Secure Access

In my previous role, we managed the IT infrastructure for U.S. military base schools worldwide. We implemented Cisco Secure Access  primarily as a cloud-based firewall replacement. Previously, we utilized a centralized architecture with Palo Alto firewalls in a U.S. data center, which meant all of our global traffic had to be backhauled to the U.S. before going out to the internet. We rearchitected the network to enable local internet breakouts at every individual base. Instead of deploying expensive physical firewalls at each local site, we deployed Cisco Secure Access  as our cloud firewall solution. Now, local traffic routes directly up to Cisco's cloud for filtering before reaching the internet, ensuring our users are secured regardless of their geographical location. I still closely support customers utilizing this architecture.

Cisco Secure Access has definitely helped our organization. All our users are now basically VPN users, and it has made things much smoother compared to the old way we had things set up. I would say it is a big plus.

It has cut incident response time at least in half. The extra analytics allow me to make more informed decisions. For example, I have users who are sometimes children because we have military bases across the world that are schools. When a child brings a Nintendo Switch to school and it joins the network, it looks to our cybersecurity team like a rogue device. Having the analytics to track that down and identify the exact device and the user it is assigned to really helps incident response time go down much faster. Now, from headquarters pinging the base, pinging the tech on site, and the tech walking into the classroom to remove that device from the network, everything is much quicker.

The actual technology itself is valuable. Cisco Secure Access functions as a cloud firewall where there is no real need for on-premises firewalls for many client devices. This feature is excellent because I no longer need million-dollar Palo Alto firewalls sitting at a data center where I would be forced to route all traffic through an MPLS circuit to those firewalls for filtering before getting to the internet.

Cisco Secure Access takes on the responsibility of filtering traffic, and I do not have to deal with hardware anymore. When hosting my own firewalls, I had to worry about upgrades, maintenance, and license costs for physical Palos. With Cisco Secure Access, I do have license costs, but they are very streamlined with their new smart licensing features.

From a network perspective, it makes management easier for my network operations team. Previously, I had complicated, complex, high availability meshed firewalls. Now I can have a single pane of glass solution where I can still get all URL filtering and content filtering done through web access. I no longer have to worry about hardware and setting up high availability pairs for physical firewalls. I am just focused on putting a client on the user's machine. Even if I do not want to put a client on a machine from an operational perspective, I can pair Cisco Secure Access with other Cisco products like SD-WAN. Even without the Cisco Secure Access client on actual laptops for the organization, I can still filter that traffic from the router level by telling my Cisco router that its next hop is the Cisco Secure Access cloud for filtering.

Coming from an environment primarily using Ruckus and Brocade at the Department of Defense, then switching to Cisco Secure Access to meet the zero trust requirements set forth by the Pentagon has been tremendous. It checks most of the boxes. I would say it is probably a little weak in the area of IPv6 still. I have actually gotten the chance to talk with the actual developers developing Cisco Secure Access at Cisco. There is still a lot to be desired in the IPv6 realm, but from what the developers are telling me, it is coming in the near future.

As I left the organization, we were getting into using more of the policy verification feature to help us since we have our hands in a lot of different areas at the Department of Defense. Policy verification definitely helps a lot because sometimes there are too many people making policies.

Cisco Secure Access provides great visibility with a single pane of glass. The data is actually useful, and I can make decisions based on it rather than just receiving raw data. For multi-organizational sites, it is absolutely a great tool.

The artificial intelligence assistance is tremendous. If I do not know something, I can use the Cisco AI to ask how to do something or how to get something working, and it will step-by-step tell me or point me in the right direction on what I need to do. On-premises solutions do not really have large language models or AI built into them, so I would be left needing to know what I need to do. This feature helps a ton.

Cisco Secure Access is probably a little weak in the area of IPv6 still. I have actually gotten the chance to talk with the actual developers developing Cisco Secure Access at Cisco. There is still a lot to be desired in the IPv6 realm, but from what the developers are telling me, improvements are coming in the near future.

After talking with Cisco, I was told that features are coming. The AI will actually be able to help generate reports that we want to see for certain executives. There is still a little to be desired, but it is coming.

I do not think IPv6 support is fully there yet. I think Cisco is heading in the right direction, but to really get to that true zero trust autonomous network as described in the Pentagon documents, there is still some work to do. Cisco is definitely heading in the right direction though. There are feature sets that definitely help streamline many processes and get me data that is actually useful. It is not those other products where I get a lot of garbage data that is not useful. Cisco Secure Access gives me data that I can actually use to make a decision on a zero trust network.

I want to see better IPv6 support and continued support for AI with constant improvements. If I could get to the point where I can ask the AI how to do something and it becomes agentic AI that actually starts doing things automatically, that would be incredible. For example, if I could tell the AI that I do not want any of the students in the classroom getting to facebook.com and it goes into Cisco Secure Access and automatically blocks it, that would be amazing. With agentic AI doing things for me rather than just telling me how to do it, I would not have to spend millions on people who are only certified to use this product. I could have lower-level techs who do not necessarily know how to do something but know how to talk to the AI to get things done.

I have been using Cisco Secure Access for about three years.

We did run into an issue with URL filtering where it would not filter a site properly. It took months to resolve by Cisco, but that is the only hiccup I would say there has been.

The customer service is amazing. I call, get my ticket, they pick up, work the ticket, and the issue gets resolved about 9.5 times out of 10.

The initial setup was pretty straightforward. If there were any complexities, Cisco was right there with their support to help us. I would say it was pretty simple.

I definitely got my money's worth already with Cisco Secure Access.

A single pane of glass solution was important to me. Cisco Secure Access was just cheaper than putting a Palo Alto firewall solution at every school or using Prisma, their secure solution. It just worked out to be better. The integration into products like ICE, DNAC, and SD-WAN was a lot better on the Cisco side because Cisco to Cisco integration is better than Cisco to Palo Alto. Product integration among the other Cisco products we had was just better overall.

I would urge any customer to look up their numbers and see what works best for them. It is not always going to be the Cisco product that works best. Sometimes the Cisco product is the nicest product out there, but that does not necessarily mean it is going to be the best. Look at what works for your organization and go with whatever your staff feels most comfortable with because at the end of the day, your staff is going to have to support that solution. No one wants to support something that they do not really want in the first place. My overall rating for Cisco Secure Access is 9.5 out of 10.

Cisco Secure Access  has many features, and I want to clarify whether the discussion pertains to Cisco ISE  or the Cisco client, as the new product name created some confusion with other Cisco products. The solution allows users to connect with our organization's assets from anywhere in a secure manner by providing controls, including firewalls and URL filtering, to deliver comprehensive security for our users and protect them from advanced malware and harmful websites. Overall, its purpose is to safeguard our users during access to our infrastructure on the cloud.

The no-cost migration tools from Umbrella  have assisted in streamlining our security policy migration. We also have the cloud to manage all of these products, which works very well for us. We have comprehensive rules from Umbrella , acting as our main firewall. We also implement controls on application control, URL filtering, allow lists, and destination lists to permit or block specific access, including our domain. Therefore, this is very helpful to streamline the implementation for Cisco Secure Access .

Regarding the AI Access feature, I used to use OpenAI, but I will try Cisco's AI tools next time to search for logs. I have tried one, and I think it is very good at allocating logs and knows exactly where the product is and where the issue is. I find it very helpful for us.

I have not yet used the Experience Insight feature, powered by ThousandEyes , but I will do so next time.

I have used the AI assistant feature in Cisco Secure Access. I find it very helpful for viewing logs, analyzing logs, and assisting with issue resolution whenever I am searching for issues. The replies I receive are very quick, professional, and helpful for us.

I am using the Hybrid Private Access feature for varying the enforcement location for ZTNA  private traffic. We provide access for our users while enforcing security using these features. It is very good technology overall, and Cisco simplifies it for us and for their customers.

I have tried integrating Cisco Secure Access with Identity Intelligence; we have a trial license for it, and we have gained insights from this license. It is very good and helps us to identify and protect our digital assets. We are considering a decision to purchase this after trying it for the first time.

I have used the policy verification feature to help reduce policy misconfigurations. It acts as a health check for policy configurations and is a powerful tool that recommends settings and configurations for policies.

The effectiveness of AI supply chain risk management is currently under testing. One of my team members is configuring this or working on it, but it is still under evaluation.

What I like the most about Cisco Secure Access is that it has continuous updates for signatures for advanced ransomware; for example, Cisco Umbrella  also does this. We can implement controls to prevent access to newly observed domains, with Cisco providing signatures and this information as quickly as possible compared to other vendors. This means if a new website can be malicious and contain ransomware, Cisco ensures that we have immediate information about it. It is fast to gather more information about ransomware and malware, including newly observed domains. Thus, we can say that Cisco provides updated signatures rapidly.

While it is not technically a downside, I think Cisco Secure Access needs more marketing, and the licensing cost should be bundled with other products. This approach would enhance marketing effectiveness, but technically, I do not believe the solution is missing anything.

I have been working with Cisco Secure Access for more than six months.

I have not experienced any lagging, crashing, or downtime; we have gone more than six months without any issues. It is very good.

It is not practical for me to comment on scalability; we have just our one-year product. However, according to the licensing model, I believe it provides scalability.

I have contacted their technical support before, and I consider Cisco TAC to be very professional and very good.

The initial deployment of Cisco Secure Access is easy, and as it is very common from Cisco, they have a very professional team.

Cisco TAC is very helpful and professional. I reached out to them one day, not during the implementation but after we implemented this product along with other Cisco products. They are a very professional and supportive team.

Cisco Secure Access always requires monitoring for updates and signatures, similar to a health check, but not intensive maintenance. It is very good and very stable. I provide this product with an overall rating of ten out of ten.

I use Cisco Secure Access  as an on-premises solution.

For security, we use Cisco Secure Access for email security, endpoint security, networking, and gateway-level firewall, and we are also using Cisco Meraki.

Cisco Umbrella  helps us with securing applications, and we are using Cisco Umbrella .

Cisco Umbrella is helping us significantly with securing standard applications, but not in a complete manner, as there are some gaps in the product which the product team needs to focus on.

My perception of Cisco Secure Access's ability to provide secure security via protocols such as HTTP, HTTP/2, and QUIC is that the overall impact is significant.

After implementing Cisco Secure Access, I observed complete automation, a complete Zero Trust architecture, and complete automation of security.

It has worked well for protecting our organization from threats including ransomware, phishing, and spamming.

The maturity level of this particular product is not as high as what we see in the market.

Concerns are related to marketing strategy mostly, and the licensing model is typically very confusing.

The ease of managing Cisco Secure Access is quite challenging; it is not user-friendly, and we have to involve too much time to review the information available in the dashboard, which can be confusing.

The integration of Cisco Secure Access is quite difficult; it has too much dependency and is totally dependent upon the current IT infrastructure. It is compatible with only Cisco products, and if we have multiple vendor products in the network, then integration becomes quite challenging.

I chose Cisco instead of Fortinet because, while FortiGate has everything, Cisco is a leader in networking and is more mature compared to Fortinet.

Before choosing Cisco, I considered FortiGate as an alternative.

I chose Cisco instead of Fortinet because, while FortiGate has everything, Cisco is a leader in networking and is more mature compared to Fortinet.

The decision was more about Cisco's brand and complete branding.

The price of Cisco Secure Access is quite cheaper than VMware NSX .

I would rate this review as nine out of ten.

Cisco Secure Access  serves as a replacement for customers' old VPN solutions while increasing security through Zero Trust Network Access  (ZTNA ). We had a chicken production client that identified their current VPN as the lowest hanging fruit for increasing security. Since the customer already had Secure Client or AnyConnect previously, introducing the ZTNA module into Cisco Secure Client felt quite straightforward. We implemented it step-by-step, side-by-side, and rolled it out for that customer, which improved secure access for both on-premises and cloud solutions and turned out to be very effective.

Cisco Secure Access  offers seamless access and replacement for VPN; VPN can be quite clunky when you need to access cloud solutions. With Secure Access, you create tunnels to everything basically in the solution, simplifying things while improving security for our customers. I particularly appreciate the ZTNA story and accessing SaaS, on-premises, and cloud resources all at once.

Usability is one of the key factors in selling the product; it has to be easy to use. I think Cisco has done a good job there with Secure Client, and since many of our customers and a lot of the market are familiar with AnyConnect, showing them Secure Client, which is basically the same thing but with a new coat of paint, and telling them that it improves security while not being more difficult to handle is great.

Customers spend much less time troubleshooting VPNs because ZTNA works more stably, and therefore it has become a pretty good point of sales for us as a reseller to increase our revenue at the customer level, because it's an extra layer of security that you can add to an already existing networking solution. On the customer side, it increases performance and helps ease of use, and from the reseller side, it's a great product to add on to existing network solutions.

The customer's experience has gone from "Our VPN doesn't work and we need to troubleshoot it all the time" to "Our ZTNA does work and we don't need to troubleshoot it all the time." Cisco Secure Access has been very stable.

Cisco Secure Access's scalability is great; from a technical point of view, it's quite simple. However, from a licensing and cost point of view, there could be improvements in ease of licensing and better pricing.

The multi-organization management capability of Cisco Secure Access is excellent; it's a great feature that you can do with the multi-tenancy mode, and I think it's great that you can roll it out to separate organizations.

A more granular license approach would be beneficial, allowing customers to grow with half a module or one module at a time and add on the CASB , the DNS security, or the ZTNA. If they can do it granularly and grow slowly, I think that would be really advantageous for the sales process.

The license model can be simplified; it is a bit tricky to understand exactly which licenses you need. The cost was pretty expensive but also pretty reasonable, and if the cost could be brought down a bit, that would make it a much more attractive product for the Swedish market.

Customer support is decent; it is slowly getting better now with the new NIS2 and cybersecurity laws that are being implemented.

I have been using and reselling Cisco Secure Access for the past two years.

Customer support is decent; it is slowly getting better now with the new NIS2 and cybersecurity laws that are being implemented. I would give customer support a rating of five.

We previously used Cisco AnyConnect VPN, so it was more of an upgrade rather than a switch; we switched from AnyConnect to Secure Client to SSE.

I do not have concrete numbers that I can share because I do not currently have them, but the customer's experience is that they are spending pretty much no time troubleshooting ZTNA, down from spending a lot of time troubleshooting VPNs. I would estimate it is probably in the 60 to 70% range of time saved when it comes to VPN troubleshooting.

We looked at FortiSassy, Cisco Secure Access, and the customer also looked at Cloudflare .

The AI access feature of Cisco Secure Access is really interesting. I do not think it is really there yet; the product has to mature a bit more for us to give it an honest evaluation. However, from what I have seen in the upcoming feature releases, I think it is a really interesting way to go for the AI agents in the solution.

We do not use VPNaaS in Cisco Secure Access.

I do not know how it has impacted incident resolution time because we have only used the Experience Insights feature in a proof of concept stage, and I have not yet done it in a full rollout.

The AI assistant feature in Cisco Secure Access has helped with the documentation and with administrative duties.

We have not integrated Cisco Identity Intelligence with Secure Access.

Everybody has a need for a VPN; VPN is not as secure as it once was because the market is moving fast. Cisco Secure Access and ZTNA is the way forward to ensure easy access and secure access to your preferred on-premises or cloud instances. I would suggest to customers that they allow us to help them by choosing ZTNA rather than VPN. I rate Cisco Secure Access an eight because an easier license structure, easier pricing structure, and better pricing structure would bring it to a ten.

Cisco Secure Access  is used for CTNA with a couple of applications deployed on it. There is a journey underway to move all applications off VPN into CTNA, but some applications are too old and legacy and will not support it very well. Business input into testing is required, and everyone is busy with everything, making it quite difficult. The VPN is working wonderfully.

The integration of Cisco Secure Access  with Meraki is going well and has been a very positive experience compared to the previous deployment of Check Point. The difference this time around is having a Customer Success Manager and a direct path to the product owners, where feature requests can be made and feedback received. Cisco has been quite involved in the onboarding process.

Cisco Secure Access is significantly different compared to Check Point. Nearly a year since deployment of Cisco Secure Access, users have likely forgotten about turning the VPN on as it is now automatic. Users just open their laptop and are connected straight away regardless of whether they are home or not. From a user point of view, it has been very good. Things such as the ThousandEyes  module have been deployed into it along with posture assessments, so all these different modules have been put into one single agent, which has helped get a unified view of everything.

The features of ThousandEyes  integrate with Cisco Secure Access by providing end-user ThousandEyes licenses and end data center ones, which gives a holistic view. That is all complemented with Cisco Catalyst Center , providing an overarching view of what is going on on the network. The service desk can have access to that so they can see what is going on across the entire environment. This has provided a single pane of glass, which was not available with two different vendors before.

Regarding Cisco Secure Access, there are some areas that are not positive. Dedicated IP addresses for Cisco Secure Access platform took quite a while to obtain, and the process can be streamlined and improved. Issues arise because everyone is coming off a single IP address and sites such as YouTube think there are bots, asking to verify or just blocking access. When this was raised with Cisco, the official response was that accounts need to be signed up for or Gmail accounts created, with nothing that can be done on Cisco's side as it is on the end website. This is somewhat understandable, but those relationships should exist between large organizations. For instance, when presenting a PowerPoint with an embedded YouTube video, it suddenly says it cannot verify identity, causing issues for all levels. Three or four people come to the service desk every week with this issue, and the response is to use a generic Gmail account or sign up independently, which is probably not adequate.

Another issue has been with VPN profiles. When creating different VPN profiles, the underlying infrastructure has had to be replicated or provided, such as another RADIUS server for authentication. The whole VPN profile side of things can be improved for different subsets of users, such as guests or people who bring their own devices. Different profiles are wanted for different user bases, and it is quite complex on Cisco Secure Access to set all that up at the moment. Historically, with ASAs or Check Point firewalls, VPN profiles could be set up quite easily and what they had access to and what they did not have access to could be limited. There is interest in seeing how it can further integrate with Cisco Identity Services Engine because there is scope there to allow people on the environment via the VPN, but also restrict what they can access or not based on their profile. Those two can work a bit closer together.

Cisco Secure Access was deployed internally for approximately 2,400 users in April of last year.

Cisco Secure Access is stable and reliable if certain features are not used. Initially, SSL decryption was enabled, where certificates are decrypted, and when that was turned on, the performance was very unpredictable, plummeting significantly. In the end, it had to be turned off, and since it was turned off, there has been a great experience. It is understood that it requires much more processing power to decrypt things before they hit the network, but the unpredictability of the performance was only realized once it went live, and it had to be immediately pulled.

Cisco Secure Access can scale, integrate with other solutions, and meet the needs of users. Many things are in the pipeline which suggest Cisco is moving towards more integration and a single point of view, which is positive. There has been indication that Cisco will be looking at the Identity Services Engine integration.

The experience with Cisco Secure Access customer support is good. They have always been reachable, and fortnightly cadences have been established now that things have settled down. Meetings with the actual product engineers working on the solution have also been arranged. When there are more complex issues, they work with the team to pull that data directly from systems and take that back to improve on it and work on it. This has been a very collaborative experience.

Cisco support is rated an 8 overall. From feedback received from the team, it is between an 8 and a 9.

An expedited deployment of Cisco Secure Access was conducted. A proof of concept was run in December 2024, and then the solution was deployed between January and March, which was very quickly because the Check Point contract was ending on April 1st. It was quite a quick, speedy move, but support was provided all along the way with the managed service partner as well as Cisco, so the delivery was successful.

The price to value from Cisco Secure Access is justified. Money has been saved by moving to one vendor, and that has been a material cash saving that was able to be handed back to the business. It has not only been a better solution overall, but also been cost saving, which is unusual—too good to be true at one point, but it has delivered. Approximately half a million pounds a year is the amount that has been saved.

AI Assist is quite good at how it can collect information from various sources and pull it all together to give an answer. It can also resolve issues further down the line, so it appears quite powerful.

Cisco Secure Access is rated an 8 overall. It is good at what it does at a fundamental level, but when it comes to trying to customize it slightly for what is needed, because it is a cloud-based solution, it is much harder. There are some features that are missing from it that used to exist in the older platforms. The overall review rating for Cisco Secure Access is 8.