Cisco Secure Access

The first use case is access to the private application on the data center. The second use case is access to the cloud application on the cloud, plus the branches connected to the branches.

When discussing how easy or difficult it is to manage Cisco Secure Access  through the single cloud managed console, I find it very easy. Cisco Secure Access  is similar to Umbrella  and Meraki; it requires just a few clicks to configure what I need or what use case I have.

The features I have found most valuable in Cisco Secure Access include Data Loss Prevention, Web Security Gateway , Cloud-delivered Firewall, and CASB . All of these features are amazing on Cisco Secure Access.

Regarding the integration of Secure Access with CASB  functionality for exposing shadow IT within my organization, it gives me powerful capabilities to control shadow IT and its integration and features for Data Loss Prevention.

For sales, it is easy to tell the client about the benefits because it is simple, with only one or two lines for pricing. For pre-sales, it is very good as I can configure it in two clicks on CCW. The use cases can be summarized in just two or three slides of presentation. The user experience is very easy because the security is invisible to end users, meaning they do not suffer from strict security preventing them from doing their job. I find it an amazing product, and as it is an upgrade for Umbrella , it has all the good sides of Umbrella while removing some bad sides.

Based on my experience, the main point for improvement is the full integration on the Meraki dashboard. Cisco Secure Access with Meraki MX forms what we call a SASE  solution. However, currently, Cisco Secure Access does not appear on the Meraki dashboard; they are still using Umbrella, which does not fully unify with Cisco Meraki.

Regarding functionality, I do not find things that need to be improved, except that Cisco should make the security web gateway, URL filtering, IPS, and fire-walling more robust for large businesses. These features are suitable for small and medium businesses but may need enhancements for larger enterprises.

For large businesses, it does need some improvement, but if it improved, I think it will not be enough as it is targeting small and medium businesses. This is not a drawback, just correct sizing.

I have been working with Cisco Secure Access since its launch, which is about two years ago.

For stability, I would rate Cisco Secure Access a nine. It is a new product, and although two years is not long enough to fully judge stability, I have not found anyone who complains about Cisco Secure Access or even its predecessor, Cisco Umbrella .

Regarding scalability, cloud solutions inherently allow for scaling up and down without issues, but as I mentioned before, it is primarily for small and medium businesses. I cannot judge its applicability for enterprise use at this stage, but for certain, I would give it a nine.

For technical support from Cisco for Secure Access, I rate them ten out of ten. Cisco is known for its exceptional support, with a lot of team resources available.

Regarding the initial setup for Cisco Secure Access, I find it very simple, and it is a native cloud solution; it is not on-premises at all. If Cisco decided to create an on-premises version as a unique delivery option, it would be an outstanding out-of-the-box solution.

For pricing, I consider this one of the few drawbacks of Cisco. Cisco is known for its high pricing, so I would give them a six.

In my opinion, the main competitors in the market for Cisco Secure Access are vendors delivering SASE  solutions such as Palo Alto, Fortinet, and maybe Huawei, but I do not have a real branding name for these. I have not done in-depth comparisons with these products, but we can compare features such as DLP  on Cisco versus Forcepoint.

Cisco Secure Access operates on the Cisco native cloud and not AWS  or Azure ; it operates in Cisco data centers.

I can recommend Cisco Secure Access to other users, especially if their country approves cloud solutions for their people. I am 100% confident in recommending this solution. I rate this review an eight out of ten.

The use case depends upon the vertical, such as manufacturing or enterprise. Mostly customers are looking for secure remote access to their applications. They may have a vendor ecosystem where they do not want to install any client. If they are looking for a clientless VPN like ZTNA , Zero Trust Network Access , that is where it fits. Mostly they want to move away from the centralized filtering point of view, even if it is a proxy. They want to facilitate access wherever they are geographically distributed. Because Cisco Secure Access  PoP is there everywhere in major regions, this helps.

If they have a use case of a user sitting in an office and a user sitting remote, and a vendor accessing their applications from outside their network, you cannot expect anything installed in the vendor laptop, which is a non-domain laptop. That time, you need to have a solution that supports secure access of that application for that vendor who is sitting outside the network and is not a domain user.

Private application access is definitely there with the resource connectors. The concept of resource connectors is there to ensure the backend traffic from the application to the user. I have use cases, but I mainly worked on SaaS web traffic where I position SSE. Internal traffic is there, but not much discussion. It is hybrid only. There are customers who are adopting data center and coming out from cloud to data center, and vice versa. Definitely it will be Hybrid Remote  Access.

The price and license for Cisco Secure Access  are fine. Cisco documentation is always good. As a product, in terms of Cisco SSE, I appreciate the feature set. It is simple. The product is giving whatever you need from a customer point of view. Suppose point A to point B if you have to send data, you need not worry about anything such as your data might get compromised or somebody can do a middleman attack because everything is secure. They are sending the traffic encrypted and categorizing the traffic based on the type, whether web traffic or internet traffic, and doing the security mechanism that is needed for the traffic type. You can tick mark that flexibility is there.

Cisco SSE has an AI model, so you can write the policies if you just write it in plain English, it can do that. It can also drill down to AI Canvas, which is the new product that Cisco has launched.

I sold ThousandEyes  and had done proof of concepts. ThousandEyes  is a good product. However, the major flaw for ThousandEyes is the way they are calculating and giving the costing to the customer. The way the units consumption pricing is structured is not that great. That is the biggest flaw, and that is where people are not adopting it. The success rate of ThousandEyes when going with a digital monitoring concept is that it will address from endpoint to the application level and cover all domains. However, the way you are structuring your pricing with respect to the consumption of the units is a major issue. The pricing structure is not good in ThousandEyes. Apart from this, it is a good product. It can identify the issues related to an endpoint, if it is a remote user, if it is an internet issue, or if it is an application issue. The HTTP response time and latencies, everything it is giving. However, when a customer is trying to adopt it, the pricing structure is not good.

I have been using the solution for one and a half to two years.

Performance is addressed in a different way. Suppose I have a user in a branch in Europe, or if I have a branch in Australia or if I have a branch in India, they are sending to the nearest PoP, SSE PoP. You can form a tunnel from your branch. In that case, the connectivity reaching out to Cisco Secure Access PoP is being addressed. They are having redundancy also because it will have two tunnels. If this tunnel fails, still you can reach out to Cisco Secure Access cloud.

There are no scalability issues because SASE  is scalable.

Cisco TAC support is better compared to any OEM. That is what I feel. However, what happens with the TAC engineers is once their shift timing ends, they will just exit the call. Again, we need to explain to the other engineer. Even they will not refer much to the notes captured by the previous TAC engineer, and we are starting again. When their shift is done, they close the call. That is not proper support.

There are some customers who are using VPN still and maybe they are very slow in terms of technology adoption. The flaw of VPN, everyone knows now, and everyone is realizing the flaw because the moment I just enter into the network, I can go and have a lateral movement across the complete IT infrastructure. It is giving the whole access of the particular network. Whereas ZTNA will predominantly give you access as per your role, allowing you to access only that particular subnet or particular URL or particular application. In that way, you are segregating and you are not allowing certain lateral movement. That means they cannot enter into your holistic complete network. That is the basic difference and the basic flaw, and people are realizing it, but few people are not adopting ZTNA in terms of technology.

The setup is an eight out of ten.

We work with Palo Alto and we work with Zscaler, the same kind of thing. Zscaler is the one that started the proxies, the cloud proxies. We are very much aligned with Cisco.

We have done one major project with almost 350 outlets of one of the customers. It is fine.

I am not sure about Cisco Secure Access setup costs as I did not feel any issues. ThousandEyes I can address, but for Cisco SSE, I think the licensing structure is fine and easy to set up, quick, and documentation is good. Everything is fine.

I prefer Zscaler is good. After Zscaler, Cisco is good.

Ask for references and friends feedback. We work with Palo Alto and we work with Zscaler. Zscaler started the proxies, the cloud proxies. We are very much aligned with Cisco. It's a good product, but the major flaw is the way they are calculating and giving the costing to the customer. The units consumption pricing is not that great. My overall review rating for this product is an eight out of ten.

The product also optimizes firewall capabilities for geographically distributed operators and enhances proxy-based architectures with Secure Web Gateways and CASB  for cloud or SaaS applications. By integrating with identity providers like Azure  Entra ID or Okta, Cisco Secure Access  facilitates the transition from VPN to ZTNA  while ensuring compliance with principles like least privilege access.

Additionally, it incorporates identity and device risk scores for dynamic access policies to respond to varying risk thresholds. The service is particularly useful for managing old VPN infrastructure replacements, firewall optimizations, and bridging the gaps between old and new secure access technologies.

The product also addresses unique geographical challenges, such as ensuring secure internet access for oil rigs in remote locations. Furthermore, Cisco Secure Access's multi-tenancy and Policy Verification features are crucial for managing multi-organization environments and ensuring policy accuracy, respectively.

Hybrid Private Access is particularly useful in regions where replacing existing gear isn't feasible due to cost concerns. Lastly, the product's AI-driven features like AI Access and AI Assistant ease policy management and triage, reducing the time and efforts needed in these processes.

The integration with identity providers facilitates this transition and aligns with Zero Trust Network Access  principles. The platform offers capabilities like Secure Web Gateways, Firewall-as-a-Service, and CASB  for enhanced cloud-based functionality. Its Policy Verification runs checks to prevent policy misconfigurations, a necessary feature for managing multi-organization environments.

Moreover, the product's AI-driven capabilities streamline policy management and triage, enhancing operational efficiency. Hybrid Private Access and multi-tenancy capabilities make it resource-efficient and particularly useful for unique geographical challenges. The product is scalable, adjusting to new requirements easily, and is backed by robust technical support.

Furthermore, while the AI capabilities of Cisco Secure Access are useful, they are not seen as major differentiators compared to competitors such as Palo Alto.

Additionally, though the existing threat intelligence is sufficient for most use cases, extending the integration scope with other tools, especially concerning AI supply chain risk management, could enhance its functionality.

Regarding the multi-organization management capability, it is akin to multi-tenancy, helpful for service provider infrastructures with multiple clients or single customers with diverse business units. It brings intuitive infrastructure management without providing unique features compared to competitors.

AI supply chain risk management, while theoretically beneficial, may not give an edge unless thorough integrations with additional tools are pursued. Furthermore, the choice of not implementing low-cost workflows was based on a need for higher security enhancements.

I would rate this review overall at a seven out of ten.

Cisco Secure Access  provides application-level access. Usually, it's full network access, but with this tool, application-level access can be given. It removes the dependency of VPN, and then user authentications are continuously based on identity, device, and risk, which is an add-on there.

The Zero Trust Network Access  feature is being used.

The integration of CASB  functionality for exposing shadow IT within the company is smooth. Technical skill and knowledge are needed to evaluate, analyze, and deep dive on those things. From the tool's response, it is very good, and there is visibility on everything that is needed or necessary.

The integration of Cisco Talos  influences threat detection and response capabilities. The integration of Cisco Talos  is similar to every Cisco Umbrella , and the experience has been smooth. The knowledge, their KB, and FAQs are very good, and their support is very good. When in trouble, readily available documents or information are accessible.