Please share with the community what you think needs improvement with Cisco Email Security.
What are its weaknesses? What would you like to see changed in a future version?
The reporting functionality needs to be improved.
We would like to see more options for the customization of content filters.
Having Cisco Email Security as a standalone solution is not good enough. It needs to be combined with another solution. For example, it will not stop all phishing and malware. We tried having only Cisco Email Security (IronPort) and faced multiple issues due to the sandboxing. The sandboxing for this solution is not up to mark and needs improvement. It does not detect much at the moment, just the set criteria that it already has designated. The solution needs to improve its advanced phishing filters. It is very good at filtering things which have bad reputations. However, when phishing or malicious emails are new or coming from a legitimate source, we don't feel that the solution is working. While the tool does a good job of blocking malicious emails, it does have limitations. For example, it sometimes cannot identity file extensions and sends through files that we don't want, like OneNote. We can filter by file name extension, but it is too easy to change the file name extension by adding numerical characters, etc.
We have occasionally had hardware problems because we are using an appliance-based solution, but that might change.
We find bugs, just like anyone else. We bring them to Cisco's attention. If there was one area I would like to see improved it might be having someone who can help us when Cisco comes out with a new product. Let's say I'm going to be purchasing and utilizing version two of this product. They assign me an account specialist and a technical specialist to help with the bring-up. It would be nice if the specialist would be able to help foresee some of the issues we might run into, specific to the version we're implementing. I know that's a bit of a loaded issue because sometimes it depends on your particular environment. I know that's very difficult. But, there have been some instances where particular hiccups could have been avoided if the individual assisting us was slightly more versed in the version that we were going with. Maybe he could have told us that it wasn't the version we should have gone with. Maybe we should have gone with a previous version and then skipped over this version until they came out with a more upgraded version of it. The version we first chose might be a stable version in general, or it might be stable for other environments, but not for our particular environment. There's one other thing I would like to see. It would be nice to have an easier way to check on the health of the system, how stressed these appliances are. Sure, you can do it, but it would be helpful to have an easier way to do it, maybe even at a glance. That was something that Proofpoint had that I wish I had here. That would be very useful.
The configuration UI should be made more intuitive. Currently, it takes a while to understand how to do the basic configurations. In terms additional features, I would like to see customization of reports and dashboards.
They could improve the filters. In my time at the company, there were several times we had to contact support to update the filters. They can definitely work more on that. They can also work on the updating of the appliance. We had to do it once, when I was part of the engineering team. We had to update to a later version. It was complicated for me. I had to follow the instructions without understanding anything. Maybe there was pressure that caused me to not and understand them properly, but it was still complicated. The documentation was not there when we tried to update it. It may also have been due to my lack of experience. If I had done it twice or three times, I might have become accustomed to it and have done it more easily.
One of the things that Cisco could improve on with IronPort is the support. Cisco doesn't really have enough engineers who have full, hands-on knowledge of IronPort. Knowledge of it is not something you can find easily compared to other security appliances. They could also share more technical resources on how to do conversions. I did a video tutorial while I was training on CISSP and on CCIE security. There was a series that had the ESA in it and also the WSA. I was able to follow most of the configuration and explanation from the instructor. Also, if ESA and WSA could be brought together, it would make a better appliance, one wholesome appliance.
There were a couple of access issues. Also, they need to keep their intelligence top-notch. I remember a particular phishing email that came through to my then-CEO. So they could improve on their intelligence.
The user interface needs some improvement to become more user-friendly. The graphics could be better. It's designed more for a technical user rather than a business user. The solution has flexibility. I think they are working on improving it as we speak. They're responsive to the feedback we give.
I would like to see sandboxing for email, where suspicious emails received by the system are analyzed through online services. Some vendors, like Fortinet, have this feature in their firewalls, the FortiSandbox.
There should be some type of help section that can help us configure clients' emails. Sometimes, we just need to customize the quality. The graphical user interface is not user-friendly like other vendors. I find it very difficult at times to find some options on the UI. It's very difficult to configure at that time.
I would like to see a cloud service implemented for IronPort with specific domains which companies register to blacklist. Emails or anything coming from those domains should be automatically blocked or automatically scanned. Cisco should implement a cloud service for IronPort. It should scan automatically, without our needing to say, "Scan this," or "Scan that." It should be done from their side. Also, the hardware is not up to the mark. Two to three times a year we have complete downtime. There must be an issue with the hardware itself. The software is very good. It works really well, but when it comes to the hardware it's not good enough because of the downtime. That hasn't happened with any Cisco device until now.
With each product release since 2012, they have continuously fixed our issues or complaints. In the beginning, it needed a lot of work. Now, we are happy with it.
On their roapmap, they are looking to integrate with different cloud features, like Office 365. I would like them to add some clustering or high availability features.