Cisco Secure Access

The main use case for Cisco Secure Access  is for posture management, managing network devices, guaranteeing guest access, BYOD, guest, and sponsor portal. I have used Cisco Secure Access  from end to end.

I consider network segmentation as one of the most valuable functions of Cisco Secure Access.

I use the Zero Trust Network Access  (ZTNA ) feature of Cisco Secure Access, and we have currently deployed it for ZTNA. I appreciate the identity management of devices where they are connecting to the network. The device needs to be trusted always, which is actually a good security best practice because it does not involve trusting a device once and then allowing it network access.

I have experience with the integration of CASB  functionality in Cisco Secure Access. The cloud access broker has helped by providing a bridge between the user directory and functionality, allowing the system to enforce data control, compliance, and threat protection. This is good security practice as well.

How easy or difficult it is to manage Cisco Secure Access through the single cloud-managed console depends on who you talk to, but for me, with my experience, it has become very easy and really manageable. Much of the interface has been improved significantly, making management easier. The upgrade of the interface really has changed a lot, which makes it easier to remember.

Automation is something Cisco could improve for Cisco Secure Access. I have seen the way they have done this with SD-WAN, where you have automation of VPN through auto VPN tunneling and the creation of tunneling between SD-WAN. If Cisco could improve Cisco Secure Access in the same way, there should not be as much configuration needed, because companies are really keen when it comes to deployment these days. We need to automate deployment. If they could do that with Cisco Secure Access as well, especially with big branches, it would be great. I have worked with almost 200 branches, so configuration in all these branches is needed for security. If this could be integrated and automated exactly like the auto VPN that happens on SD-WAN, it would be excellent.

Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.

I have been working with Cisco Secure Access since 2012.

Our deployment process is mixed. We are deploying for different clients, so it depends on what client they have.

Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.

The setup process for Cisco Secure Access is very straightforward. Integrating with SD-WAN is really easy.

We are fighting internally with Zscaler because they are saying it is cheaper. Pricing is competitive between solutions. Palo Alto is coming very well as well. I am not sure if Cisco is also looking at that, but they are also coming with a lot of functionality within the Palo Alto space for the SASE  function.

Cisco Secure Access does help me protect my company from threats like phishing and ransomware. The fact that Cisco Secure Access integrates Zero Trust, the secure gateway, and data loss integration does a lot to help with email security because of the integration with Cisco Web Gateway. Training users is also necessary because security involves users as well.

I am satisfied with the functionality of Cisco Secure Access. One of the areas I have not investigated much time on is the integration with the segmentation within the SASE  solution. I have been doing it on my side, but I still need to understand how it integrates and how it can work instead of using the NAC solution. The ICE function could be integrated within Cisco Secure Access. I think that would be better because Cisco has integrated firewall as a service, so why not also integrate the NAC solution as a service in that platform as well.

I have given this review a rating of 9.

The two typical use cases of Cisco Secure Access  are how remote workers securely access both private applications, public applications, and SaaS applications from anywhere.

In my opinion, Cisco Secure Access  is a complete SSE solution. The second good thing about it is that it has very deep end integration with other products which are required to improve security, such as multi-factor authentication and NAC products, all coming from Cisco. Whatever the customer use case may be, not only Cisco Secure Access but other applications coming from the Cisco security product line are available without needing to look outside of that ecosystem. Typically, I can just take it from Cisco and complete the entire solution.

From my perspective, it is quite easy to manage Cisco Secure Access.

The Talos integration for threat detection and response capability is a must for any product, whether running a SIEM  or XDR . The Talos threat intelligence, which is possibly one of the largest organizations that gathers all this data and sends updates, comes free with every Cisco security product. That is really important because security is not static; it is dynamic. New viruses and malware are emerging constantly. Talos ensures that I get updates of everything being seen across the globe so that I am not left behind.

When it comes to protecting against phishing and ransomware, it is pretty good because all identified signatures and non-signature-based protections get updated through threat intelligence. However, as I said, it all depends upon what your attack surface is. If the attack surface is mail, for example, where the bulk of threats get percolated, then it has to be augmented by additional security layers such as email security. Based on the threat attack surface, you have to protect those also with an additional set of software.

The only negative side of Cisco Secure Access is the mindshare. From my perspective, the greatest positive side of Cisco is that it has a very complete story on the entire overall security requirements of a customer, whether it is end user security, network security, or workload security. It covers it all. Having said that, the customer mindshare of looking at Cisco as a security OEM is pretty low. That is one thing which in my mind, Cisco has to really improve.

The second thing is, of course, multiple panes of glass to manage multiple products. That has been a long-standing demand from customers that they should simplify that, and Cisco is working towards it. The third thing is AI integration. Cisco is also aggressively working on AI integration with their products. Mindshare is one of the biggest challenges of Cisco security products, and they have to increase customer awareness sessions to increase the customer mindshare about their security products.

One big challenge which I see with Cisco is their MDR capabilities. They do not provide it as a service, which Palo Alto does provide. Cisco's policy and strategy is to enable partners so that it becomes partner-enabled services using Cisco products. Whereas Palo Alto provides MDR as a service and Sophos provides MDR as a service, Cisco enables partners such as us to provide equivalent services. However, there are multiple enterprise customers who would prefer to go to the OEM for that service. There are multiple big wins which Palo Alto had in India because of their own MDR capability. If I were to fight as a partner with my capability and Cisco products, I surely cannot fight the might of Palo Alto. That is one area where possibly Cisco has to relook.

With regards to my experience with Cisco Secure Access, I have been working with it for at least two years now.

Regarding Cisco Secure Access, I would agree that it is a 99.9% stable and reliable product.

My impression of scalability for Cisco Secure Access is good. Being a cloud solution, it has unlimited scalability. Scalability is not an issue. You can scale based on the number of users and licenses. You have SIA, SPA, and all licenses. Scalability is not an issue since it is a cloud-based solution.

I believe customer service from Cisco is good and not a problem in India.

Regarding the deployment procedure and installation of Cisco Secure Access, it is straightforward and not much of a challenge.

We usually deploy Cisco Secure Access in our Center of Excellence, and we keep demonstrating that to the customers. It is fine and not much of a hassle.

Quantifying the return on investment depends upon what the use case is and the automation we can build up. We just did some study where, with automation and all of that, we can get almost 30% ROI.

In comparing Cisco Secure Access to its competitors in the market, I think the leader is definitely Palo Alto.

Comparing Cisco Secure Access pricing with its peer group, I think they are still comparable in terms of pricing. It also depends upon how desperate Cisco is to win the deal; they can also go better. When I say peer group, I am talking of Palo Altos of the world, and so forth. They are a little bit on the higher side, but still, when it comes to closure of the deal, they get aggressive and they can meet up with the competitive price points.

I have to study more about Cisco Secure Access's ability to provide secure access via HTTP/2 and optionally QUIC, so I am not aware of this, and I will not comment on that.

Summarizing all that I have told you about Cisco Secure Access, mindshare, multiple panes of glass, AI integration, and MDR are all aspects that could be slightly better. Those are the areas for improvement. Overall, I would give Cisco Secure Access a rating of eight out of ten.

My clients' use cases for Cisco Secure Access involve both business and technical purposes.

Cisco Secure Access is a zero trust network access solution that I propose mostly for network access so clients can access the network or their cloud platform for workload.

One of the strongest parts of Cisco Secure Access is that along with Cisco SD WAN solution, I propose this as a bigger advantage in access and the DNA for secured access while roaming users to the SD WAN tab.

It is very easy to manage Cisco Secure Access through a single cloud console because along with Cisco DNA architecture, it connects smoothly, and Cisco provides two methods: the catalyst SD WAN solution and Meraki.

It helps to secure standard applications.

When speaking about improvements for Cisco Secure Access, the licensing structure is an area of concern, as many users struggle to understand how it works.

I see technical limitations and challenges on the Catalent DMA solution, especially when integrating it with the SD WAN fabric, and it could be easier to integrate the tools.

In terms of features and capabilities for Cisco Secure Access, it could improve user-friendliness for the Catalyst dashboard, whereas Meraki scores ten out of ten for user experience.

I started working with Cisco Secure Access almost three years back, as I am working with Cisco SoC.

From my two decades of experience with Cisco, I find the solution to be stable.

Cisco Secure Access is generally a scalable product.

My experience with Cisco customer service is satisfactory.

I would rate my experience with Cisco support as a nine.

I am working with a couple of competitors' products for the same use case.

The installation procedure for Cisco Secure Access is case-to-case and depends on the customer workload, which allows for proper study based on customer instructions.

Based on ROI, Cisco Secure Access is worth the investment, as it is a core security product that allows customers to measure their ROI effectively.

In terms of cloud security and SD WAN security, Cisco leads, but in the firewall area, Fortinet is ahead.

My role is that of an integrator with Cisco Secure Access.

Cisco Secure Access integrated with Cisco Talos collaborates effectively, as I see that Cisco Talos has a much higher level of signature intelligence than the competition.

I would say Cisco Secure Access has a huge impact on protecting the company from threats like phishing and ransomware, as Talos provides all the necessary features to mitigate spam, phishing attacks, and offers sophisticated security measures at the gateway and system level.

All these functions will work based on the customer use case, and if the customer uses the SaaS platform, it will help to securely access web applications.

I would say it is beneficial.

The main negative point I see is related to the licensing structure.

I can give Cisco Secure Access an overall score of ten based on my satisfaction with the product.

Our main use case for Cisco Secure Access  is providing security for hybrid and mobile workforces. One of the big challenges these days is the fact that you will have users in the office, working remotely, and all will have different access policies.

You will have users that will be technically hopping between offices, remote work, and working on the road. The trick is determining how we can have a single, consistent security policy for those users. Cisco Secure Access  helps us with that quite a bit.

We did our first pilot deployment of Cisco Secure Access about three years ago, and we have deployed it successfully at several customers since then.

The VPN as a service is the feature that we like the most and the one that our customers like the most. Historically, you would have to maintain a firewall or other local VPN concentrator device. With Cisco Secure Access, now you can VPN in directly to Cisco Secure Access cloud, have that security policy applied, and then get directed either to the internet for SaaS apps or cloud services or to local on-premises resources through Cisco Secure Access system.

AI Access feature is a relatively new feature in Cisco Secure Access, but it is one that has become very important, especially in the last year or so, as end users have started to make a lot of use of the big AI tools, ChatGPT, Claude, and all that. There is now a big concern about those users putting inappropriate information into them, confidential information, regulated information. Being able to more tightly control what models my end users use, what services they use, and what information they submit has become a major part of end-user security in general. With Cisco Secure Access, I can do that whether you are in the office, on the road, or working from home. I can ensure that wherever you are at, you are not using AI models inappropriately and exposing us to risk.

Digital Experience Monitoring is for Cisco Secure Access and really any kind of SASE  deployment. You need to know how the users are using the system and what their experience is so that it is easier to troubleshoot. Because you could have users anywhere, how are they getting access to the resources? If they are having problems, how can we help troubleshoot that? ThousandEyes  integration with Cisco Secure Access is a pretty comprehensive visibility tool. It works everywhere from, for example, a work-from-home user. Are they having poor connectivity? ThousandEyes  will let us see that it is their home network. They have bad wireless signal. We can work with them to fix that. Alternatively, it reveals problems with their internet connection. Or if they are traveling, what is the total visibility within the entire path between them and the application, whether it be a SaaS app, locally hosted, or something hosted in Azure , AWS , or any of the big cloud providers.

These days with supply chain attacks being a major problem, being able to vet anything that is downloaded by developers, by end users for business use, is almost a requirement these days. With Cisco Secure Access, because I can do that, this goes back to that security anywhere for any user at any time. Being able to ensure that we have that coverage for someone working from home, someone working remotely, someone on-premises, keeps that supply chain risk low.

I think it is a matter of especially keeping up with the times. I mentioned AI defense earlier, but as AI use and especially as we get into agentic AI use, seeing how Cisco Secure Access works to control those agentic uses especially is important. I think that is where we expect the big improvement to be.

I have been working in IT consulting for about 22 years.

It has been rock solid and stable. I can only think of one service disruption that I have seen with it in the last several years we have been using it, and that was really only for a very short amount of time.

Cisco Secure Access is a very scalable solution. Being cloud-native, scalability is really built in. The user management controls work well even for our larger customers with large numbers of users. I would say scalability for Cisco Secure Access is a very strong point. It builds on Umbrella , which is a highly scalable security solution. We see that there as well.

When we have had problems, they have been very quickly resolved. The support engineers have always been of a high quality. The only bad experiences we have had were really sort of when the platform launched and I think even Cisco was still learning how to support it.

There was no single solution before. What we were doing before Cisco Secure Access was just a traditional on-premises VPN or other standalone remote access solutions, which was always, I think, a management headache. Multiple products were needed for different use cases. Moving to Cisco Secure Access really helped consolidate all that into one overarching end-user security platform.

Overall, it has been a fairly good experience. Deploying Cisco Secure Access, because for a lot of customers they started with Umbrella , and it goes back to that same operational model, that same user interface, the same configuration model, has made it probably one of the easier SASE  solutions to deploy compared to some of the other vendors out there.

For our customers, it has been a big time saver in terms of policy management. Because now, I do not have to maintain separate policies for my remote users versus my on-premises users or people in a hybrid environment. For our customers, there has been a pretty good ROI and pretty quickly too.

For our customers, it has been a big time saver in terms of policy management. Because now, I do not have to maintain separate policies for my remote users versus my on-premises users or people in a hybrid environment. For our customers, there has been a pretty good ROI and pretty quickly too.

Pricing for Cisco Secure Access has been very reasonable in the context of the entire world of SASE solutions. Setup costs for customers coming off of Umbrella, because of the fact that it is an evolution, the setup costs for our customers have been low. A little bit higher for greenfield, but Umbrella has always been a fairly easy product to turn up and Cisco Secure Access sort of continues that. Getting customers up and running with it is pretty easy and not too expensive.

The other solution that we considered heavily was Palo Alto's Prisma Access , or what they call Prisma SASE now. What we found is that with Cisco Secure Access, it was a much easier on-ramp for our customer base. It was easier to get that quick ROI.

One of the things about policy verification is with Cisco Secure Access and modern security products in general, policies can become very complicated, very quickly, especially once you start doing role-based policies. To have a tool that helps you validate the policy before you push it out to the end users ensures that the end user satisfaction is higher, fewer complaints, and fewer headaches for the IT staff when making big policy changes.

It is a solid 10. It does exactly what we need it to do. It does so in a way that is easy to manage, easy to control, and gives us the information that we need to make sure our end users have a good experience wherever they are working. My overall rating for Cisco Secure Access is 9.

The biggest advice I give to anyone looking at Cisco Secure Access or really any other SASE solution is a lot of planning. SASE deployments tend to be complex, and while Cisco Secure Access does a great job of simplifying things compared to some of the other vendors out there, a good solid project plan, a good solid assessment of your needs before deploying is always something that I would recommend anyone does.