The visibility and the fact that customers don't have to go anymore to each one of the management consoles [are the most valuable features]. They have consolidation, and that's the best value.

I like that I don't have to jump around to five different products and log into five different places to view the data that it returns.

Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process. 

Our customers also find the ability to create their own workflows using low-code capabilities to be really powerful. This powerful tool automates threat hunting. 

The two biggest things that are great about SecureX: Orchestrator and visibility. 

We initially implemented it when it was first introduced because of the visibility piece. We could look at the performance and statistics associated with our entire security portfolio. 

When they introduced Orchestrator, it was a game changer because now we can actually develop Orchestrator scripts to handle a lot of the investigations that we were previously doing manually ourselves. We can actually set up Orchestrator to do things like investigations. If it discovers something that we need to look deeper into, it can just send us an email or text message for whatever we need to do, which has been huge.

It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place.

The ability to create firewalls online has been most valuable including the ability to create rules. We have done this using the ASA old firewall which we prefer over the newer ones. This solution helps us meet our cyber security goals. 

The resilience of this solution has also been valuable. We can trust in the fact that we can always reach out to developers if we have any problems. This solution has improved our network architecture.

The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem. 

With SecureX you can see unusual activity and get more information about the machine or user involved. It provides you with more information about how to sort it out. That's a really important part of security, that you can protect your own network from unauthorized access.

In addition, using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices.

Contextual awareness is also a really good part of SecureX. It works with many areas and, with one tool, you have good visibility into many areas that you manage. That is a really good feature.

One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not.

SecureX is both a security analytics product, as well as a security orchestration and remediation product. We've integrated it with a number of Cisco security technologies, though we're primarily using it for Network Analytics right now.

SecureX definitely provides us with contextual awareness throughout our security ecosystem, since it allows us to integrate multiple threat intelligence feeds, as well as multiple security appliances and platforms. This enables us to have all the threat intelligence and threat event data in one place.

The security orchestration aspects of the tool came out only about a month ago and we haven't yet moved forward with testing it. It does look like its Orchestration will prove quite powerful in terms of allowing me to have interaction with and control of all the systems. Whether this will be to create a ticket in ServiceNow, or to send security alerts to WebEx teams or something of that nature, it does look like it has some very powerful features.

The automation and orchestration tools are the most valuable features.

The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable.

Integrating the product with most of the customers involved hasn't been difficult. There's enough documentation and support from Cisco to help put things together, making the process straightforward.

For me, the most valuable feature is the overview: seeing hundreds of sites and thousands of endpoints; everything in a single dashboard.

It can show me spam attacks, phishing attacks, malicious file transfers on our firewalls, and malicious activity on our endpoints. In addition to all the security solutions it takes in, you can add in other websites and services as well.

Threat-hunting is a specific module within SecureX. You can say, "I want to know what's been happening within my organization. I'm seeing some activity here and I want to know if this machine, which is doing something strange, has been in contact with any other suspicious machines. Has it been receiving any suspicious email? What's going on?" It can really dig into any indication you have within your network.

It also provides automatic messaging. For example, if there's malware activity, it will be automatically matched to a certain category of malware saying, "This is credential access,” or “This is a discovery,” or “This is the exfiltration of data,” or “This is privilege escalation."

There is also the possibility of integrating feeds from different products. SecureX will not only work with Cisco products, but you can also put in different kinds of feeds if you have a different type of firewall or antivirus, for example.You can get the same intel within the same dashboard. You don't need to have only Cisco products. 

SecureX integration between Cisco products and third-party solutions is very valuable due to the fact that you get the security feeds and everything on the internet. If you want to know, for example, if something is Orion malware, it will say, "Hey, I have this webpage showing me indicators of compromise. It gives me a button within my browser and I can check whatever is on this page against my live environment. If there's anything on any webpage saying, "You should pay attention to this, or you should be aware of these malicious files," with a single click I can check them against my environment. The intel you get and the different products all generate output. And you can use the toolbar within your browser to make it very easy to put anything you find into SecureX.

The ribbon feature is quite useful. The solution is great at helping you maintain context around incidents as you navigate different consoles. It's immensely valuable due to the fact that, as you navigate between products and between pages, the ribbon stays with you. I can open a case there and I can also share it with my colleagues. We're back in lockdown again here in Europe, so everybody's working from home again. I can start an investigation on my machine and share it with my colleague. He can work on the same stuff and he can add to the case. You can very easily scale up your investigation. All the notes you've been taking, all the indicators you've collected, all the interesting stuff you've noticed are logged within the ribbon and available for your colleagues to work on as well. You don't have to email back and forth saying, "I found this. Hey, did you see that?" It's all there. You can cooperate on the same issue.

It saves you a lot of time investigating. It will not just show you what's happening within your environment but also what's happening in the rest of the world. If I'm seeing a file for the first time, it's very unlikely it's the first time in the world this file has ever been scanned. I can check if it has been scanned in other antivirus engines and what they think about the file. There is the integration with the service called VirusTotal. It has about 60 or 80 different engines. If I'm seeing a file and not sure about it, with a single click I can get the opinion of 60 different antivirus products on that file to show me what the rest of the world thinks about it.