Sold by: Cisco Systems, Inc.
Deployed on AWS
Cisco Secure Access is a cloud-delivered Security Service Edge (SSE) solution that provides secure and seamless access to the internet, cloud services, and private applications, helping users securely access whatever they need to do their best work from anywhere. It protects access to AWS applications while ensuring a seamless user access experience. Cisco Secure Access consolidates industry-leading Cisco Secure SaaS solutions (Zero Trust Access, Secure Web Gateway, Cloud Access Security Broker, data leakage prevention, FWaaS, DNS security, remote browser isolation, Digital Experience Monitoring, and more) to mitigate security threats at all levels while ensuring seamless and secure user access.
4.2
Overview
Cisco Secure Access makes life better for users, easier for IT, and safer for everyone. It addresses cybersecurity challenges driven by the rapid software as a service (SaaS) adoption and the expansion of hybrid work.
Cisco Secure Access is a cloud-delivered Security Service Edge (SSE) solution that fundamentally reduces risk, radically simplifies IT operations, and eliminates remote access complexity for end users. With Secure Access, IT and security teams can effectively protect and defend their users from fast-moving internet-based attacks while providing them secure connectivity to the public and private applications they need, all in a single platform.
Cisco Secure Access is a full SSE solution, with ZTNA, SWG, DLP, CASB, RBI, and FWaaS with further differentiated capabilities including VPN-as-a-Service (VPNaaS), AI Assistant for policy creation help, and AI Access for visibility, control, and exclusive guardrails for third-party AI applications. Further, Secure Access is the only SSE which includes a recursive DNS-layer security service for lower latency, Experience Insights monitoring by Cisco ThousandEyes, and much more, in one license and management platform, all delivered with a single client.
Highlights
- Deliver unified and secure end user access to AWS apps.
- Simplify IT operations via a single console, with a single policy construct, featuring aggregated reporting across datacenter-hosted and AWS environments.
- Reduce business risk with advanced cybersecurity protection, zero trust, and granular security policies.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. Request a private offer to receive a custom quote. Sign in to view any offers that have been extended to you.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
You can reach for the Cisco Secure Access support at: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Cisco Secure Access, Cisco's Security Service Edge (SSE) solution, includes secure Zero Trust Network Access to your company's private/internal resources. Resource connectors are virtual machines deployed in your AWS environment that forward remote user traffic to your applications without requiring open inbound ports in your firewall.
Ideal for remote worker and multi-tenant environments, Secure Firewall ASA Virtual provides scalable VPN options including remote access, site-to-site, clientless, and more. Experience Cisco's industry-leading firewall to protect your cloud resources.
Ideal for remote worker and multi-tenant environments, Secure Firewall ASA Virtual provides scalable VPN options including remote access, site-to-site, clientless, and more. Experience Cisco's industry-leading firewall to protect your cloud resources.
Cisco Security Cloud Control is a unified, cloud-native security management interface for the Cisco Security Cloud. It simplifies and strengthens defenses by centralizing security solutions into a single, cohesive interface. This approach eliminates silos, reduces complexity, and provides end-to-end visibility, empowering organizations to proactively address security challenges across their entire infrastructure.
Customer reviews
Tejas Jain
Secure access has simplified VPN replacement and reveals where migration paths still need work
Reviewed on Dec 29, 2025
Review from a verified AWS customer
What is our primary use case?
Cisco Secure Access serves as a major replacement for traditional VPNs with a VPN-as-a-Service offering. This is particularly useful for clients with aging VPN architectures who face challenges in scaling out.
The product also optimizes firewall capabilities for geographically distributed operators and enhances proxy-based architectures with Secure Web Gateways and CASB for cloud or SaaS applications. By integrating with identity providers like Azure Entra ID or Okta, Cisco Secure Access facilitates the transition from VPN to ZTNA while ensuring compliance with principles like least privilege access.
Additionally, it incorporates identity and device risk scores for dynamic access policies to respond to varying risk thresholds. The service is particularly useful for managing old VPN infrastructure replacements, firewall optimizations, and bridging the gaps between old and new secure access technologies.
The product also addresses unique geographical challenges, such as ensuring secure internet access for oil rigs in remote locations. Furthermore, Cisco Secure Access's multi-tenancy and Policy Verification features are crucial for managing multi-organization environments and ensuring policy accuracy, respectively.
Hybrid Private Access is particularly useful in regions where replacing existing gear isn't feasible due to cost concerns. Lastly, the product's AI-driven features like AI Access and AI Assistant ease policy management and triage, reducing the time and efforts needed in these processes.
What is most valuable?
Cisco Secure Access offers numerous valuable features. The VPN-as-a-Service replaces traditional VPNs, providing global secure access without installing solutions at each location, allowing geographically distributed operators to benefit from scalability and optimization.
The integration with identity providers facilitates this transition and aligns with Zero Trust Network Access principles. The platform offers capabilities like Secure Web Gateways, Firewall-as-a-Service, and CASB for enhanced cloud-based functionality. Its Policy Verification runs checks to prevent policy misconfigurations, a necessary feature for managing multi-organization environments.
Moreover, the product's AI-driven capabilities streamline policy management and triage, enhancing operational efficiency. Hybrid Private Access and multi-tenancy capabilities make it resource-efficient and particularly useful for unique geographical challenges. The product is scalable, adjusting to new requirements easily, and is backed by robust technical support.
What needs improvement?
Despite being a value-for-money product, there are a few areas for improvement. Transitioning for customers from Palo Alto to Cisco Secure Access has its challenges, primarily due to previous infrastructure setups and migration paths. Cisco Secure Access may not seamlessly integrate into such settings, although it performs well in a Cisco-based environment.
Furthermore, while the AI capabilities of Cisco Secure Access are useful, they are not seen as major differentiators compared to competitors such as Palo Alto.
Additionally, though the existing threat intelligence is sufficient for most use cases, extending the integration scope with other tools, especially concerning AI supply chain risk management, could enhance its functionality.
For how long have I used the solution?
The first time I came across Cisco Secure Access, it used to be called a different solution. It was a combination of multiple solutions. First they started with Cisco Duo , and then they expanded into Cisco Secure Firewalls over close to three years. They conducted a lot of branding changes and naming convention changes after that.
What do I think about the stability of the solution?
While the product offers strong overall stability, there were occasional issues, particularly involving Linux devices. However, these hiccups were more related to endpoint-client interactions rather than being vendor-specific problems. Overall, the solution is stable, but improvements could further enhance reliability.
What do I think about the scalability of the solution?
The scalability of Cisco Secure Access is a strong feature. Initially driven by the need for improved scalability over traditional VPNs, it has proven to scale seamlessly alongside infrastructural growth. Effective collaboration with account teams ensures a robust and flexible solution designed to meet future scaling requirements without significant issues.
How are customer service and support?
The technical support from Cisco is exceptional. They provide geographically distributed, responsive support with strict SLAs. The purchase of premium support ensures rapid response times, upholding high-quality service delivery across the board. The commitment to excellent service reflects positively on client experiences.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used to work for Deloitte until six months ago. Currently, this is about managing our own internal infrastructure and then managing that of a couple of our operators and partners. Reselling is not something I am doing currently. I used to do that until June of this year.
How was the initial setup?
Installation and deployment of Cisco Secure Access are straightforward. Comprehensive and publicly available documentation supports this, backed by assigned account managers and optional professional services. Despite anticipating complexities by procuring external services, they were unnecessary due to the clear and simplified setup process offered by the existing resources.
What about the implementation team?
We had an account manager who was assigned to us and then we also purchased some professional services for day zero and day one, in case we got stuck.
What was our ROI?
The integrated capabilities of Cisco Secure Access deliver significant ROI through reduced mean time to detect (MTTD) and mean time to respond (MTTR). The resource efficiency is notably improved as fewer personnel are needed for triage and system management. The AI features further contribute by expediting threat detection and incident response, ensuring tangible returns through operational savings.
What's my experience with pricing, setup cost, and licensing?
Cisco Secure Access offers good value for money. Existing product relationships provide cost advantages, ensuring reasonable pricing without overcharging. Although the solution is cheaper than premium options such as Palo Alto, existing Cisco licenses facilitate replacing previous solutions with Cisco Secure Access smoothly and affordably.
Which other solutions did I evaluate?
If you were a Cisco house in the past, I would certainly use that. If you are coming from something with a Palo Alto firewall infrastructure, I would prefer going with Palo Alto. It is more about the widespread adoption. When ten different people are doing the same thing, then I guess the other five people would do the same thing.
What other advice do I have?
While client-based solutions serve corporate employees, clientless options cater to third-party contractors and onboarding procedures without equipment. These options ensure seamless transitions to full client-based systems for long-term corporate users.
Regarding the multi-organization management capability, it is akin to multi-tenancy, helpful for service provider infrastructures with multiple clients or single customers with diverse business units. It brings intuitive infrastructure management without providing unique features compared to competitors.
AI supply chain risk management, while theoretically beneficial, may not give an edge unless thorough integrations with additional tools are pursued. Furthermore, the choice of not implementing low-cost workflows was based on a need for higher security enhancements.
I would rate this review overall at a seven out of ten.
Kartik Amin
Secure access has unified zero trust and web protection while AI assistance automates tasks
Reviewed on Dec 16, 2025
Review from a verified AWS customer
What is our primary use case?
I use Cisco Secure Access for Secure Access Service Edge (SASE) , which provides me with secure identity-based access to applications and the internet from anywhere. I don't have to rely on traditional VPN architectures. Cisco Secure Access provides Zero Trust Network Access (ZTNA ), Secure Web Gateway, Cloud Security Broker, and Firewall as a Service all into one platform, which is beneficial.
I use it for firewalling, security, and Zero Trust Network Access.
What is most valuable?
I have worked with Cisco AI Defense product and Cisco AI Access, focusing on control access and data protection for data in transport and stationary states.
I have used the AI Assistant, which is a Cisco feature where AI helps to automate redundant tasks so that I don't have to configure each small detail manually. It is a bulk configuration feature.
I have used Cisco Identity Intelligence, which provides User-ID and Content-ID based network access control. It uses protocols such as LDAP to authenticate with products such as Active Directory to authenticate users. It is a good feature and is already integrated.
What needs improvement?
From a feature perspective, I have not experienced any issues, drawbacks, or shortcomings. However, the cost of Cisco's products and licensing is high. My clients usually prefer cheaper options if possible. Mid-size or smaller businesses typically cannot afford Cisco Secure Access. Additionally, there is a steep learning curve, as it is very intensive. Someone with significant knowledge can work on it, but a new professional would have to spend considerable time to get accustomed to it. It is hard to find engineers who can work on it. Overall, we get what we pay for, as it is a pretty good feature and service.
The pricing of Cisco's products and licensing is higher than competitors. If they could be more reasonable, that would help. The support offered for two years also has higher costs. Overall, the client's IT budget gets affected.
For how long have I used the solution?
I started using Cisco Secure Access when I was in the US, which was approximately five years ago.
What do I think about the stability of the solution?
From my experience, Cisco Secure Access is very stable and has not crashed. Cisco is renowned for their reliability, and their products perform well under high data usage. It is very resilient, and I have not seen it go down, crash, hang, or experience any other issues.
What do I think about the scalability of the solution?
Cisco Secure Access is very scalable. It has high availability, so it can be deployed in pairs and scaled quickly.
How are customer service and support?
The quality and speed of the support are very good. Cisco is excellent with their support. When I create a TAC case for any issue, they respond quickly and schedule a call. They help resolve issues as soon as possible through screen sharing. Cisco TAC is very competent.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not worked on the same offering from Palo Alto, so I cannot compare what is better there or here. What I appreciate about Cisco is that everything they do is precise and works well without any issues. I found that there are not many bugs. I have heard that Palo Alto has many bugs that need to be fixed and require a TAC case to resolve. In my experience with Cisco, I haven't had issues with bugs that I had to escalate. On the few occasions when there was a bug, the solution and patch usually fixed the issue, which they had already posted on their website indicating which patch version would resolve it. That is the advantage, as it works flawlessly.
I have not used Palo Alto's offering, so I cannot make a comparison. I have only used Cisco's.
How was the initial setup?
Deploying Cisco Secure Access on the machine is very easy. If we follow the steps, they are seamless and run smoothly.
Policy verification is done before deploying, similar to Juniper's approach. With Cisco switches, if we put a command, it applies immediately without asking for confirmation. With Juniper, we have to put the command and then only after we hit commit does the command apply. Cisco Secure Access has the same feature where before applying the configuration, it verifies and checks if it would cause any issues and provides results based on that.
What about the implementation team?
One person can complete the deployment.
What was our ROI?
It was challenging to learn because, as mentioned, it has a significant learning curve and requires considerable training to become proficient.
What's my experience with pricing, setup cost, and licensing?
Cisco Secure Access regularly requires patches that need to be installed. During downtime or after hours, patches need to be applied. The system gets rebooted occasionally to clear caches and improve CPU performance.
Which other solutions did I evaluate?
I am not certain what VPN as a Service or VPNAaS means. I have not heard of this term.
What other advice do I have?
Multi-organization might be a feature on Cisco Secure Access, but my clients are private companies that haven't merged with any other organizations, so they have their own devices and networks. I haven't used those features.
I would rate this product an 8 overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Ajinkya Mohod
Provides conditional and application-level access while enabling seamless threat visibility
Reviewed on Nov 21, 2025
Review provided by PeerSpot
What is our primary use case?
Cisco Secure Access is used as a security tool within the tenant as a firewall and serves as a cloud-delivered Zero Trust access platform. It is used for Microsoft Intune as conditional access, Global Secure Access, and from Defender for Cloud Apps, working behind before it.
Cisco Secure Access provides application-level access. Usually, it's full network access, but with this tool, application-level access can be given. It removes the dependency of VPN, and then user authentications are continuously based on identity, device, and risk, which is an add-on there.
The Zero Trust Network Access feature is being used.
What is most valuable?
Cisco AnyConnect is used as a VPN tool for SASE purposes.
The integration of CASB functionality for exposing shadow IT within the company is smooth. Technical skill and knowledge are needed to evaluate, analyze, and deep dive on those things. From the tool's response, it is very good, and there is visibility on everything that is needed or necessary.
The integration of Cisco Talos influences threat detection and response capabilities. The integration of Cisco Talos is similar to every Cisco Umbrella , and the experience has been smooth. The knowledge, their KB, and FAQs are very good, and their support is very good. When in trouble, readily available documents or information are accessible.
What needs improvement?
Managing Cisco Secure Access in a single cloud management console is moderate in difficulty. Technical skills or an understanding at a base level or moderate level are needed to make it work, configure, and integrate it. The difficulty level is somewhere between easy and difficult.
For how long have I used the solution?
Cisco Secure Access has been used for one and a half years.
What do I think about the stability of the solution?
The product has been stable with no crashes or downtime so far, and the SLA is good.
What do I think about the scalability of the solution?
Cisco Secure Access is scalable.
How are customer service and support?
The technical support of Cisco is good and up to the mark.
How would you rate customer service and support?
Positive
How was the initial setup?
Regarding deployment and installation, it is straightforward, but having basics is necessary.
What other advice do I have?
No negative aspects have been observed so far; everything seems good. The review rating for this product is 9 out of 10.
Hamilton McClain
Top-rate support, good pricing, and easy setup
Reviewed on Sep 08, 2025
Review provided by PeerSpot
What is our primary use case?
I support the US government. From a customer perspective, the use cases tend to be where we are guarding edge devices that we don't have necessarily 100% positive command and control. The devices have data transport that traverses in some cases ISPs, so we can't really control who's adjacent to those networks. We often deploy in those types of environments. Where we can use dark fiber, we prefer to, but that's not always an option.
What is most valuable?
I'm probably pretty agnostic with respect to that. We have a federal mandate to reach these next-generation firewall requirements. Stateful packet inspection and things of that nature are the things that we're interested in. We have some programs adjacent to us that definitely do that, but my programs don't require that.
We get a significant discount with Cisco, and their support is definitely top-rate.
What needs improvement?
Cisco does a decent job with logging. Sometimes you may need to tweak a few settings, but with their more recent products that support Python and Java among others, you now have more programmatic control in the latest versions of IOS.
If the FTD devices themselves, the Firepower Threat Detection system, those are the firewalls themselves, the individual appliances, weren't so tightly coupled to FMC, I'd probably appreciate them as a product more. The learning curve was a little higher just because it's a large departure from their original ASA devices. If they could be managed individually as easily as they can be managed through FMC, I'd probably be a bigger fan.
For how long have I used the solution?
I have used Cisco products for decades at this point. With respect to ASAs and FTDs, FTDs are fairly new, but I have used ASAs for the better part of a decade.
How are customer service and support?
It is definitely top-rate. In fact, I know that my particular group didn't even have a service agreement in place for the better part of a year and those guys were still very responsive to emails and communications.
How would you rate customer service and support?
Positive
How was the initial setup?
We've been using them so long, it's hard to remember being a newbie, but I don't find their products particularly hard to set up. They have great documentation.
In our deployments, all of our web-based access to any of those devices is actually cut off. We do everything through a secure socket. The only situation where we are compelled to use a web interface is for the FMC, specifically for configuration; however, our management is primarily conducted at the console level whenever possible.
We don't find them hard to manage, especially as a group. The bigger challenge was managing them outside of their FMC product. They prefer to be federated to some extent, and they really weren't designed to be individually managed. They prefer to be managed from a central location. But if you have an environment that lends itself to central management, for the most part, it's not an issue.
What about the implementation team?
We acquire through an organization, and we are the ones that implement.
What's my experience with pricing, setup cost, and licensing?
Price-wise, we get a significant discount with Cisco. I actually prefer Juniper products. From a professional perspective, I prefer Palo Alto and Juniper probably more than I do anybody else. But I can't make the argument when we get 50% and 60% discounts, which we don't get from Juniper or Palo Alto.
What other advice do I have?
Because we operate with what could only be called a skeleton crew, a monitoring solution to the extent possible is dependent heavily on logging, which these applications allow. We do a heavy amount of logging and we do a great deal of log parsing through ELK stack and SolarWinds and Splunk. Any tool that provides telemetry through logging is a particularly good fit for us because we have to really automate our monitoring. We don't have the manpower to sit there and look at multiple applications and things on a regular basis. It all has to come to a central location and has to be pretty automated, red light, green light type stuff.
If you have the budget, make sure to get a solid understanding of what's out there. There might be some other products that you might prefer, but if your budget is constrained, you can make it work with Cisco products for sure.
I would rate the solution a 10 out of 10.
Ahmad Kamarul Zaman Zakaria
Experience shows promise in security and integration, while setup and UI need refinement
Reviewed on Aug 12, 2025
Review provided by PeerSpot
What is most valuable?
Managing Cisco Secure Access through the single cloud management console will not be difficult if you experience it once. This means once you have hands-on experience, you know how to operate it. In the first time, you might have a challenge because you need to understand the system. However, once you understand it, it will not be difficult anymore.
I find the zero trust approach helpful and beneficial in securing standard applications, which means you are accessing the applications directly instead of giving privilege to access the network itself. This is very beneficial in the context of security and is very effective.
Regarding the threat detection and response capabilities, because it's integrated in the cloud, users don't have to configure it to integrate with Talos. The feed that it has is already there, detecting malware and blocking it by itself from the Cisco Secure Access . The Intel is there, and we do not need to manually integrate with Talos.
What needs improvement?
My personal thinking about Cisco Secure Access is that because I'm also catching up on this solutioning, I'm not really seeing any improvement because I'm still learning. So far, it's good; I do not have any comment on this.
Regarding features about the UI, the pricing, and the learning curve of Cisco Secure Access that can be improved, the AI is already embedded in the solution. Because I haven't explored much and am not an expert, the features might be there, but I haven't tested them out.
When it comes to thoughts on the pricing, setup cost, and licensing cost of Cisco Secure Access, I cannot comment as I only did SSE for Cisco and did not have experience with other products. In terms of price comparisons, I cannot provide much insight.
The more competitive the pricing for Cisco Secure Access becomes, the better it would be for customers.
What do I think about the stability of the solution?
Throughout my experience with Cisco Secure Access, I have had some stability and reliability issues, including lagging when accessing the portal. Sometimes the response is fast, and sometimes it's slow, with response information that can be either correct or wrong. However, I consider these minor issues because they recover in a few minutes afterwards, though there are still glitches present.
How are customer service and support?
In evaluating my experience with the technical support and customer service of Cisco Secure Access, during the POC, we did not leverage tech support at that particular moment; instead, we engaged directly with the SE team, the Cisco System Engineer teams.
How would you rate customer service and support?
Positive
How was the initial setup?
Regarding the experience with the initial setup of Cisco Secure Access, it is important to communicate with the customers on the requirements, so they understand and prepare whatever we need to set up the POC. We need to communicate effectively with them and let them know what we need. Once our requirement is fulfilled, we can proceed. The key point is that communication with the customer must be maintained.
Once we have all of the requirements, the setup of the product itself is not that difficult. The first time requires understanding many things, but after the deployment and gaining experience, it becomes quite straightforward.
Which other solutions did I evaluate?
I give Cisco Secure Access a seven because I did study other products as well. While I haven't deployed any other SSE product, I went for the training. The way of deploying and the solution is quite seamless, but that's my current assessment without hands-on experience with the other products.
What other advice do I have?
As a partner with Cisco, this relationship is more related to the partners agreements, which is why we are selling Cisco Secure Access.
My impressions of Cisco Secure Access on protecting organizations from threats such as phishing or ransomware attacks are based on my recent POC. There aren't many use cases I have shown to the customer, but I can confirm that the solution is effective.
I would evaluate my experience with the Cisco team as an eight on a scale of one to 10, where 10 is the best.
My advice for other users who would like to start working with Cisco Secure Access is to find a good service integrator. As I come from the service integrator background, my advice to end users is to collaborate with a reliable SI that has the expected expertise on the solutions they are going to purchase and enroll.
The overall rating for Cisco Secure Access is 7 out of 10.