliances were pretty stable.

I did run into one issue at one time where I had to shut something off. It was a bug, but being down for an hour or two is just two costly for our firm.

Deployment and maintenance is handled by two people (email engineers).

What do I think about the scalability of the solution?

Scalability is good. We have four appliances total clustered, two in one data center and two in the other. The ability to increase is definitely doable, and it's helpful if you need to do that.

We are a legal firm with close to 2000 employees.

How are customer service and technical support?

Technical support is definitely good. The turnaround time to speak to someone is very good, as well.

Which solution did I use previously and why did I switch?

We had another appliance (Axway MailGate) and switched because it was outdated. Also, their support model wasn't that great. They were difficult to get a hold of after six or seven in the evening.

How was the initial setup?

The initial product setup was easy. However, it was a bit more complex on our side because of some of the rules that we had set up on a previous appliance, which was not Cisco. Trying to match some of those to Cisco was a little complex. We had some consultants help us out with that. Overall, it wasn't too bad.

The deployment took three to five days.

What about the implementation team?

We worked with a partner consulting firm, Presidio, who very useful and helpful.

We did a proof of concept first off, then did a hard cut over on the weekend.

What was our ROI?

For what you get for the product, the support, and the overall stability, it is definitely a good return on investment.

What's my experience with pricing, setup cost, and licensing?

We do annual licensing for Cisco Secure Email Gateway and SMA together, and possibly SmartNet support. Packaged together, the cost is just under $38,000.

Which other solutions did I evaluate?

We looked at two or three different vendors. One of the solutions that we looked at was a virtual Linux-based appliance. We did evaluate that and a proof of concept around it. However, it wasn't as robust as Cisco, as far as features and high availability.

What other advice do I have?

Give it a chance. If you can do a proof of concept somehow to rate it against other competitors which are out there, look into it because it is a good product.

I haven't upgraded to version 12 yet.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
ITCS user
Senior Network Administrator at a tech services company
Real User
We use it to receive, send, scan, and filter our incoming and outgoing email

Pros and Cons

  • "The system enables end users to manage their own whitelists/blacklists."
  • "The system provides our service desk with the means to troubleshoot email delivery issues with ease."
  • "Administration of the email domains and custom filters are easily done via the web interface."
  • "The user interface could be updated."
  • "Better dashboards and more interactive overviews would be nice, but the current functionality is sufficient."

What is our primary use case?

The Cisco Email Security Appliance is being used as the primary email gateway for our datacenter. We use the Cisco Email Security Appliance to receive, send, scan, and filter our incoming and outgoing email.

We use the Talos Threat intelligence to filter out known 'bad' email sender. The Sophos Antivirus plugin for antivirus scanning and the DKIM signing for our outgoing mails.

How has it helped my organization?

The system enables end users to manage their own whitelists/blacklists and provides our service desk with the means to troubleshoot email delivery issues with ease.

What is most valuable?

On-box DKIM and DMARC features let us secure our email flows and reduce the risk of our domains being used for spamming.

Administration of the email domains and custom filters are easily done via the web interface.

What needs improvement?

The user interface could be updated. Better dashboards and more interactive overviews would be nice, but the current functionality is sufficient.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

The Cisco Email Security Appliance has enabled us to reduce spam by at least 30% compared to our previous solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user404388
Head of Department IT Security & Network at a energy/utilities company with 1,001-5,000 employees
Real User
We're now protected against spam emails.​ The CLI needs to be improved.

Valuable Features:

Facility of management Documentation

Improvements to My Organization:

We're now protected against spam emails.

Room for Improvement:

We use the CLI for management, but it's not very good. It's based on Java and it's very difficult to use.

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

It's very stable. We've had no issues with instability.

Scalability Issues:

The scalability has been OK.

Initial Setup:

We had to configure it, but it wasn't complex.

Valuable Features:

  • Facility of management
  • Documentation

Improvements to My Organization:

We're now protected against spam emails.

Room for Improvement:

We use the CLI for management, but it's not very good. It's based on Java and it's very difficult to use.

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

It's very stable. We've had no issues with instability.

Scalability Issues:

The scalability has been OK.

Initial Setup:

We had to configure it, but it wasn't complex.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user6381
Manager of Infrastructure at a manufacturing company with 51-200 employees
Vendor
Solid 1U appliance, but we had problems with the XML file rule not working

Valuable Features:

We chose Cisco Iron Port as it delivers strong email security protection and our company needed it to protect the company's email systems from spam, email viruses, .exe files, unwanted email from unwanted sender etc. For this, we choose Cisco Iron Port c160. Cisco Iron Port is a solid 1U appliance, no need for additional hardware, easy to plug into existing network. Email channel protection worked across the board without regard for which email client we used. When Cisco engineers became aware of the XML file rule not working as designed they immediately recorded this in their internal issues database and provided us with an issue ID. More significantly, they quickly supplied a workaround that allowed us to block XML files using a different type of rule.

Room for Improvement:

More than a few steps are required to apply rules and these are not essentially intuitive. Even though we were able to get real-time event information from the email logs, it would be nice if the higher-level journalism tools could synchronize more quickly. Price might be an obstacle for smaller networks. Need to reduce the price so that small organizations can use this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user3882
IT Administrator at a tech services company with 501-1,000 employees
Consultant
Simple to add to our network and efficient to troubleshoot

Valuable Features:

• Cost-effective since they do not require extra hardware • They are simple to plug into the available network • Protection of mail channel works well regardless of the email client used • Efficient to troubleshoot

Room for Improvement:

• Requires several actions to employ rules • It takes time to harmonize information from the email log events with higher level reporting tools

Other Advice:

Security risks presented by web-based malware, spyware and web traffic exposes organizations to compliance and productivity dangers introduced by improper usage of the web within the organization. IronPort allows visibility into the problem and an easy way to pinpoint policy offenders. It includes a user friendly interface and easy content incorporation, filtering and reporting infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user2871
Network Engineer at a university with 51-200 employees
Vendor
Cisco IronPort is a powerful device that adds more to traditional Cisco NAC appliances the capability to defend against application and operating system attacks

Valuable Features:

Our company was facing a problem of user complaints with network performance despite the fact that we used Cisco ASA and Cisco IPS. When we scanned the mail server with antivirus we found a lot of threats that couldn't be treated, so we need to use IronPort. Cisco IronPort mail security was very helpful by blocking threats, viruses, worms and Trojans from attacking the mail accounts and user PCs.

Room for Improvement:

-Added cost and delay to the network traffic, but performance did remain stable. -Requires knowledge and operation time to manage an added security device to the network devices besides IPS and ASA.

Other Advice:

Cisco IronPort is Cisco's new network access controller (NAC). Cisco IronPort email and web security products are used online with the firewall Cisco ASA and Cisco IPS to filter attacks, threats, phishing and data loss.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Email Security
Buyer's Guide
Download our free Cisco Secure Email Report and get advice and tips from experienced pros sharing their opinions.