We just raised a $30M Series A: Read our story

Cisco Secure Email Cloud Mailbox OverviewUNIXBusinessApplication

Cisco Secure Email Cloud Mailbox is #13 ranked solution in top Email Security tools. IT Central Station users give Cisco Secure Email Cloud Mailbox an average rating of 8 out of 10. Cisco Secure Email Cloud Mailbox is most commonly compared to Cisco Secure Email:Cisco Secure Email Cloud Mailbox vs Cisco Secure Email. The top industry researching this solution are professionals from a comms service provider, accounting for 55% of all views.
What is Cisco Secure Email Cloud Mailbox?

Secure Office 365 email against advanced threats.
Moving email to the cloud provides convenience and scalability, but it could also bring an increased risk of account takeovers and malware infection. You need a cloud-focused email security solution that is simple to deploy and protects your business and users by preventing attacks against your cloud mailboxes.

Cisco Secure Email Cloud Mailbox was previously known as Cisco CMD, Cisco Cloud Mailbox Defense.

Buyer's Guide

Download the Email Security Buyer's Guide including reviews and more. Updated: November 2021

Cisco Secure Email Cloud Mailbox Customers

Luiss University, Lone Star College, T-Systems, Magyar Telekom

Cisco Secure Email Cloud Mailbox Video

Cisco Secure Email Cloud Mailbox Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Mike Bulyk
Director IT Security at a wellness & fitness company with 5,001-10,000 employees
Real User
Top 5
Can quickly identify, track, tag, and categorize internal emails. Reporting accessibly via the main dashboard would be a great addition.

Pros and Cons

  • "The ability to see east-west traffic is its most valuable feature. Traditionally, email defense focuses on north-south, inbound-outbound, egress-ingress traffic. With Cisco Secure Email Cloud Mailbox, it's able to quickly identify, track, tag, and categorize emails that are internal. That can typically give us visibility into if there's an internal compromised account (for example). Someone can then use that internal compromised account to email additional accounts with either malicious software or links, but internal within that Office tenant. Effectively, that email message never leaves the tenant. Any of the mail gateways really do not have any method or way of seeing this traffic since it's not leaving the environment."
  • "There is still room for improvement in terms of integrations with other Cisco tools and non-Cisco tools. There is also some room for improvement needed in terms of the reporting."

What is our primary use case?

Our primary use case is the ability to see email activity in the east-west traffic. It does internal email tracking as well as leveraging it as another layer of email defense. We utilize Microsoft 365 (enterprise service) and its Advanced Threat Protection solution, which networks inline with Cisco Secure Email Cloud Mailbox. Then, Cisco Secure Email Cloud Mailbox does an additional layer of detection and protection against malicious email.

Business email compromise is the internal user use case, then phishing and malware delivery are certainly others. They are pretty common and definitely answered by Cisco Secure Email Cloud Mailbox.

After several months of use, Cisco Secure Email Cloud Mailbox has provided additional capabilities (and value) which enables much faster mal-email remediation times.

How has it helped my organization?

Having Cisco's solution gives us a fast way to track and identify. We haven't seen any specific events yet, but certainly having another layer that's able to give us visibility and detect malicious email from an insider is definitely useful. Insiders are typically the hardest to detect, including in an email environment.

So far, we haven't had any detections, which is a good thing. This just means that our traditional use cases of egress-ingress type monitoring work pretty well. However, we have seen some spam being detected. Even internal email forwarding, where an internal enterprise account will forward a spam message to another internal account. This speaks to the system's ability to detect these and fairly quickly categorize them as spam, which is good. Luckily, it wasn't malware. Cisco Secure Email Cloud Mailbox seems to be working well.

Our administrative overhead costs are low, both for time and dedicating human resources. We set the solution, then check it daily. Because we haven't had any detections, which is a good thing, we don't really need to dedicate any additional resources in terms of generating an incident response process. 

What is most valuable?

The ability to see east-west traffic is its most valuable feature. Traditionally, email defense focuses on north-south, inbound-outbound, egress-ingress traffic. With Cisco Secure Email Cloud Mailbox, it's able to quickly identify, track, tag, and categorize emails that are internal. That can typically give us visibility into if there's an internal compromised account (for example). Someone can then use that internal compromised account to email additional accounts with either malicious software or links, but internal within that Office tenant. Effectively, that email message never leaves the tenant. Any of the mail gateways really do not have any method or way of seeing this traffic since it's not leaving the environment. 

The solution is very easy to use. It's just a single pane of glass, single screen web page that you access. Then, there are a small number of clicks necessary to get at the information you need. Reporting is easily generated. Likewise, the search capability is easily accessed and usable as well as provides the first initial information that you need about messages identified, categorized, and total volumes. All that information is easily identifiable and quickly accessible as soon as you log in. It is an easy to use, single web page, SaaS application.

Cisco Secure Email Cloud Mailbox’s user interface is intuitive. We didn't need any training. There was a quick deployment document that you skim through, and it's fairly easy to both deploy as well as start using. 

Threat Grid is a capability which allows for running or executing software in a special sandbox environment where it's not affecting your enterprise or corporate systems. For that particular use case, Threat Grid works really well. It also ties in with various threat intelligence sources, e.g., detonating/testing our particular software or file in the sandbox can immediately identify indicators of compromise and share them with other clients that leverage Threat Grid. Likewise, the software that I uploaded for sandboxing is immediately validated and checked against all other client submissions as well as open source and Cisco Talos Threat Intelligence Sources. I find that really valuable. While there are other sandboxing solutions out there, I use Threat Grid quite a bit and I find it to be extremely useful and very usable.

Threat Grid also gives us a sense of safety because I don't have to test it or build out custom virtual machines to do the testing. I don't have to test it on enterprise systems. From that perspective, Threat Grid is definitely a very good solution. Its ability to integrate with other Cisco portfolio tools is helpful because then you can tie in and quickly view what malicious files might've been found in your environment regardless of what Cisco security solution you are using, whether it's AMP, Email Security, Cisco Secure Email Cloud Mailbox, or anything else.

AMP for Endpoints is something that I've used extensively. We have also used AMP for Network and Email. Collectively, it seems to be doing a pretty good job, especially when combined with Threat Grid because it's quickly able to identify files by hashing them and figuring out within the databases that Cisco owns, as well as open source threat intelligence databases, whether that particular hash is found in those databases. If it is, then it is malicious. It takes corresponding action pretty quickly.

If it's an unknown hash (after it identifies the file by hash value), and if it's unknown and not found in the databases, then it automatically uploads that file to Threat Grid for sandboxing and analysis. That layered approach with respect to treating the files as they come in works well, whether via email, network, or found on an endpoint, especially as an ecosystem solution that integrates with other Cisco components and security tooling that one may have in the enterprise. This works well because the information found on a single endpoint, for example, can then immediately take action on an email by blocking that identified malicious file. Likewise, if there is a file that's coming in via email and it's found to be malicious by AMP or Threat Grid, then the information about that file is immediately known by the endpoints. The endpoint solution can then take action on that malicious file. As an ecosystem, it works really well.

What needs improvement?

If Cisco could continue to develop integrations, whether it's internal tooling, Threat Grid, or AMP reporting which could be accessible via a single web page, that would be helpful. This would essentially add additional context on messages as well as files or links being detected. Potentially adding additional context on why certain messages are tagged as spam or malware. In our case, malware hasn't been detected yet, but spam certainly has been. Knowing what engines or which components of the message make it identifiable as spam, that could be useful. Additional context and reporting accessibly via the main dashboard would be great.

There is still room for improvement in terms of integrations with other Cisco tools and non-Cisco tools. There is also some room for improvement needed in terms of the reporting.

For how long have I used the solution?

6 months.

What do I think about the stability of the solution?

The solution is set and forget in our experience. It seems to be working pretty well. In our experience, we don't require any dedicate resources for maintenance.

So far, we have had no issues with stability. I could see how if there was an issue with Microsoft 365 tenant, then Cisco Secure Email Cloud Mailbox would not work, but so far we have had zero issues.

What do I think about the scalability of the solution?

We are a fairly large company who sees a sizable number of email messages daily. Cisco Secure Email Cloud Mailbox is able to keep up with the messages and message classifications, along with capturing and sending files to Threat Grid. The solution has the potential to be scalable to extremely large organizations as well as serve small to medium-sized businesses as well.

We have two individuals who are both members of the security team: one is a senior security analyst and the other is a security director.

How are customer service and technical support?

We did experience a false positive match where an email exhibiting spam behavior was actually legitimate. I had to escalate this issue with technical support to make sure to get it whitelisted or the engine tuning changed. 

Our experience has been pretty good so far.

Which solution did I use previously and why did I switch?

We previously used Microsoft native ATP, which is a built-in Microsoft email protection solution. We added added Cloud Mail Defense because it gives us another layer of protection for east-west traffic.

How was the initial setup?

The ease of the deployment process of Cisco Secure Email Cloud Mailbox is extremely simple. The methodology that Cisco uses to scan email is extremely usable and very simple. Likewise, to set it up, the only requirement is to have administrative level privileges for the Microsoft 365 tenant. Having those rights and permissions, that's really all an organization will need to add Cisco Secure Email Cloud Mailbox into its tenant.

The deployment took us five minutes or less.

What about the implementation team?

There was no effect on our administrative costs at all. In terms of configuration, we didn't have to do anything. The system comes preconfigured by Cisco, so we didn't have to do any configuration or setup. It's a set and forget kind of thing.

What was our ROI?

In our case, downtime certainly arrives from a detection of malicious software, like malware being delivered via email or identifying internal compromised users. Given the extra visibility that we have with this tool, it has the potential to prevent downtime. In our case, that hasn't been proven out yet.

In terms of spam detection, we have seen where Microsoft misses spam and is not quarantining it (taking any action against it), whereas Cisco Secure Email Cloud Mailbox is identifying it as spam. We have seen some success from that perspective.

What other advice do I have?

The files being captured by Cisco Secure Email Cloud Mailbox are pushed into Threat Grid for analysis. We do have a Threat Grid license, so that integration works for us. It was easy for us to integrate these two solutions.

If someone is only relying on Microsoft 365 Advanced Threat Protection (ATP), or even without the ATP solution as an add-on, then having Cisco Secure Email Cloud Mailbox would definitely introduce diversity and provide another view of emails coming through or being generated inside the tenant. Because Cisco Talos is unique and different from Microsoft's information, Microsoft will do its own analysis as well as introduce its own threat intelligence and machine learning logic to detect threats. However, as a company, it's resources don't cover everything. Layering it with Talos and Cisco's resources is definitely a good idea.

Overall, it's certainly a very good idea to integrate another layer on top of Microsoft Advanced Threat Protection. Cisco Secure Email Cloud Mailbox being a player in this market is definitely a good option. Cisco Secure Email Cloud Mailbox is competitive, and it seems to be working pretty well for us. Personally, it gives me peace of mind as well as flexibility in terms of locating internal email traffic. I also know that if Microsoft misses something that there is a chance that Cisco will detect it.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
MG
Systems Administrator at a university with 1,001-5,000 employees
Real User
Top 20
Brings issues to our attention enabling us to remediate threats; provides all the information regarding why something was caught

Pros and Cons

  • "On ease of use, it rates very high. It's something that I was able to get into without really looking at any documentation. I wanted to see what it felt like before I started looking at any documentation on how to use it, and it was very easy to use. It works very smoothly. The user experience is very intuitive. They did an amazing job on that."
  • "The search area has room for improvement. When you go to the next page, it remains at the bottom of the current page that you're on. Also, under the reports section, it allows you to see any "convictions," but if you want to search for those convictions you have to remember when they all came in and go back and edit the search accordingly. You cannot click on the list of convictions to actually see if you had a spike at a certain time."

What is our primary use case?

We're using it to collect data. We haven't fully implemented any of the features to stop any attacks. At this point we're using it for informational purposes, until we get a better grasp on everything. It's gathering any spam messages or malicious email messages that come through.

It's in the cloud and hosted by Cisco.

How has it helped my organization?

I can't provide a detailed example of how the product has improved our organization but only because I don't want to give out too much information. In broad strokes, being able to go in there and see where stuff is coming from and who it's going to, and being able to see, hour-by-hour, where threats came in, we can help pinpoint when issues started, who an issue started with and who it's going to, to best remediate issues.

Because the user interface is very intuitive and doesn't require specialized training, less time is needed to dive in to get to the basics of it before a deep-dive ever happens.

What is most valuable?

The most valuable feature that I have found so far is that it actually works within our tenant. If we have anybody that we serve the email that it would go to, and someone else that we serve the email to, it will find that; it will go through that filter as well. And it will do it quickly and efficiently for us. It's not something that we need to push out to then have it circle back in so that our email filters or spam filters will catch things.

On ease of use, it rates very high. It's something that I was able to get into without really looking at any documentation. I wanted to see what it felt like before I started looking at any documentation on how to use it, and it was very easy to use. It works very smoothly. The user experience is very intuitive. They did an amazing job on that.

The solution also provides a diversity of intelligence, the way that we have it implemented. Since it's not taking anything out, it can bring stuff to our attention and we can remediate it if there is actually a threat. And it shows us the links, and all the information regarding why it caught something.

What needs improvement?

The search area has room for improvement. When you go to the next page, it remains at the bottom of the current page that you're on.

Also, under the reports section, it allows you to see any "convictions," but if you want to search for those convictions you have to remember when they all came in and go back and edit the search accordingly. You cannot click on the list of convictions to actually see if you had a spike at a certain time.

For how long have I used the solution?

We've been using it for at least four weeks.

What do I think about the stability of the solution?

So far, we haven't seen any issues with it. It seems very stable.

What do I think about the scalability of the solution?

It appears to be doing a very good job in terms of scalability. With the transition from one mailbox to all mailboxes, we really didn't see an impact on the time that it was processing information.

We have about 3,000 to 5,000 mailboxes covered under Cisco Secure Email Cloud Mailbox.

How are customer service and technical support?

We haven't used technical support yet.

Which solution did I use previously and why did I switch?

We have used other Cisco items to accomplish some of the same tasks we're using Cisco Secure Email Cloud Mailbox for, so we're beta-testing Cisco Secure Email Cloud Mailbox.

How was the initial setup?

Our initial deployment of the solution took well under an hour, and that includes the configuration because we had to go into Office 365 and set it up and then actually deploy it. That time, altogether, was very short and it was very smooth.

When it came to the deployment process for Cisco Secure Email Cloud Mailbox in our Office 365 environment, I had to read the document again because I couldn't believe that the initial setup was that easy. The concern that we have is the amount of rights that it needs. It doesn't seem like it should need that many rights to be able to do what it does. But overall, just implementing it was very smooth and very easy.

Our implementation strategy was that we did it on a single mailbox as a proof of concept, and from there we expanded it to our tenant.

In terms of staff involved in deployment and maintenance of this solution, two of us, as systems administrators, have been the focus on this, along with a security person, who is involved in security analysis.

What about the implementation team?

We did it ourselves.

Which other solutions did I evaluate?

We didn't evaluate any other products. Cisco reached out to us to have us test this.

What other advice do I have?

Lock down who has access to the product, for the purpose of being able to see all email coming in and out; seeing who it's to, who it's from, and the subject. To best protect data, you would want to limit who has access to that data.

In terms of the solution's ability to prevent phishing and business email compromise, it's kind of hard to evaluate because we haven't fully implemented it. It will show us what it catches, and the implementation will actually take it out of the user's mailbox. I feel like that would be good. It seems to still catch some stuff as spam that may not be spam, according to the user.

We're using Cisco AMP on our desktops and it seems to be doing fine as a virus scanner. The only issue I have seen is that on a few machines it spikes the CPU utilization for the whole time that it's scanning.

I would give the solution an eight out of 10, just because we haven't implemented everything yet. The parts that we have implemented have been very smooth and very easy to use. There are small portions that we haven't fully implemented yet.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Find out what your peers are saying about Cisco, Microsoft, Proofpoint and others in Email Security. Updated: November 2021.
554,529 professionals have used our research since 2012.
PM
Technical Support Executive at a tech company with 51-200 employees
Real User
Top 5Leaderboard
Great anti-spam capability with a very user-friendly interface

What is our primary use case?

It can be deployed either on-premise or in the cloud. We have two options if it is in the cloud, a private cloud or a public cloud.

What is most valuable?

Cisco Cloud Mailbox is used for copying emails, anti-spamming, and securing the company's email. We really enjoy the anti-spamming capabilities as well as the rejecting of bulk emails. We can customize these actions by adjusting the variables. It is very user-friendly.

What needs improvement?

Currently, Cisco Cloud Mailbox meets all of our requirements. If I had to say something, maybe they could have a more regular update schedule or perhaps hire more support engineers to get service faster.

For how long have I used the solution?

We have been using Cisco Cloud Mailbox for about two years. We used the latest version.

What do I think about the stability of the solution?

Cisco Cloud Mailbox is very stable.

What do I think about the scalability of the solution?

Cisco Cloud Mailbox is easily scalable.

How are customer service and technical support?

The customers are very good. They can connect to the support engineer or install built-on mail through the Support ID. The issue will be monitored and resolved within a standard amount of time.

How was the initial setup?

The initial setup for Cisco Cloud Mailbox is easy and straightforward. It takes our technical team a maximum of one day.

What about the implementation team?

We handle all deployments with our in-house technical team.

What's my experience with pricing, setup cost, and licensing?

Customers pay for licencing based on the number of user mailboxes they have.

What other advice do I have?

We would recommend Cisco Cloud Mailbox very highly. I would rate it at a nine on a scale of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MA
Security Technical Manager at a tech services company with 51-200 employees
Real User
Scalable and easy to use

What is our primary use case?

My primary use case is to protect cloud-based emails. 

What is most valuable?

This solution is easy to use. 

What needs improvement?

This solution could be improved by integration with Sandbox. 

For how long have I used the solution?

I have been working with this solution for a few years, since 2018. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

Cisco's technical support is very good. 

How was the initial setup?

The installation was straightforward since it's a cloud-based solution. 

What about the implementation team?

This solution was implemented through an in-house team. I did it myself for a customer. 

What's my experience with pricing, setup

What is our primary use case?

My primary use case is to protect cloud-based emails. 

What is most valuable?

This solution is easy to use. 

What needs improvement?

This solution could be improved by integration with Sandbox. 

For how long have I used the solution?

I have been working with this solution for a few years, since 2018. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

Cisco's technical support is very good. 

How was the initial setup?

The installation was straightforward since it's a cloud-based solution. 

What about the implementation team?

This solution was implemented through an in-house team. I did it myself for a customer. 

What's my experience with pricing, setup cost, and licensing?

My customers pay for a one year license. 

Which other solutions did I evaluate?

Fortinet is a better solution than Cisco.

What other advice do I have?

I rate this product an eight out of ten. I wouldn't recommend Cisco to others because I think Fortinet is better. 

Customers are moving on-premises exchanges to the cloud. Within the next two or three years, cloud security will be better than on-premises. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate