Cisco Secure Access

I use Cisco Secure Access  as an on-premises solution.

For security, we use Cisco Secure Access for email security, endpoint security, networking, and gateway-level firewall, and we are also using Cisco Meraki.

Cisco Umbrella  helps us with securing applications, and we are using Cisco Umbrella .

Cisco Umbrella is helping us significantly with securing standard applications, but not in a complete manner, as there are some gaps in the product which the product team needs to focus on.

My perception of Cisco Secure Access's ability to provide secure security via protocols such as HTTP, HTTP/2, and QUIC is that the overall impact is significant.

After implementing Cisco Secure Access, I observed complete automation, a complete Zero Trust architecture, and complete automation of security.

It has worked well for protecting our organization from threats including ransomware, phishing, and spamming.

The maturity level of this particular product is not as high as what we see in the market.

Concerns are related to marketing strategy mostly, and the licensing model is typically very confusing.

The ease of managing Cisco Secure Access is quite challenging; it is not user-friendly, and we have to involve too much time to review the information available in the dashboard, which can be confusing.

The integration of Cisco Secure Access is quite difficult; it has too much dependency and is totally dependent upon the current IT infrastructure. It is compatible with only Cisco products, and if we have multiple vendor products in the network, then integration becomes quite challenging.

I chose Cisco instead of Fortinet because, while FortiGate has everything, Cisco is a leader in networking and is more mature compared to Fortinet.

Before choosing Cisco, I considered FortiGate as an alternative.

I chose Cisco instead of Fortinet because, while FortiGate has everything, Cisco is a leader in networking and is more mature compared to Fortinet.

The decision was more about Cisco's brand and complete branding.

The price of Cisco Secure Access is quite cheaper than VMware NSX .

I would rate this review as nine out of ten.

Cisco Secure Access  serves as a replacement for customers' old VPN solutions while increasing security through Zero Trust Network Access  (ZTNA ). We had a chicken production client that identified their current VPN as the lowest hanging fruit for increasing security. Since the customer already had Secure Client or AnyConnect previously, introducing the ZTNA module into Cisco Secure Client felt quite straightforward. We implemented it step-by-step, side-by-side, and rolled it out for that customer, which improved secure access for both on-premises and cloud solutions and turned out to be very effective.

Cisco Secure Access  offers seamless access and replacement for VPN; VPN can be quite clunky when you need to access cloud solutions. With Secure Access, you create tunnels to everything basically in the solution, simplifying things while improving security for our customers. I particularly appreciate the ZTNA story and accessing SaaS, on-premises, and cloud resources all at once.

Usability is one of the key factors in selling the product; it has to be easy to use. I think Cisco has done a good job there with Secure Client, and since many of our customers and a lot of the market are familiar with AnyConnect, showing them Secure Client, which is basically the same thing but with a new coat of paint, and telling them that it improves security while not being more difficult to handle is great.

Customers spend much less time troubleshooting VPNs because ZTNA works more stably, and therefore it has become a pretty good point of sales for us as a reseller to increase our revenue at the customer level, because it's an extra layer of security that you can add to an already existing networking solution. On the customer side, it increases performance and helps ease of use, and from the reseller side, it's a great product to add on to existing network solutions.

The customer's experience has gone from "Our VPN doesn't work and we need to troubleshoot it all the time" to "Our ZTNA does work and we don't need to troubleshoot it all the time." Cisco Secure Access has been very stable.

Cisco Secure Access's scalability is great; from a technical point of view, it's quite simple. However, from a licensing and cost point of view, there could be improvements in ease of licensing and better pricing.

The multi-organization management capability of Cisco Secure Access is excellent; it's a great feature that you can do with the multi-tenancy mode, and I think it's great that you can roll it out to separate organizations.

A more granular license approach would be beneficial, allowing customers to grow with half a module or one module at a time and add on the CASB , the DNS security, or the ZTNA. If they can do it granularly and grow slowly, I think that would be really advantageous for the sales process.

The license model can be simplified; it is a bit tricky to understand exactly which licenses you need. The cost was pretty expensive but also pretty reasonable, and if the cost could be brought down a bit, that would make it a much more attractive product for the Swedish market.

Customer support is decent; it is slowly getting better now with the new NIS2 and cybersecurity laws that are being implemented.

I have been using and reselling Cisco Secure Access for the past two years.

Customer support is decent; it is slowly getting better now with the new NIS2 and cybersecurity laws that are being implemented. I would give customer support a rating of five.

We previously used Cisco AnyConnect VPN, so it was more of an upgrade rather than a switch; we switched from AnyConnect to Secure Client to SSE.

I do not have concrete numbers that I can share because I do not currently have them, but the customer's experience is that they are spending pretty much no time troubleshooting ZTNA, down from spending a lot of time troubleshooting VPNs. I would estimate it is probably in the 60 to 70% range of time saved when it comes to VPN troubleshooting.

We looked at FortiSassy, Cisco Secure Access, and the customer also looked at Cloudflare .

The AI access feature of Cisco Secure Access is really interesting. I do not think it is really there yet; the product has to mature a bit more for us to give it an honest evaluation. However, from what I have seen in the upcoming feature releases, I think it is a really interesting way to go for the AI agents in the solution.

We do not use VPNaaS in Cisco Secure Access.

I do not know how it has impacted incident resolution time because we have only used the Experience Insights feature in a proof of concept stage, and I have not yet done it in a full rollout.

The AI assistant feature in Cisco Secure Access has helped with the documentation and with administrative duties.

We have not integrated Cisco Identity Intelligence with Secure Access.

Everybody has a need for a VPN; VPN is not as secure as it once was because the market is moving fast. Cisco Secure Access and ZTNA is the way forward to ensure easy access and secure access to your preferred on-premises or cloud instances. I would suggest to customers that they allow us to help them by choosing ZTNA rather than VPN. I rate Cisco Secure Access an eight because an easier license structure, easier pricing structure, and better pricing structure would bring it to a ten.

Cisco Secure Access  is used for CTNA with a couple of applications deployed on it. There is a journey underway to move all applications off VPN into CTNA, but some applications are too old and legacy and will not support it very well. Business input into testing is required, and everyone is busy with everything, making it quite difficult. The VPN is working wonderfully.

The integration of Cisco Secure Access  with Meraki is going well and has been a very positive experience compared to the previous deployment of Check Point. The difference this time around is having a Customer Success Manager and a direct path to the product owners, where feature requests can be made and feedback received. Cisco has been quite involved in the onboarding process.

Cisco Secure Access is significantly different compared to Check Point. Nearly a year since deployment of Cisco Secure Access, users have likely forgotten about turning the VPN on as it is now automatic. Users just open their laptop and are connected straight away regardless of whether they are home or not. From a user point of view, it has been very good. Things such as the ThousandEyes  module have been deployed into it along with posture assessments, so all these different modules have been put into one single agent, which has helped get a unified view of everything.

The features of ThousandEyes  integrate with Cisco Secure Access by providing end-user ThousandEyes licenses and end data center ones, which gives a holistic view. That is all complemented with Cisco Catalyst Center , providing an overarching view of what is going on on the network. The service desk can have access to that so they can see what is going on across the entire environment. This has provided a single pane of glass, which was not available with two different vendors before.

Regarding Cisco Secure Access, there are some areas that are not positive. Dedicated IP addresses for Cisco Secure Access platform took quite a while to obtain, and the process can be streamlined and improved. Issues arise because everyone is coming off a single IP address and sites such as YouTube think there are bots, asking to verify or just blocking access. When this was raised with Cisco, the official response was that accounts need to be signed up for or Gmail accounts created, with nothing that can be done on Cisco's side as it is on the end website. This is somewhat understandable, but those relationships should exist between large organizations. For instance, when presenting a PowerPoint with an embedded YouTube video, it suddenly says it cannot verify identity, causing issues for all levels. Three or four people come to the service desk every week with this issue, and the response is to use a generic Gmail account or sign up independently, which is probably not adequate.

Another issue has been with VPN profiles. When creating different VPN profiles, the underlying infrastructure has had to be replicated or provided, such as another RADIUS server for authentication. The whole VPN profile side of things can be improved for different subsets of users, such as guests or people who bring their own devices. Different profiles are wanted for different user bases, and it is quite complex on Cisco Secure Access to set all that up at the moment. Historically, with ASAs or Check Point firewalls, VPN profiles could be set up quite easily and what they had access to and what they did not have access to could be limited. There is interest in seeing how it can further integrate with Cisco Identity Services Engine because there is scope there to allow people on the environment via the VPN, but also restrict what they can access or not based on their profile. Those two can work a bit closer together.

Cisco Secure Access was deployed internally for approximately 2,400 users in April of last year.

Cisco Secure Access is stable and reliable if certain features are not used. Initially, SSL decryption was enabled, where certificates are decrypted, and when that was turned on, the performance was very unpredictable, plummeting significantly. In the end, it had to be turned off, and since it was turned off, there has been a great experience. It is understood that it requires much more processing power to decrypt things before they hit the network, but the unpredictability of the performance was only realized once it went live, and it had to be immediately pulled.

Cisco Secure Access can scale, integrate with other solutions, and meet the needs of users. Many things are in the pipeline which suggest Cisco is moving towards more integration and a single point of view, which is positive. There has been indication that Cisco will be looking at the Identity Services Engine integration.

The experience with Cisco Secure Access customer support is good. They have always been reachable, and fortnightly cadences have been established now that things have settled down. Meetings with the actual product engineers working on the solution have also been arranged. When there are more complex issues, they work with the team to pull that data directly from systems and take that back to improve on it and work on it. This has been a very collaborative experience.

Cisco support is rated an 8 overall. From feedback received from the team, it is between an 8 and a 9.

An expedited deployment of Cisco Secure Access was conducted. A proof of concept was run in December 2024, and then the solution was deployed between January and March, which was very quickly because the Check Point contract was ending on April 1st. It was quite a quick, speedy move, but support was provided all along the way with the managed service partner as well as Cisco, so the delivery was successful.

The price to value from Cisco Secure Access is justified. Money has been saved by moving to one vendor, and that has been a material cash saving that was able to be handed back to the business. It has not only been a better solution overall, but also been cost saving, which is unusual—too good to be true at one point, but it has delivered. Approximately half a million pounds a year is the amount that has been saved.

AI Assist is quite good at how it can collect information from various sources and pull it all together to give an answer. It can also resolve issues further down the line, so it appears quite powerful.

Cisco Secure Access is rated an 8 overall. It is good at what it does at a fundamental level, but when it comes to trying to customize it slightly for what is needed, because it is a cloud-based solution, it is much harder. There are some features that are missing from it that used to exist in the older platforms. The overall review rating for Cisco Secure Access is 8.

My main use case for Cisco Secure Access  is to secure our network. A specific example of how I'm using Cisco Secure Access  to secure my network is that we use it for our customers as an internet service provider to ensure everything is safe.

In my experience so far, I haven't noticed any best features that stand out with Cisco Secure Access. One feature that does sound useful to me is Zero Touch.

The Zero Trust feature in Cisco Secure Access works very well, but I have no idea about its specifics. Some common positive impacts I mention include faster troubleshooting, which I have noticed since using Cisco Secure Access.

Cisco Secure Access has helped with faster troubleshooting because when we were troubleshooting a loop in a network of our customers, with just a few clicks, I found where it came from and where it was going, so I closed this interface and everything is good.

I am using the AI Assistant feature in Cisco Secure Access, and it has helped in improving my security administrative tasks by summarizing pages or outputs of troubleshooting, which is helping so much. The most helpful thing the AI assistant has done for me is making recommendations for solutions during troubleshooting, which helps me focus on what to think about.

I think Cisco Secure Access can be improved, but as I said, I'm still new in this field, so I can't say something now. I plan to improve my skills more and gain more experience, and maybe I can send them an improvement by mail or something similar. I do not have more to add about the needed improvements.

I have been using Cisco Secure Access for approximately two months.

In my experience, Cisco Secure Access is very stable, and I do not have issues with downtime or reliability.

Cisco Secure Access' scalability seems to keep up with my needs as my organization grows.

My experience with customer support for Cisco Secure Access has been okay, but it is not very fast.

I did not previously use a different solution before Cisco Secure Access, so I'm not sure about that.

Cisco Secure Access is deployed in my organization on-premises. I'm not sure if we use VPNaaS in Cisco Secure Access. I haven't used the Experience Insights feature powered by ThousandEyes  yet; I know about ThousandEyes , but we do not use it yet.

I'm not sure if I have integrated Cisco Identity Intelligence with Cisco Secure Access. I haven't used policy verification in Cisco Secure Access as I am still new and do not configure any policies. I help mostly with troubleshooting something that's already running, just looking for anything wrong here and there.

I do not have anything unique to add about how I or my customers are using Cisco Secure Access.

Since using Cisco Secure Access, I haven't seen a return on investment and I do not have this information regarding saved time, money, or fewer employees.

Before choosing Cisco Secure Access, we evaluated a few solutions such as Cisco Meraki, Cisco ISE , and Catalyst  Center.

Since I started using Cisco Secure Access, I have noticed positive impacts on my organization. My advice for others looking into using Cisco Secure Access would be to try it; it is very nice to have in a good environment, such as service providers. I would give this product a rating of 8 out of 10.

My main use case is Zero Trust because we're moving to a full SASE platform and Cisco Secure Access was our first step.

Cisco Secure Access has helped my organization significantly, especially when we went through a cyber event and lost all our previous remote access. We were able to get Cisco Secure Access up within seven days and roll it out to all our people to get everybody back online. It was a very fast rollout to 30,000 users and we regained full functionality within those seven days.

I appreciate all the features of Cisco Secure Access, but I find the Secure Web Gateway is probably the best feature, followed by the Malware and IPS in the cloud.

The Secure Web Gateway is probably the best feature of Cisco Secure Access because it simplifies access and allows me to lock down my entire environment. My access network only allows 443 to Cisco Cloud, with no other traffic, reducing the chance of anybody getting in and cross-connecting to anything else.

One area that needs improvement with Cisco Secure Access is the ZTA policy itself, which is lacking because it is limited to one policy for one target. If I have multiple policies I want to apply to a multiple group for the same target, I cannot do it, which is very limiting.

I have been using Cisco Secure Access for 14 months.

I did not face any major challenges or have bugs, crashes, or downtime during the deployment of Cisco Secure Access. However, we experienced one downtime when all of Cisco Secure Access went down, but it was not specific to our organization.

My experience deploying Cisco Secure Access was positive. We had CX services and got it in within seven days, so it was pretty easy.

I can definitely say I have seen a return on investment from having Cisco Secure Access, as it has cut down our admin cost. I have eliminated three sets of firewalls that I did not need to have. I would say we probably save about 30% in hardware and about 20% in administration right now.

My experience with the pricing, setup cost, and licensing for Cisco Secure Access is that it is part of our security EA, so it is included in our program, which is part of a much bigger portfolio.

Before adopting Cisco Secure Access, I used Zscaler, which is along the same line, but I am not a fan. I am happy because I find with Cisco it ties well with the rest of the ecosystem, unlike Zscaler, which does not. We did look at Zscaler.

The attack we faced had a big impact.

I am not using the AI assistant feature in Cisco Secure Access yet, as we have started looking at it, but it has to go through risk assessment first.

I am not using any other AI tools in Cisco Secure Access. We were deploying AI endpoint but that has been paused.

I do use VPNaaS in Cisco Secure Access.

The transition from VPN to ZTNA with Cisco Secure Access has just been more secure for me. It is more secure because VPNs are easy. If somebody compromises a VPN, you get traditional full access to things, whereas ZTNA allows isolating access to an individual system, providing limited access.

I am not using the location enforcement by location features of Cisco Secure Access yet, but it is on the roadmap to deploy.

My experience with the Experience Insight feature, called DEM, is not good. I find the integration between Cisco Secure Access and ThousandEyes does not work well and does not deliver what it is supposed to. In fact, we have not been able to get it to work, making it pretty useless right now.

I have integrated Cisco Identity Intelligence in Cisco Secure Access, which is influenced by security. It is all tied to the identity, the root trust. That is where we are using it for.

My experience with the multi-organization management capability of Cisco Secure Access in terms of usability and efficiency seems okay for the limited usage we have for the multi-tenant. I cannot really comment if it is good or bad.

I would rate this review a 10 overall.