Overview
Cisco Secure Access
Cisco Secure Access protects your internal/private resources, user devices, and corporate reputation from malicious and unwelcome activity, safeguarding both inbound and internet-bound traffic using a suite of access and security controls.
Zero Trust Network Access to private/internal resources
To protect your private internal resources, Secure Access offers secure, granular Zero Trust Network Access to those resources.
Resource Connectors forward traffic securely to private internal resources
Resource connectors are virtual machines deployed in your AWS environment that forward remote user traffic to your applications without requiring open inbound ports in your firewall. Resource connectors simplify setting up Zero Trust Access without any need for complex network configurations.
More information
For more information about Cisco Secure Access, see https://www.cisco.com/site/us/en/products/security/secure-access/index.html For more information about Secure Access options for connecting user traffic to private resources, see https://cisco.com/go/secure-access-network-connection-methods-documentation To deploy this resource connector image, see https://www.cisco.com/go/secure-access-resource-connectors-aws-documentation
Highlights
- Zero Trust Network Access
- Easy to deploy and scale
- No complex network configurations
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Vendor refund policy
Please contact your Cisco sales team or partner for refund information.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Please see Cisco Secure Access Online User Guide for running and activating Resource Connector - https://www.cisco.com/go/secure-access-resource-connectors-aws-documentation
Support
Vendor support
Support for Secure Access can be reached through Cisco Support at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products

Customer reviews
Secure remote access has transformed hybrid work and supports a stronger zero trust strategy
What is our primary use case?
Cisco Secure Access serves as our primary solution for providing secure remote access to corporate applications and resources for a distributed workforce. We use it to enforce consistent security policies across users, devices, and locations, while enabling access to both cloud-based and on-premises applications.
A good example of this is supporting our hybrid workforce. Employees regularly work from home, at customer sites, and while traveling, and Cisco Secure Access provides secure connectivity to internal applications without requiring full network access. In one instance, a contractor needed access to a specific application hosted in our data center. Using Cisco Secure Access, we were able to grant application-level access based on identity and device posture rather than opening broad VPN access. This improved security while allowing the contractor to become productive immediately. The platform also provided visibility into access activity and automatically enforced policies, which reduced administrative effort and helped us maintain compliance requirements. The experience was seamless for the user and significantly reduced the risk associated with traditional remote access methods.
In addition to secure remote access, we leverage Cisco Secure Access to strengthen our zero trust security strategy across the organization. We use granular access controls to ensure users can only reach the applications and resources required for their roles, which helps reduce risk and simplify compliance efforts. The solution also provides valuable visibility into our users' activity, device posture, and potential security threats, allowing our security team to respond more quickly to unusual behavior. Another benefit has been the ability to provide secure access for third-party vendors and contractors without exposing the broader network. The centralized management, consistent policy enforcement, and seamless user experience have made Cisco Secure Access an important part of our overall security and hybrid workflow infrastructure.
What is most valuable?
Cisco Secure Access offers several features that stand out for our organization supporting modern hybrid work environments. One of the most valuable capabilities is its zero trust network access (ZTNA ), which provides secure identity-based access to applications without exposing the entire network. The platform also delivers strong security controls through continuous user and device verification, helping ensure that only authorized users can access sensitive resources. Another key feature is centralized policy management, which allows administrators to create and enforce consistently secure policies across users, devices, and locations.
The feature that has had the biggest impact for our team is zero trust network access (ZTNA ). Prior to implementing Cisco Secure Access, remote users often required broader network access through traditional VPN connections, which increased administrative overhead and security concerns. With ZTNA, access is granted at the application level based on user identity, device posture, and security policies rather than network location. This approach has significantly improved our security posture by reducing the attack surface and limiting lateral movement opportunities. It has also streamlined our workload because access requests are easier to manage and policies can be applied consistently across users and applications. Employees and contractors are able to securely connect to the resources they need from any location without sacrificing performance or user experience. The combination of stronger security, simplified access management, and improved visibility has made ZTNA the most valuable capability within Cisco Secure Access for our organization.
What needs improvement?
Overall, Cisco Secure Access has been a strong solution for secure remote access and zero trust security, but there are a few areas where it could be improved. The initial deployment and policy design process can be complex, particularly for organizations with a large number of applications, diverse user groups, and existing security integrations. Defining and fine-tuning access policies requires careful planning to avoid overly restrictive and overly permissive accesses. Another challenge is that troubleshooting access issues can sometimes require navigating multiple dashboards and logs, which can increase the time needed to diagnose problems. While the reporting and visibility features are useful, more streamlined and customizable reporting options would help security and operations teams gain insights faster. We have also encountered occasional learning curves for administrators who are new to zero trust concepts and Cisco policy framework. Additionally, guided information, configuration tools, and simplified policy recommendations could make onboarding easier. These challenges are relatively minor compared to the security, visibility, and management benefits the platform provides. With continued enhancements to usability, reporting, and policy management workflows, Cisco Secure Access could become even more effective for enterprise environments.
One improvement that would make a significant difference for our team would be more intelligent policy recommendation and automation capabilities. As our organization scales, managing access policies across multiple applications, user groups, and devices can become complex. Having AI-driven recommendations that suggest policy optimizations, identify potential misconfigurations, and highlight overly permissive access rules would help reduce administrative effort and improve security consistency. We would also like to see more unified troubleshooting and reporting capabilities. While the platform provides strong visibility, having a single view that correlates user activity, device posture, policy decisions, and access events would help administrators resolve issues more quickly.
For how long have I used the solution?
What do I think about the stability of the solution?
Cisco Secure Access has been a stable and reliable platform. In our experience, the service consistently provides secure connectivity for remote users, contractors, and hybrid environments with minimal disruption. Our day-to-day operations run smoothly, and the platform has effectively met access requirements across cloud and on-premises environments. From an availability perspective, we have experienced strong and dependable performance. Users generally access a high percentage of resources without connectivity issues, and the cloud-delivered architecture helps ensure consistent service regardless of user location. Overall, it has been a good experience and very stable.
What do I think about the scalability of the solution?
Cisco Secure Access has kept pace with our increased adoption of cloud-based applications without requiring significant infrastructure changes or adding complexity. One of the biggest advantages is the cloud-delivered architecture, which allows us to access applications quickly while maintaining security and user experience. Instead of deploying and managing additional hardware, we can scale through centralized management, which has significantly reduced operational effort. The platform has enabled us to respond to changing business needs, hybrid working conditions, cloud migration, and evolving security requirements. We have been able to enforce consistent access controls across both cloud-hosted and on-premises applications while maintaining visibility and compliance. Performance has remained consistent, usage has increased, and we have not experienced scalability-related limitations. From an administration perspective, the centralized management capability is easy to support without proportionally increasing workload. It has provided the flexibility needed to adapt to changing technology without significant redesign or additional infrastructure investments.
How are customer service and support?
Our experience with Cisco Secure Access customer support has generally been positive. Cisco provides multiple support channels, including a support document knowledge base and access to specialists when needed. For standard issues and configuration questions, response times have been reasonable, and support engineers have demonstrated strong technical knowledge of both the platform and Cisco Secure Access. Another strength of the support has been their ability to assist with our complex deployment involving zero trust implementation, integrations with hybrid environments, and security policy management. During the implementation and ongoing operations, we have been able to leverage Cisco documentation and support resources to use new features more effectively. The critical issues escalation process has worked well, helping minimize our impact. We have also found community resources, including guides and best practice documentation, to be valuable supplements to direct support interactions. While it can vary depending on the specific issue and the support team involved, our overall experience has been positive with Cisco Secure Access support.
Which solution did I use previously and why did I switch?
We previously relied heavily on traditional VPN connectivity for remote access, and Cisco Secure Access has played an important role in our transition toward the ZTNA model rather than providing broad network access through a VPN. ZTNA enables secure access to applications based on user identity, device posture, location, and security policies. The transition has significantly improved both security and user experience. With traditional VPNs, users often received access to a larger portion of the network than necessary, which increased risk and administrative complexity. Cisco Secure Access allows us to grant access only to the specific applications and resources required for the user's role, reducing the attack surface and supporting zero trust. From an operational perspective, the migration has simplified access management and reduced the number of VPN-related support issues. Users experience more seamless connectivity because they no longer need to establish a full VPN session for every task, and administrators can manage policies centrally through a unified platform. We still maintain limited VPN access for certain legacy systems and specialized use cases, but the majority of our remote access strategy now relies on ZTNA. Cisco Secure Access has made the transition from VPN to ZTNA smoother than expected by providing stronger security controls, better visibility into our user activity, simplified administration, and a more consistent experience for remote and hybrid workers.
How was the initial setup?
Our experience with Cisco Secure Access pricing and licensing has generally been positive. While the solution is not the lowest cost option in the market, we found that the value provided through security, scalable centralized management, and zero trust capabilities justifies the investment when evaluating the total cost of ownership. It helps reduce the need for multiple standalone security and remote access solutions, which simplified operations and improved overall efficiency. The initial setup and implementation costs were largely associated with planning, policy design, integration with identity providers, and migration from existing remote access technologies. Like most enterprise security platforms, deployment requires careful preparation and stakeholder involvement, but Cisco provided sufficient documentation and support resources to make the process manageable.
What was our ROI?
We have seen a measurable return on investment from Cisco Secure Access, both from a security and operational perspective. One of the biggest benefits has been the reduction in administrative effort through centralized policy management and automated access controls. We estimate that tasks related to user provisioning, access modifications, and policy administration require approximately twenty-five to thirty percent less effort compared to our previous approach. We have also seen a noticeable reduction in access-related support tickets as users experience more reliable and streamlined connectivity through the zero trust model. This has allowed IT and security teams to spend less time troubleshooting remote access issues and more time focusing on strategic initiatives. Incident investigations and resolution times have improved as well due to better visibility into user activity, application access, and network performance. From a financial perspective, Cisco Secure Access has helped us consolidate several security and remote access functions into a single platform, reducing operational complexity and minimizing the need for additional infrastructure. The cloud-delivered architecture also lowers maintenance requirements compared to managing traditional remote access solutions. Overall, the combination of improved security, faster onboarding, and reduced administrative workload, fewer support issues, and better operational efficiency has delivered a strong return on investment. While the exact savings vary by organization, the productivity gains and the risk reduction have more than justified the investment for us.
What's my experience with pricing, setup cost, and licensing?
Before adopting Cisco Secure Access, we primarily relied on traditional VPN-based remote access solutions combined with supporting security tools for web filtering, access control, and visibility. While the hub approach met basic remote access requirements, it became increasingly difficult to manage as our workforce became more distributed and our cloud adoption increased. We decided to move to Cisco Secure Access because we wanted a more modern, zero trust architecture that could provide secure identity-based access to applications rather than broader network-level connectivity. The previous solution required more manual management, offered limited visibility into user activity, and created additional complexity when supporting employees, contractors, and third-party partners. Cisco Secure Access stood out because it combined ZTNA, secure policy enforcement, threat protection, and centralized management with user experience monitoring within a unified platform. The ability to apply consistent policies across cloud and on-premises resources improved visibility and reduced reliance on traditional VPN infrastructure, making the transition compelling. Since making the switch, we have improved security, reduced administrative workload, enhanced our user experience, and gained better insight into application access and network activity. The move has also supported our broader zero trust and hybrid work initiatives, making Cisco Secure Access a better fit for our long-term security strategy.
Which other solutions did I evaluate?
We conducted a thorough evaluation of several secure access and zero trust solutions before selecting Cisco Secure Access. The products we considered included Zscaler Private Access, Alternate Network solutions, Netskope , Microsoft-based security, and remote access solutions that align with our existing cloud strategy. Our evaluation focused on several criteria, including zero trust capabilities, ease of deployment, visibility into applications and activity, integrations with existing security investments, scalability, reporting, and overall user experience. We also assessed each vendor's ability to support hybrid environments that include both cloud-hosted and on-premises applications. Ultimately, Cisco Secure Access stood out because of its strong combination of ZTNA functionality, unified policy management, cloud-delivered security services, AI-driven insights, Thousand Eyes integration for digital experience monitoring, and compatibility with broader security ecosystems. We also valued the ability to manage security policies consistently across remote users, branch locations, and private applications from a centralized platform. While the competing solutions offered strong features in specific areas, Cisco Secure Access provided the best overall security, visibility, operational simplicity, and long-term scalability for our requirements. The platform blended well with our zero trust strategy and offered a path for future required architectural changes.
What other advice do I have?
My biggest piece of advice is to approach Cisco Secure Access as a strategic, zero trust initiative rather than simply a replacement for traditional VPN technology. Organizations get the most value when they take the time to understand application requirements and security objectives prior to deployment. Having a sound access strategy and well-crafted policy creation makes it much easier to maximize both security and user experience. I would recommend starting with a phased rollout, beginning with a simpler group of users and application policies, gathering feedback, and then expanding gradually. This approach facilitates smoother implementation and wider adoption. Another key takeaway is to take advantage of the platform's features, including digital experience monitoring through Thousand Eyes and centralized policy management.
Overall, Cisco Secure Access has been a valuable component of our security strategy. The platform has modernized our approach to secure connections by supporting zero trust, improving user and application access, and reducing our dependence on traditional VPN-based remote access. We have benefited from centralized policy management, strong security controls, digital experience monitoring capabilities, and the ability to deliver a consistent experience for remote and third-party users. Continuous use of Cisco Secure Access has provided the flexibility and scalability needed to support changing business requirements without adding operational complexity. The overall benefits have far outweighed those challenges. If I were to summarize the platform in a few words, I would describe it as secure, highly reliable, and aligned with modern zero trust strategies. For organizations looking to strengthen security while managing a distributed workforce, Cisco Secure Access presents a strong option with both operational and security value. I would rate this solution a nine out of ten.
Hybrid access has unified secure cloud and data center connectivity for diverse client needs
What is our primary use case?
The major use cases for clients regarding Cisco Secure Access involve ZTNA , for when you require cloud services, like ZTNA , Secure Web Gateway, CASB , and Firewall as a Service. When you want to secure your on-premises equipment, on-premises data center, or services center, we provide the connectivity through the cloud, and at that moment, we use Cisco Secure Access .
The ZTNA part in Cisco is very important because it helps my customers to secure applications. When you configure your application or deploy your application on the on-premises data center and you want to access it where there is no trust on the inbound—whether you are an enterprise user, a remote user, or any other user coming through the cloud—then you will provide only the split tunnel or the tunnel between the cloud and your data center, which provides Cisco Secure Access.
CASB is also relevant when your services are deployed in many different cloud services, as you can use CASB in those scenarios.
What is most valuable?
The biggest benefit of Cisco Secure Access, compared to Fortinet or other solutions from Palo Alto or Prisma, is its adaptability to different network environments.
Customers appreciate the good features of Cisco Secure Access because it is a hybrid network solution. When there is a hybrid network, customers require Cisco Secure Access so they can access both cloud services and on-premises data center services.
I would say it is easy to manage Cisco Secure Access through this console. It is similar to managing a firewall, such as the FTD, and the console is straightforward.
What needs improvement?
I have seen that if the on-premises devices are Cisco devices, then we use Cisco SSE. However, when there are Fortinet devices, then we use FortiSSE, which indicates a potential area for improvement.
Cisco could add new features in the future, such as enhanced automation capabilities. They are providing automation in their technology, which is an improvement area. If you use automation tools like Red Hat, you can perform automation more effectively. Regarding AI, I think Cisco is doing well, though there is still room for improvement in AI capabilities.
For how long have I used the solution?
I started working with Cisco Secure Access relatively recently, but I understand how it works and how we submit proposals for Cisco Secure Access and Fortinet security solutions. When we require cloud security, then we provide Cisco Secure Access and SSE.
What do I think about the stability of the solution?
Cisco is stable and reliable.
What do I think about the scalability of the solution?
Scalability mostly depends on the architecture, not on the hardware or OEM. How you architect and define the network design determines scalability. If you do not have a good architecture, you cannot achieve scalability.
How are customer service and support?
I think Cisco's technical support is good. I believe that both Cisco technical support and Juniper technical support are very good.
What other advice do I have?
If the requirement is for Cisco equipment, then we propose Cisco Secure Access. If the requirement is for Fortinet, then we provide FortiSafety.
As a system implementer, I think the biggest advantage of the product is its usability in various scenarios.
I am not certain who is the leader when comparing Cisco with Fortinet and Palo Alto. Both are good at what they do, and sometimes we cannot use all the features of any product. We use specialized or customized features for our data center according to customer requirements, and all follow standard features and protocols, which are good.
The HTTP protocol is important for connecting through the cloud or establishing a tunnel. A VPN service and another tunnel between the cloud SSE and your on-premises data center are essential.
Cisco Secure Client provides the resource connector. There is a connector on the on-premises data center, so we establish a secure connection, mostly VPN or IPsec VPN, between the cloud and the data center.
I would say that Cisco Secure Access is effective in protection from ransomware and phishing attacks. It is a standard they are using, and when you are using Cisco devices, then you can rely on Cisco cloud.
Both deployment parts are not very difficult. It is straightforward.
I did not deploy Cisco Secure Access myself, but I understand from my team that it is not a big challenge.
Cisco could add new features in the future, such as enhanced automation capabilities. They are providing automation in their technology, which is an improvement area.
My experience is primarily with clients using a hybrid model.
We mostly integrate with Azure and AWS through the cloud.
I cannot say who is the leader when comparing Cisco with Fortinet and Palo Alto. Both are good at what they do, and sometimes we cannot use all the features of any product. We use specialized or customized features for our data center according to customer requirements, and all follow standard features and protocols, which are good.
I would rate Cisco support at an eight out of ten. The overall review rating for this product is nine out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Unified access security has simplified cloud architectures and reduced hardware dependency
What is our primary use case?
My role is to enable partners and customers in Cisco Secure Access and help them understand and design their architecture. When a client comes to me to understand the use case they have with Cisco Secure Access , I suggest how they could use it, such as securely accessing their AWS server via VPN.
What is most valuable?
Cisco Secure Access is distributed by distributors of Cisco, Palo Alto, and Checkpoint, along with other tech companies. All the basic features, including ZTNA , are part of Cisco Secure Access, which can be considered an upgraded version of Umbrella with advanced features of ZTNA and ThousandEyes integrated for Digital Experience Monitoring.
When comparing Cisco Secure Access with other vendors, Cisco approaches it differently because it allows the use of the QUIC protocol rather than blocking it. Cisco Secure Access has a Hybrid Mesh Firewall concept, giving the advantage of managing all firewall capabilities on a single portal. The manageability of Cisco Secure Access is on a single dashboard.
In comparison to Zscaler, with Cisco Secure Access, I can create a Private Access Tunnel with any vendor or routing device. For ZTNA in Cisco Secure Access, Cisco does it differently by allowing ZTNA on both client basis and browser level for contractor access. The integration with CASB is positive for Cisco Secure Access, and multiple applications such as Office 365 and Google Suite are being integrated.
The importance of Cisco Secure Access providing secure access via standard HTTP/2 and QUIC protocols is significant due to QUIC being faster than TCP. Cisco Talos is integrated with every other security product in Cisco, including Cisco Secure Access. For threat detection and response, that integration with Cisco Secure Access is important. Cisco is working on DLP with Cisco Secure Access, which they are continuously upgrading.
For how long have I used the solution?
I have used Cisco Secure Access for three years now.
What do I think about the stability of the solution?
Cisco Secure Access is more stable and reliable than Checkpoint.
What do I think about the scalability of the solution?
With Cisco Secure Access, I can scale it anytime, and licensing is quite easy.
How are customer service and support?
The customer service is good and great because Cisco has a large team of engineers providing support. I would rate the customer service support from Cisco at eight or nine.
Which solution did I use previously and why did I switch?
I started with Fortinet and Checkpoint, and then moved to Cisco regarding security products.
How was the initial setup?
Configuring Cisco Secure Access is straightforward; the dashboard clearly shows the steps needed.
What was our ROI?
ROI with Cisco Secure Access is quite good because it reduces hardware dependencies and offers many features.
What other advice do I have?
Checkpoint has much data latency when connecting to cloud compared to Cisco Secure Access, which has no such issues. Currently, Cisco is giving a very good discount to partners for Cisco Secure Access and providing feasibility in user size. Cisco Secure Access decreases the dependency on hardware while simplifying licensing. It is a cloud-based product. At the back end, Cisco is deploying Cisco Secure Access on AWS or some tenant, but we only see a subscription-based model. I have interacted with AWS Marketplace when deploying ISE, but Cisco SSE service is not available there. I would rate this product nine out of ten overall.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Zero trust access has strengthened posture management and secured cloud-based user connections
What is our primary use case?
The main use case for Cisco Secure Access is for posture management, managing network devices, guaranteeing guest access, BYOD, guest, and sponsor portal. I have used Cisco Secure Access from end to end.
What is most valuable?
I consider network segmentation as one of the most valuable functions of Cisco Secure Access.
I use the Zero Trust Network Access (ZTNA ) feature of Cisco Secure Access, and we have currently deployed it for ZTNA. I appreciate the identity management of devices where they are connecting to the network. The device needs to be trusted always, which is actually a good security best practice because it does not involve trusting a device once and then allowing it network access.
I have experience with the integration of CASB functionality in Cisco Secure Access. The cloud access broker has helped by providing a bridge between the user directory and functionality, allowing the system to enforce data control, compliance, and threat protection. This is good security practice as well.
What needs improvement?
How easy or difficult it is to manage Cisco Secure Access through the single cloud-managed console depends on who you talk to, but for me, with my experience, it has become very easy and really manageable. Much of the interface has been improved significantly, making management easier. The upgrade of the interface really has changed a lot, which makes it easier to remember.
Automation is something Cisco could improve for Cisco Secure Access. I have seen the way they have done this with SD-WAN, where you have automation of VPN through auto VPN tunneling and the creation of tunneling between SD-WAN. If Cisco could improve Cisco Secure Access in the same way, there should not be as much configuration needed, because companies are really keen when it comes to deployment these days. We need to automate deployment. If they could do that with Cisco Secure Access as well, especially with big branches, it would be great. I have worked with almost 200 branches, so configuration in all these branches is needed for security. If this could be integrated and automated exactly like the auto VPN that happens on SD-WAN, it would be excellent.
Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.
For how long have I used the solution?
I have been working with Cisco Secure Access since 2012.
What do I think about the scalability of the solution?
Our deployment process is mixed. We are deploying for different clients, so it depends on what client they have.
How are customer service and support?
Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.
How was the initial setup?
The setup process for Cisco Secure Access is very straightforward. Integrating with SD-WAN is really easy.
Which other solutions did I evaluate?
We are fighting internally with Zscaler because they are saying it is cheaper. Pricing is competitive between solutions. Palo Alto is coming very well as well. I am not sure if Cisco is also looking at that, but they are also coming with a lot of functionality within the Palo Alto space for the SASE function.
What other advice do I have?
Cisco Secure Access does help me protect my company from threats like phishing and ransomware. The fact that Cisco Secure Access integrates Zero Trust, the secure gateway, and data loss integration does a lot to help with email security because of the integration with Cisco Web Gateway. Training users is also necessary because security involves users as well.
I am satisfied with the functionality of Cisco Secure Access. One of the areas I have not investigated much time on is the integration with the segmentation within the SASE solution. I have been doing it on my side, but I still need to understand how it integrates and how it can work instead of using the NAC solution. The ICE function could be integrated within Cisco Secure Access. I think that would be better because Cisco has integrated firewall as a service, so why not also integrate the NAC solution as a service in that platform as well.
I have given this review a rating of 9.
Remote access has become more secure and integrated security tools work together seamlessly
What is our primary use case?
The two typical use cases of Cisco Secure Access are how remote workers securely access both private applications, public applications, and SaaS applications from anywhere.
What is most valuable?
In my opinion, Cisco Secure Access is a complete SSE solution. The second good thing about it is that it has very deep end integration with other products which are required to improve security, such as multi-factor authentication and NAC products, all coming from Cisco. Whatever the customer use case may be, not only Cisco Secure Access but other applications coming from the Cisco security product line are available without needing to look outside of that ecosystem. Typically, I can just take it from Cisco and complete the entire solution.
From my perspective, it is quite easy to manage Cisco Secure Access.
The Talos integration for threat detection and response capability is a must for any product, whether running a SIEM or XDR . The Talos threat intelligence, which is possibly one of the largest organizations that gathers all this data and sends updates, comes free with every Cisco security product. That is really important because security is not static; it is dynamic. New viruses and malware are emerging constantly. Talos ensures that I get updates of everything being seen across the globe so that I am not left behind.
When it comes to protecting against phishing and ransomware, it is pretty good because all identified signatures and non-signature-based protections get updated through threat intelligence. However, as I said, it all depends upon what your attack surface is. If the attack surface is mail, for example, where the bulk of threats get percolated, then it has to be augmented by additional security layers such as email security. Based on the threat attack surface, you have to protect those also with an additional set of software.
What needs improvement?
The only negative side of Cisco Secure Access is the mindshare. From my perspective, the greatest positive side of Cisco is that it has a very complete story on the entire overall security requirements of a customer, whether it is end user security, network security, or workload security. It covers it all. Having said that, the customer mindshare of looking at Cisco as a security OEM is pretty low. That is one thing which in my mind, Cisco has to really improve.
The second thing is, of course, multiple panes of glass to manage multiple products. That has been a long-standing demand from customers that they should simplify that, and Cisco is working towards it. The third thing is AI integration. Cisco is also aggressively working on AI integration with their products. Mindshare is one of the biggest challenges of Cisco security products, and they have to increase customer awareness sessions to increase the customer mindshare about their security products.
One big challenge which I see with Cisco is their MDR capabilities. They do not provide it as a service, which Palo Alto does provide. Cisco's policy and strategy is to enable partners so that it becomes partner-enabled services using Cisco products. Whereas Palo Alto provides MDR as a service and Sophos provides MDR as a service, Cisco enables partners such as us to provide equivalent services. However, there are multiple enterprise customers who would prefer to go to the OEM for that service. There are multiple big wins which Palo Alto had in India because of their own MDR capability. If I were to fight as a partner with my capability and Cisco products, I surely cannot fight the might of Palo Alto. That is one area where possibly Cisco has to relook.
For how long have I used the solution?
With regards to my experience with Cisco Secure Access, I have been working with it for at least two years now.
What do I think about the stability of the solution?
Regarding Cisco Secure Access, I would agree that it is a 99.9% stable and reliable product.
What do I think about the scalability of the solution?
My impression of scalability for Cisco Secure Access is good. Being a cloud solution, it has unlimited scalability. Scalability is not an issue. You can scale based on the number of users and licenses. You have SIA, SPA, and all licenses. Scalability is not an issue since it is a cloud-based solution.
How are customer service and support?
I believe customer service from Cisco is good and not a problem in India.
How was the initial setup?
Regarding the deployment procedure and installation of Cisco Secure Access, it is straightforward and not much of a challenge.
What about the implementation team?
We usually deploy Cisco Secure Access in our Center of Excellence, and we keep demonstrating that to the customers. It is fine and not much of a hassle.
What was our ROI?
Quantifying the return on investment depends upon what the use case is and the automation we can build up. We just did some study where, with automation and all of that, we can get almost 30% ROI.
Which other solutions did I evaluate?
In comparing Cisco Secure Access to its competitors in the market, I think the leader is definitely Palo Alto.
Comparing Cisco Secure Access pricing with its peer group, I think they are still comparable in terms of pricing. It also depends upon how desperate Cisco is to win the deal; they can also go better. When I say peer group, I am talking of Palo Altos of the world, and so forth. They are a little bit on the higher side, but still, when it comes to closure of the deal, they get aggressive and they can meet up with the competitive price points.
What other advice do I have?
I have to study more about Cisco Secure Access's ability to provide secure access via HTTP/2 and optionally QUIC, so I am not aware of this, and I will not comment on that.
Summarizing all that I have told you about Cisco Secure Access, mindshare, multiple panes of glass, AI integration, and MDR are all aspects that could be slightly better. Those are the areas for improvement. Overall, I would give Cisco Secure Access a rating of eight out of ten.