We just raised a $30M Series A: Read our story

Cisco SecureX OverviewUNIXBusinessApplication

Cisco SecureX is the #3 ranked solution in our list of XDR Security products. It is most often compared to Cortex XDR by Palo Alto Networks: Cisco SecureX vs Cortex XDR by Palo Alto Networks

What is Cisco SecureX?

SecureX is a cloud-native, built-in platform experience that connects our Cisco Secure portfolio and your infrastructure. It is integrated and open for simplicity, unified in one location for visibility, and maximizes operational efficiency with automated workflows. Radically reduce threat dwell time and human-powered tasks to stay compliant and counter attacks.

Cisco SecureX Buyer's Guide

Download the Cisco SecureX Buyer's Guide including reviews and more. Updated: October 2021

Cisco SecureX Customers

NHS, Rackspace, UNC Pembroke, University of North Carolina at Charlotte, Missing Piece

Cisco SecureX Video

Pricing Advice

What users are saying about Cisco SecureX pricing:
  • "For the value you get, the pricing of the solution is excellent."
  • "You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending."
  • "The pricing is competitive, especially for education institutions. Licensing can be a little bit difficult to navigate, especially with resellers with Cisco, but for us it has been pretty easy."
  • "The product is absolutely free to any customer. As such, the only thing one must keep in mind is that as long as he already has one Cisco security product, irregardless of what that product is, SecureX is available for free."

Cisco SecureX Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Wouter Hindriks
Technical Team Lead Network & Security at Missing Piece BV
Real User
Top 5Leaderboard
Combines multiple sources of security intelligence, making it easy to correlate events in our environment with those outside of it

Pros and Cons

  • "SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together."
  • "The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult."

What is our primary use case?

We have a total of about 150 customers with about 6,500 users and we handle their IT. There are 300 sites all over the Netherlands from which we get all the intel and we feed it into SecureX. It's our central point where we collect everything very easily. When we see something happening we can take the security feed, look at the event in an organization, and SecureX shows us what's going on. It helps us analyze and understand things.

All the security solutions such as firewalls, email security, web security, endpoint security, and antivirus report into SecureX where we have a dashboard that shows everything that is happening.

How has it helped my organization?

The orchestration allows us to say, "Well, if this happens here, then we should take an automated action." For example, if an email is received on a machine and malware is being executed, it can be put into lockdown mode. It should only be accessible by the investigators. It cannot connect with any other resources within the company anymore. It cannot send or receive any files. SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together.

We're seeing and correlating things that we never expected to be able to put together. Before we had the SecureX dashboard, which ties everything together, we would have logs on some computer, or logs on a different system with timestamps. We would have to input search commands to see if there was anything happening on one machine that was also happening on another machine, or if there was anything happening in the firewall that was also happening with email.

We're also doing things with SecureX now that I didn't think were possible two years ago. The fact that you can have a single solution that combines endpoint intelligence with email intelligence, firewalls, and publicly available intelligence is really helpful. I didn't expect there to be a product in which you can so easily change between the different parts of your security with a single click, allowing you to go from publicly available security intelligence into, "How's it looking in my environment?" 

We can do things within seconds, things which we wouldn't even have thought about doing two years ago, just because we didn't think there would be anyone combining the different sources of information together and making it easy to correlate between what's happening in the rest of the world and what's happening within our environments.

Also, SecureX provides us with contextual awareness throughout our security ecosystem.

Before SecureX, things that were not possible, or that would take days, now literally take seconds to find out. 

You can also see not only what kind of malware you have, but what kind of damage or what kind of tech you're looking at. You can very easily see if there is somebody who is trying to find out if there's anything open or if it is somebody who has already established access and is trying to escalate from a user account to the administrator account. You can even focus on these kinds of privilege-escalation attacks and make other issues a second priority.

In addition, like every company, we have to deal with compliance. We have a compliance officer, but normally the compliance officer would not have access to the firewall logs, the email security appliance, endpoint security, etc. But he still has to get all the compliance information out of them, including details such as how are we doing, how many threats we are capturing, etc. I gave our compliance officer access to the SecureX dashboards and now, without having to log in to any of our security appliances, he has a live dashboard with an overview of what's going on. How many incidents? How have they been resolved? How much malware was seen within the company? What kind of compromises were there? Were they critical, high, medium, or low?

He can look at everything himself without him having to ask for me to create a report and without having to have access to the files themselves. He has a dashboard and can say, "I want to see the last week, last month, etc." He gets all the widgets and all the information for whatever period he wants. He can use that within his report to show the auditors how we're dealing with our security. Without any reporting, without emailing back and forth, he gets access to the live information. That's something I wasn't expecting and it has proven to be very valuable. He cannot mess anything up, however, he still has access to the live data on the entire network.

What is most valuable?

For me, the most valuable feature is the overview: seeing hundreds of sites and thousands of endpoints; everything in a single dashboard.

It can show me spam attacks, phishing attacks, malicious file transfers on our firewalls, and malicious activity on our endpoints. In addition to all the security solutions it takes in, you can add in other websites and services as well.

Threat-hunting is a specific module within SecureX. You can say, "I want to know what's been happening within my organization. I'm seeing some activity here and I want to know if this machine, which is doing something strange, has been in contact with any other suspicious machines. Has it been receiving any suspicious email? What's going on?" It can really dig into any indication you have within your network.

It also provides automatic messaging. For example, if there's malware activity, it will be automatically matched to a certain category of malware saying, "This is credential access,” or “This is a discovery,” or “This is the exfiltration of data,” or “This is privilege escalation."

There is also the possibility of integrating feeds from different products. SecureX will not only work with Cisco products, but you can also put in different kinds of feeds if you have a different type of firewall or antivirus, for example.You can get the same intel within the same dashboard. You don't need to have only Cisco products. 

SecureX integration between Cisco products and third-party solutions is very valuable due to the fact that you get the security feeds and everything on the internet. If you want to know, for example, if something is Orion malware, it will say, "Hey, I have this webpage showing me indicators of compromise. It gives me a button within my browser and I can check whatever is on this page against my live environment. If there's anything on any webpage saying, "You should pay attention to this, or you should be aware of these malicious files," with a single click I can check them against my environment. The intel you get and the different products all generate output. And you can use the toolbar within your browser to make it very easy to put anything you find into SecureX.

The ribbon feature is quite useful. The solution is great at helping you maintain context around incidents as you navigate different consoles. It's immensely valuable due to the fact that, as you navigate between products and between pages, the ribbon stays with you. I can open a case there and I can also share it with my colleagues. We're back in lockdown again here in Europe, so everybody's working from home again. I can start an investigation on my machine and share it with my colleague. He can work on the same stuff and he can add to the case. You can very easily scale up your investigation. All the notes you've been taking, all the indicators you've collected, all the interesting stuff you've noticed are logged within the ribbon and available for your colleagues to work on as well. You don't have to email back and forth saying, "I found this. Hey, did you see that?" It's all there. You can cooperate on the same issue.

It saves you a lot of time investigating. It will not just show you what's happening within your environment but also what's happening in the rest of the world. If I'm seeing a file for the first time, it's very unlikely it's the first time in the world this file has ever been scanned. I can check if it has been scanned in other antivirus engines and what they think about the file. There is the integration with the service called VirusTotal. It has about 60 or 80 different engines. If I'm seeing a file and not sure about it, with a single click I can get the opinion of 60 different antivirus products on that file to show me what the rest of the world thinks about it.

What needs improvement?

The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult. 

What would be really helpful is some sort of library from which you could pull out prefabricated actions. The tools are there to build your own, but it would be nice if there were a library saying, "If you have this and you want to do this, there's some prebuilt stuff here which you can tailor to your own environment." Right now, it's mostly a blank canvas saying, "Take whatever input you want and program your own response."

For how long have I used the solution?

We've been using the solution for almost a year.

What do I think about the stability of the solution?

We've had zero issues. It's always available. There are no gaps in monitoring and no downtime.

What do I think about the scalability of the solution?

If there are any limits, we haven't been able to find them yet. We have hundreds of sites reporting into it and I'm not seeing any limits, slowdown, or scalability issues.

How are customer service and technical support?

I've only used the support resources during setup. There have been no issues or incidents for support so far.

That said, looking at the videos and the manuals they have, etc., there's a lot of support available to get you started. Due to the fact that it's a free add-on if you have any Cisco security products, there is no investment except for a bit of time to get it running.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

The solution's initial setup was very straightforward. It's an online service. You log in with your credentials and on the left-hand side you say, "I have this product, let me integrate." There's a guided setup that's pretty step-by-step. Then, you just go to the next component you want to integrate. It's a guided configuration.

In terms of deployment, the first integration was done within 15 minutes. With the extras we put in it was, let's say, an afternoon of work. It took maybe two or three hours to get everything set up, including all the users, and to get everything integrated and all the dashboards configured.

In terms of maintenance, we have about six people from the security team involved.

What about the implementation team?

I handled the implementation myself. I did not need the assistance of a Cisco consultant.

What was our ROI?

We've reduced our workload by 20 to 30 percent just from being able to focus on the important things, as this product really does a lot of the grunt work for you. It has really increased the efficiency of the organization's security operations.

For example, if you see something and say, "This should be blocked," or "this is malicious," with SecureX, it will not only automatically block it on endpoint security, but it will also stop the malicious file from being sent or received via email. It will also stop the file from being downloaded or uploaded. That way, if I have a malicious attachment on a laptop somewhere, SecureX will block it everywhere, and it will also protect the users on the WiFi because the firewall, which is between them and the internet, will block it. I can protect devices such as guest devices in the guest WiFi, devices I don't have access to, because I have visibility of all the endpoints with a single click. It's 360-degree protection.

Without the integration, I would have to say, “Well, this email has a malicious attachment, and now I have to worry about it on 300 different firewalls. I have to put in a rule to block this attachment everywhere.” We'd need dozens of people working on that. Now, it's a simple mouse click.

On top of that, we're 50 to 70 percent more efficient in investigations. It really saves a huge amount of manual checking.

It has probably saved our compliance officer 10 percent of his time as well.

What's my experience with pricing, setup cost, and licensing?

For the value you get, the pricing of the solution is excellent.

Which other solutions did I evaluate?

We didn't evaluate other options. There's really nothing with this type of huge scope. There were some basic logging solutions and some other incident response stuff, however, there was nothing that covers your entire security apparatus.

What other advice do I have?

We haven't worked on automating all the manual processes in our security operations yet. We want to implement more of them, however, we're still looking into the details. This year we'll be starting to use the orchestration feature. That way, an end-user can forward an email and it will automatically be checked and he'll get a report back. Those are the kinds of automations we'll start using this year.

You only need two or three hours to get everything set up, to put things into it, and to see how it works, with zero impact onsite. You don't need any extra resources. There's nothing fancy to configure. It's very easy to integrate. I'd advise companies to try it and just see how it becomes the dashboard for your entire security operation.

I would rate this product at a nine out of ten due to the fact that the orchestration piece is a bit difficult. That said, everything else, especially for the price, is unbeatable.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Michal Sabat
Infrastructure Engineer at a media company with 10,001+ employees
Real User
Top 5Leaderboard
Brings all our data into a central point and shows us many data connections between multiple environments

Pros and Cons

  • "Using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices."
  • "I'm not sure that I would call it a bug, but sometimes the solution is a little slow."

What is our primary use case?

We use it to track our emails and to secure our endpoints. SecureX is a really big tool. If somebody tries to attack us with a virus, SecureX helps us to find that email quickly. Our staff members use laptops, computers, and other devices, but they don't have a lot of knowledge about the whole "IT war." There have been viruses and SecureX has enabled us to protect those users, and our systems and components as well. We have used it to solve spam and phishing attacks that are really popular these days. In our company we have over 20,000 users, so you can imagine how many emails we have on a daily basis. That is a really good example of what we can do really easily with SecureX.

Are you using multiple products from this vendor?

We use multiple Cisco tools within our environment. We use network solutions, products like switches, access points, routers. We also use many Cisco phones. For network solutions we use Cisco ISE and Cisco Prime. As the telephone system, we use Cisco CUCM, Cisco Unified CallManager, integrated with the Cisco Unity system for voicemail boxes. We also use Cisco Contact Center for our help desk and our employee services lines. We also provide systems to our customers. We have many government clinics. For communication, we use Cisco Webex Teams and Cisco meeting systems for video and call communications. We also use Cisco as a design solution.

Using multiple products from the same vendor is really nice and useful because many of Cisco's products are integrated. For example, we have that Cisco CallManager system which allows us to provide phone solutions for our users and that has really good integration with Webex Teams, the video conferencing platform. With the integration, we are able to provide standard phone PSTN features to our Webex Teams users. That is really great.

Using multiple solutions from one vendor saves our company time and money. With all the integrations, we also get really great support from Cisco because if you have, for example, a problem with integration between the systems there is just one company responsible for getting things right. A couple of times, in the past, I worked with two or three vendors, asking for support. We had some issues with integration and it is hard work to get good support from a couple of vendors at the same time.

Also, there have been a couple of times when I had to order physical devices and, working with Cisco, we got some better prices. Being a really big customer of Cisco allows you to also get preferred pricing.

The native integration between Cisco's products is really good because Cisco has solutions for almost every part of IT. There is a managed solution for network and unified communication. Integration between all these systems is really simple because Cisco has really good documentation. And if you need any help, you don't understand something, you are able to ask the great support.

To keep everything very simple, we use a solution provided wholly by Cisco. We grabbed SecureX from them and the cloud from them. That allows us to have better support because it's from one provider. If you have an issue with the system from Cisco, and the whole solution is based on Cisco products, the support can be moved from one team to another.

How has it helped my organization?

SecureX provides many measurements and has a really good dashboard. Working with it you are able to see things very clearly and you have every detail on a single display. That saves us money and time. There have been times when there have been 1,500 attacks per day. In a big company like ours, many employees are fired or leave the company and many have used the company email address for subscriptions or for personal usage and that also provides an opening for many attacks. These email addresses end up being used by fraud guys who try to get more information about the company. A couple of years ago we had a really bad situation related to something like that.

It brings all our data into a central point. It also shows us many data connections between many of our environments.

When it comes to investigation tasks, SecureX saves us time. SecureX gives you really good information about potential risks. You are able to find the source of a risk, a potential risk from a user or a machine. I can't tell you how much time it saves, but it's a really good tool that provides you many models that make your work easier and faster.

What is most valuable?

With SecureX you can see unusual activity and get more information about the machine or user involved. It provides you with more information about how to sort it out. That's a really important part of security, that you can protect your own network from unauthorized access.

In addition, using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices.

Contextual awareness is also a really good part of SecureX. It works with many areas and, with one tool, you have good visibility into many areas that you manage. That is a really good feature.

What needs improvement?

The automation process with SecureX could be simpler. When we started to use it that was not the easiest part for us.

Sometimes it's a little slow so that is also something Cisco should check. 

They should also work on the reporting.

For how long have I used the solution?

We have been using SecureX for about two and a half years.

What do I think about the stability of the solution?

I'm not sure that I would call it a bug, but sometimes the solution is a little slow. But there is no other issue aside from that. Many bugs that we noticed were related to configuration changes made on our end, so we couldn't say they were system bugs. 

Anytime we are notified about patches and upgrades, we try to upgrade SecureX as soon as possible. There may, potentially, be some bugs, but Cisco also works to improve on its products. In my eight years working on Cisco products, I found one new bug in a Cisco product and I got an email from them: "Hi, Michal. You've found a bug. Thanks for that. You are the first person." But that was only once, and not in SecureX.

What do I think about the scalability of the solution?

It's a really good solution and I haven't seen any limitations. 

How are customer service and technical support?

I have worked with Cisco systems and products for over eight years and I have never had any issues with their support. You can open a TAC case in many ways: through your email or their support portal. And if you open a ticket with them, the engineer is assigned to your case in 30 minutes or so. With Microsoft, I had to wait one or two days. So Cisco support is really nice. If you need help with a problem, you will definitely get fast help. I only have good things to say about Cisco support.

Which solution did I use previously and why did I switch?

I joined the team at the beginning of using SecureX and, to my knowledge, we didn't have anything like it. We had some really old systems and we replaced a couple of things provided by really small companies by using SecureX. Most of the things we replaced were created by our programming team, but these apps were only for our internal usage.

How was the initial setup?

The initial setup was straightforward. SecureX is online. When you get your credentials to access the system, that is the only thing that you need. Just log in and start the integration with your environment. It's really simple. In the beginning we went through some manuals and documentation that we got from Cisco.

We needed something like 45 minutes, maybe an hour, to run the initial setup. That was really fast. For sure, we had to spend more time after that, but the initial setup is really easy.

Cisco has really good documentation about the product. For the last year, I worked on the Teams integration with our phone system. We immigrated from Skype for Business on-prem to Teams because we had many issues. Microsoft was not a good source of information or documentation so I had to ask their support to explain many things. The documentation Microsoft provided was really bad. By comparison, Cisco really has an advantage in this area. They have really good documentation about everything, as well as support.

In our company and in our team, we don't have roles divided into administrators and others. We are working as a security team and we try to obtain knowledge about all our systems. SecureX was implemented by me and one other guy, but after that we provided the rest of the team some training and shared our knowledge with them. We manage all our systems and help our end-users with them.

What's my experience with pricing, setup cost, and licensing?

The cost has been good for us. We know the Cisco license and it is good for us. We pay for a really good solution, and that is the most important thing for us. You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending.

Which other solutions did I evaluate?

I don't think the company evaluated other options. We didn't talk about doing so in our team. Those things were handled by our leaders, based on the experience of many teams. In IT we have many teams that are responsible for many parts of our IT functionality. But I think the decision was made to go with SecureX because we have so many Cisco products. The thinking was: Let's ask Cisco about a solution for us, and Cisco provided it.

What other advice do I have?

The biggest lesson I've learned from using SecureX is that, before, I thought that if you have a solution that handles many things and that can be used in many areas, it could not be a good solution. Working with SecureX, I realized that I was wrong. A good company like Cisco can provide a tool that you can use in many areas, a tool that provides many solutions for many models, with many features, and it can be really good. That solution can also be integrated with many other products, not only from Cisco but from third-party companies. Working with SecureX made me realize that you can have a good solution that you can use in many areas. Before that, I was a skeptic about that.

I would rate it a 10 out of 10. Using SecureX, we can aggregate the data from all our security products. It gives us the option to automate many of our tasks that we had to do manually before. It's a really huge time saver, and not only for my department, because we can also provide many reports about usage of our systems and networks to our leaders and our managers, and show what we can do to make our security better.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about Cisco SecureX. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
Blair Anderson
Technology Director at Shawnee Heights USD #450
Real User
Top 5
Brings multiple security products together in a single pane of glass, allowing us to quickly see security on our network

Pros and Cons

  • "One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not."
  • "If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."

What is our primary use case?

We are using SecureX to protect all of our users and devices, both onsite and offsite, no matter what network they're on. We wanted a solution that would integrate across various platforms that we purchased through Cisco.

How has it helped my organization?

The biggest way we've benefited is because of COVID-19. In March, when the pandemic hit, as a school district we had to go fully remote. Obviously, we have devices that left our network for a substantial amount of time and we don't necessarily know what they were connected to, in terms of networks. Were they keeping safe? We were ready for that shift. We knew exactly what was going on with those devices, no matter where they were. SecureX has been keeping our devices safe during the pandemic. We haven't had any major threats that have come in or that have been found on our devices. That speaks to what Cisco is doing.

The fact that SecureX is built into Cisco Secure products and connects with our existing infrastructure has increased our security significantly because we use all Cisco products in our district. We have Cisco Next-Gen Firewalls and Cisco wireless controllers. What SecureX brings is that all of those can be incorporated together, and you're pulling data from all of those various systems into one pane of glass. You can really quickly see what security threats you have on your network.

With everything in one location, instead of having to open up five, six, seven, eight, or 10 different applications and look at data in them and then cross reference it, it's all in one pane so we can look at one application and see everything in one place.

It has also reduced the workload of our security team because that single pane of glass makes it easy. We don't have a dedicated security person in our department. We're a rather small IT department for the size of school district that we are, so we had to find a solution that easily gets the information we need, in a matter of seconds, because we might not always have the time to do it. And we needed something that obviously was a leader in the market share and we felt Cisco was that. SecureX has probably reduced our workload by 30 to 40 percent.

Something I've noticed, since going with Cisco security products, SecureX and all the rest, is that the number of issues on our devices has decreased substantially. Typically, in the past, we were re-imaging machines, wiping them clean and setting them up again, because they had run into issues, and that has decreased significantly. These products have allowed our users to continue to use their machines for many years without really having any threats on them.

In addition, it has saved us time when it comes to investigation tasks, again in that 30 to 40 percent range. An example of the way we've seen that reduction would be using Cisco Threat Response. If a computer has an issue, and we see some traffic or files on that computer, we can instantly investigate where that file or service has gone across our network. We can see if it went to five different computers and, if it did, we can instantly know what those five computers are. It reduces our investigation time because we don't have to go and check each machine. Cisco is going to give us a roadmap of how that malware impacted our network.

What is most valuable?

One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not.

What needs improvement?

They have released a lot lately that has continued to give us more insight into what's going on. But if they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality. It's something that we've adapted and continue to use. We see the value that it brings to us.

For how long have I used the solution?

We have been using Cisco's products for about three years.

What do I think about the stability of the solution?

It's been very reliable. It has not caused us any heartache since we've deployed it. If there is an issue, we usually get notified right away, but even those issues have not impacted our devices. For example, if they release a new software agent for the Cisco Secure Endpoint and maybe there's a known bug, they will usually recall that and let us know right away. But we've not really been impacted by any of that. 

I feel that they do a good job testing everything before it's released to the end user.

What do I think about the scalability of the solution?

The scalability is endless. We use it as a K-12 school district, but the same products can even go to a smaller school district than us, or they can go to a large corporation with thousands and thousands of users. It is meant to meet whatever needs your organization might have.

Not only that, but you have the interoperability of it, where it can be attached to a wireless controller or attached to your firewall. It's not just security at the device level. It's security of the network level as well.

How are customer service and technical support?

We have not used technical support for the SecureX stuff. That speaks highly of the quality of product, especially with all the integrations that we have going on with different devices, and all the different solutions that we've purchased from them. We have not had to create tickets for any of that.

Which solution did I use previously and why did I switch?

We've used several different solutions in the past, the typical antivirus solutions. We were not impressed with them, so when Cisco first released this we took a look into it and were impressed. We did a pilot test of it and saw that it met our needs, that it fit what we are doing here from a Cisco standpoint, and we purchased it.

How was the initial setup?

We purchased a Cisco Enterprise Agreement that contained a lot of these products. Once we got that we started with Cisco Umbrella, which is part of the SecureX platform. We got that deployed to all of our products, including PCs, Mac devices, and iPads. We have about 300 PCs, about 800 Macs, and right around 4,000 iPads on our network. For us, that was the major first step because we wanted to protect our devices no matter where they went or what network they were joined to. We have started using that as our filtering program in the district.

From there, we deployed Cisco Secure Endpoint, which was also called AMP for Endpoints at one point, but they just recently changed its name. We deployed that to all of our devices as well. It was easy to deploy. It worked with our mobile device management system. And on the iPad, we use the app that joined both Cisco Umbrella with Cisco Secure Endpoint. Integrating those was important. We can go to one system and see a lot of that traffic and get a lot of the information.

It took us a couple of weeks to deploy SecureX across our devices. It was very easy because we could push it out using various systems. The biggest one was our mobile device management system that supports Macs and iPads. We could just upload the software to that and push it out. On the PCs, because we use Active Directory here, we could do it through group policy. We might have manually touched some of the PCs, but the deployment was very fast and easy.

The only thing that I would consider as maintenance when it comes to SecureX is making sure the devices update the software as it's released. That usually happens automatically from the server, as they check in, but sometimes there's an issue with a device that prevents that. In that case we have to go out and physically do it, but you can pull records and see which ones have not updated. So there's very little maintenance from our end.

For us, everybody plays a part in it because we don't have a dedicated security team and we only have one network specialist. Aside from the network specialist using it, we have a server specialist, and all of our building technicians have access to the system and can run reports and can do investigations if they feel comfortable doing that.

What was our ROI?

Our ROI is that we've not had any serious security threats. All of our devices are pretty healthy right now. I know when I leave at the end of the day, and all of our devices are exiting our building, that they're going to be secure no matter what happens. And when they come in the next day, we're not going to have a lot of threats brought in.

What's my experience with pricing, setup cost, and licensing?

The pricing is competitive, especially for education institutions. Licensing can be a little bit difficult to navigate, especially with resellers with Cisco, but for us it has been pretty easy. We continue to grow the number of licenses that we have each year.

Which other solutions did I evaluate?

We evaluated other solutions briefly, but we saw the value that Cisco brought to the table. Because we have a small department we need to simplify our solutions so that they integrate really easily, and that means we stick with one vendor. It's easy to get a hold of support and troubleshoot issues if they do arise. That's why we put all of our eggs into one basket with Cisco.

What other advice do I have?

Meet with Cisco representatives or their reseller to get a demo of their products. Then, reach out to some clients that are using it and get their feedback on it. That will show you that it's a solution that you need to invest in.

I would give SecureX a 10 out of 10, and I really do mean that. We've had really good luck with Cisco and all of their products. It's a great all-in-one solution for us and we've been extremely happy.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Matt Back
Cyber Security Practice Lead at Eazi Security
Real User
Top 5Leaderboard
Automation saves us time and Orchestration provides a holistic view of security threats

Pros and Cons

  • "SecureX enables us to have all the threat intelligence and threat event data in one place."
  • "For us, the biggest sticking point is that the product is not being designed for multi-tenancy use at present, from an MSP perspective."
  • "what's missing right now is the multi-tenant capability."

What is our primary use case?

We are a managed service provider with a number of customers that have different Cisco security products. We utilize SecureX to give us a better, high level overview of all of those different security installations.

How has it helped my organization?

When considering how SecureX has improved our organization, things should be looked at holistically with an endeavor to see threat patterns across one's entire environment rather than individual products. We still haven't really explored the Orchestration side of the tool, but if we can start to leverage that it will help us do better with some of the security challenges that we face. Hackers use automation and this means we can only attempt to keep up if we use automation as well.

What is most valuable?

SecureX is both a security analytics product, as well as a security orchestration and remediation product. We've integrated it with a number of Cisco security technologies, though we're primarily using it for Network Analytics right now.

SecureX definitely provides us with contextual awareness throughout our security ecosystem, since it allows us to integrate multiple threat intelligence feeds, as well as multiple security appliances and platforms. This enables us to have all the threat intelligence and threat event data in one place.

The security orchestration aspects of the tool came out only about a month ago and we haven't yet moved forward with testing it. It does look like its Orchestration will prove quite powerful in terms of allowing me to have interaction with and control of all the systems. Whether this will be to create a ticket in ServiceNow, or to send security alerts to WebEx teams or something of that nature, it does look like it has some very powerful features.

What needs improvement?

This is a relatively new offering from Cisco and some time is needed for the evolutionary development of the platform. It's good that there are some third party integrations available and it would be a positive step to see more offered.

I also would like to see a full managed service provider addition to the platform. I would like to see a managed security service provider console just like there is for Cisco Umbrella and Cisco Secure Endpoint.

For how long have I used the solution?

We have been using Cisco SecureX for around three months.

What do I think about the stability of the solution?

Overall, it seems to be really stable. I have noticed that sometimes there is a slight lag between when you do an integration with an API key and when you start seeing the data. But once the data starts flowing it all seems to be quite stable.

What do I think about the scalability of the solution?

We've added multiple devices onto SecureX and this seems to be both stable and scalable. We can customize how the individual tiles are laid out, resize them, and play around with the spacing. We can have whatever we want on whichever dashboard tab we wish to create, so it provides us quite a lot of customization.

I see the Orchestration automation side of the tool as a very positive thing and one that will help us to scale as a managed service provider.

How are customer service and technical support?

We raised a couple support cases for SecureX and these were worked through and resolved.

How was the initial setup?

At the moment we're experimenting with SecureX. We will only do a full implementation for all our customers when a multi-tenant platform designed for MSPs or MSSPs becomes available hopefully sometime this year. We want to avoid creating a lot of configurations that have to be repeated later when a new platform is released. 

When it comes to the complexity of the initial setup, it depends what you're trying to do. At its basic level, integrating threat feeds or security appliances is really easy and only takes a couple of minutes to perform each task. The Orchestration automation side of the tool is a bit more complex and requires more time to understand and test. The basic side of the tool, meaning the security analytics that require you to integrate the threat intelligence feeds and then the security appliances, is really easy.

The security orchestration is a bit more difficult but not anymore so than what I would expect. What Cisco is trying to do is bridge the gap. You can either automate with programming-related skills, using Cisco's DevNet—which would require having special DevNet engineers in-house, or use Python or JSON—or you can use a SOAR tool. Although SecureX is not specifically a SOAR tool, it does have security orchestration and automation functionality. Rather than having to use specialist DevNet engineers, you can use people with more general network engineering skills or cyber security skills. You can use the tool to create workflows from the palette that is built into SecureX to create automations. It's not easy but it's easier than it would be if you had to use just Python or JSON. Cisco is definitely bridging the "skills gap" when it comes to programming. They're definitely making it easier than it would be otherwise.

We have five to six environments and most of them have at least one Firepower appliance and an email security appliance like Cisco Endpoint or Cisco Umbrella. Then we added threat intelligence feeds from VirusTotal and Have I Been Pwned. So we have enough to give us an idea of how it works, what kind of data we can see, and how we can use the tool going forward to automate.

What's my experience with pricing, setup cost, and licensing?

The product is absolutely free to any customer that already has one Cisco security product. If one only wants to make use of the security analytics, this is super easy, as set up and integration of all the security appliances can be accomplished in a couple of hours. If one wishes to undertake the Orchestration automation side of the tool, it will take a bit more effort and time to understand and test. What should be taken into account is the number of different things one wishes to automate and the level of its complexity, but this is definitely easier than having to code everything in Python.

Which other solutions did I evaluate?

We didn't conduct a detailed product evaluation between SecureX and other vendors of this kind of product. As we are a Cisco partner and customers get this product for free if they have at least one Cisco security product, it seemed to make sense to explore this because of its level of integration across the entire Cisco security product range.

What other advice do I have?

I think it's one of those things that's a "no brainer." It's a cloud service that you can turn on in two minutes and you can be up and running in an hour or so maximum, at least for the more basic side of the functionality. So I would say if you're already using one Cisco security product, it just makes sense to start using this because it increases the visibility of threats across your environment and allows you to start using automation.

The SecureX Ribbon feature integrates with a sister tool called Cisco Threat Response. This allows us to do threat hunting and build a kind of casebook from our threat hunting investigation. From what I see, it looks pretty good and it looks like it will help our business from a CyberOps perspective. We feel that SecureX Ribbon features will affect collaboration within our team or across teams. The ability to pivot between SecureX Cisco Threat Response and different Cisco security products from one location will make the business of investigating security events and threats easier.

As I have not personally evaluated similar products of SecureX, it would be difficult for me to properly rate this product on a scale of one to 10. Although I would score this product an eight, as it is very good. This takes into account that it has only been available for use for the past six months and the Orchestration feature has only come out of beta a month ago. The biggest sticking point is that the product is not being designed for multi-tenancy use at present, from an MSP perspective. If this can be resolved, the score will likely go up to a 10. Hopefully, this request will be accommodated in the next release.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate