Sold by: Cisco Systems, Inc.
Deployed on AWS
Cisco Secure Access, Cisco's Security Service Edge (SSE) solution, includes secure Zero Trust Network Access to your company's private/internal resources. Resource connectors are virtual machines deployed in your AWS environment that forward remote user traffic to your applications without requiring open inbound ports in your firewall.
4.3
Overview
Cisco Secure Access
Cisco Secure Access protects your internal/private resources, user devices, and corporate reputation from malicious and unwelcome activity, safeguarding both inbound and internet-bound traffic using a suite of access and security controls.
Zero Trust Network Access to private/internal resources
To protect your private internal resources, Secure Access offers secure, granular Zero Trust Network Access to those resources.
Resource Connectors forward traffic securely to private internal resources
Resource connectors are virtual machines deployed in your AWS environment that forward remote user traffic to your applications without requiring open inbound ports in your firewall. Resource connectors simplify setting up Zero Trust Access without any need for complex network configurations.
More information
For more information about Cisco Secure Access, see https://www.cisco.com/site/us/en/products/security/secure-access/index.html For more information about Secure Access options for connecting user traffic to private resources, see https://cisco.com/go/secure-access-network-connection-methods-documentation To deploy this resource connector image, see https://www.cisco.com/go/secure-access-resource-connectors-aws-documentation
Highlights
- Zero Trust Network Access
- Easy to deploy and scale
- No complex network configurations
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 22.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please contact your Cisco sales team or partner for refund information.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Please see Cisco Secure Access Online User Guide for running and activating Resource Connector - https://www.cisco.com/go/secure-access-resource-connectors-aws-documentation
Support
Vendor support
Support for Secure Access can be reached through Cisco Support at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Centralize and simplify your firewall administration and intrusion prevention. Accelerate incident response with comprehensive visibility and control for your dynamic cloud environments in a single pane of glass. Gain additional context with instant access to Cisco SecureX through our built-in ribbon.
Aqueduct Technologies unique Jump Start offering provides you the first pre-deployment step in achieving DNS layer security for your company.
Flexa-managed 24x7 IT operations orchestrated by specialist AI agents. Root cause in under 5 minutes across any cloud, OS, database or network - with full governance and human approval.
Ideal for remote worker and multi-tenant environments, Secure Firewall ASA Virtual provides scalable VPN options including remote access, site-to-site, clientless, and more. Experience Cisco's industry-leading firewall to protect your cloud resources.
The Cisco Meraki virtual MX brings Meraki AutoVPN to AWS.
The Cisco DNA Spaces: Connector enables Cisco DNA Spaces to communicate with multiple controllers efficiently, by allowing each controller to transmit client data without missing any client information
Ideal for remote worker and multi-tenant environments, Secure Firewall ASA Virtual provides scalable VPN options including remote access, site-to-site, clientless, and more. Experience Cisco's industry-leading firewall to protect your cloud resources.
Customer reviews
Navnath Solanke
Secure access has protected financial data and supports compliant work from anywhere
Reviewed on Jun 20, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using Cisco Secure Access for three and a half years since I joined. The primary use case for Cisco Secure Access is to provide security services across networks. The main job is to securely connect all our employees to any applications or resources from anywhere without relying on traditional or clunky corporate VPN. Cisco Secure Access acts as a single cloud-delivered security checkpoint for us.
In the old way, the existing VPN client connected the laptop directly into the corporate network. Now, when I open my browser and type any URL on the internet, such as for a financial application, Cisco Secure Client runs on my laptop and intercepts this request and securely passes the context to Cisco Secure Access cloud.
My organization works with GDPR compliance, data privacy, and some AI use cases. We have very big financial decisions every day, every year, every month, and every quarter. For us, we have to make sure that the employee data, the customer data, and the metrics we produce are secured.
Cisco Secure Access offers zero-trust network access, which replaces the legacy VPN by granting application-level access instead of full network access. The Secure Web Gateway plays an important role for us. Since we are in the financial sector, we look after bank data and financial institute data, which is related to financial decisions. This is one of the crucial roles for me to make sure that the data is not breached and we are also compliant with GDPR activities.
We have seen a radical optimization in terms of security operations. For a long time, my office bought separate point solutions, such as for DNS filtering. A traditional hardware VPN proxy could not resolve those issues.
Cisco Secure Access handles AI features by providing comprehensive visibility and control over generative AI applications. My organization is cloud-native, so we do not have on-premises deployment. We are using it on the public cloud itself via AWS , which serves as a virtual connector for us.
When it comes to reliability and overall trustworthiness, its AI capabilities help separate into two distinct categories: AI threat detection and enforcement.
What is most valuable?
Cisco Secure Access continuously checks identity, user context, and device postures. It has a dual capability client. One use case could be a secure gateway for a DNS layer. It is an Umbrella foundation, which blocks malicious domains at the DNS level.
It also spots any unwanted AI tools which are not governed by the officials. For the admin, the Cisco Secure Access dashboard provides a single, correlated health score for the user's device, network path, and application performance.
AI Assistant is a major operation feature from Cisco Secure Access. Security administrators use it extensively to simplify daily tasks.
In terms of identity management, we have VOYAM, which is our Vodafone internal tool, where all the employees are onboarded. If we do not have Cisco Secure Access connection, it does not allow us to open the applications without a secure network.
What needs improvement?
Cisco Secure Access is powerful, though there is no solution that is completely perfect. We have seen some pain points. One challenge is that the initial configuration and the policy migration can be quite complex, especially for large companies like us with legacy infrastructure. Another area for improvement could be that adjusting to the zero-trust model requires a cultural and operational shift for both users and the IT team, which can take some time.
Another potential friction point can be the authentication process, particularly if all of the people are repeatedly prompted for multi-factor authentication. All the time, I have to use my email, my password, and then I have to authenticate with the OTP.
For how long have I used the solution?
I have used the solution for three and a half years since joining in 2023.
What do I think about the stability of the solution?
Cisco Secure Access is highly stable for my company. I have not seen any downtime. It maintains a strong uptime record because it is cloud-native. However, employees in specific geographic areas might experience intermediate connection timeouts, slow web loading, and some brief delays.
What do I think about the scalability of the solution?
The platform is stable for us. For example, when our organization expanded or acquisitions happened, our employee numbers spiked, and Cisco Secure Access scaled instantly at the identity level. Cisco's platform is built in an elastic global cloud.
How are customer service and support?
The support experience was good. I have seen that the people are highly technical in their expertise.
What was our ROI?
In terms of the networking, cybersecurity, and automation tools, Cisco Secure Access saves our company a massive amount of time and money. I have seen some reports where my company's use of AI-driven automated networking has saved three hours and twenty minutes per person per day. This is a huge achievement for us.
What other advice do I have?
As an experience, I would definitely rate this at a nine because it really depends upon how we are having the connectivity itself. Cisco Secure Access stopped the repetitive data and the connection is seamless all the time. This makes us less annoyed to connect with the network again and again.
Another reason could be the simplification of IT management through the unified cloud dashboard, which consolidated multiple security functions for us and reduced the policy administrator efforts. In terms of the productivity, optimization, performance, and IT issues, Cisco Secure Access is playing every role. We have integration with Microsoft Azure . Cisco Secure Access makes the transition secure because it eliminates the security gaps during the migration phase. My overall rating for this solution is nine out of ten.
Asif-Qureshi
Hybrid access has unified secure cloud and data center connectivity for diverse client needs
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
The major use cases for clients regarding Cisco Secure Access involve ZTNA , for when you require cloud services, like ZTNA , Secure Web Gateway, CASB , and Firewall as a Service. When you want to secure your on-premises equipment, on-premises data center, or services center, we provide the connectivity through the cloud, and at that moment, we use Cisco Secure Access .
The ZTNA part in Cisco is very important because it helps my customers to secure applications. When you configure your application or deploy your application on the on-premises data center and you want to access it where there is no trust on the inbound—whether you are an enterprise user, a remote user, or any other user coming through the cloud—then you will provide only the split tunnel or the tunnel between the cloud and your data center, which provides Cisco Secure Access.
CASB is also relevant when your services are deployed in many different cloud services, as you can use CASB in those scenarios.
What is most valuable?
The biggest benefit of Cisco Secure Access, compared to Fortinet or other solutions from Palo Alto or Prisma, is its adaptability to different network environments.
Customers appreciate the good features of Cisco Secure Access because it is a hybrid network solution. When there is a hybrid network, customers require Cisco Secure Access so they can access both cloud services and on-premises data center services.
I would say it is easy to manage Cisco Secure Access through this console. It is similar to managing a firewall, such as the FTD, and the console is straightforward.
What needs improvement?
I have seen that if the on-premises devices are Cisco devices, then we use Cisco SSE. However, when there are Fortinet devices, then we use FortiSSE, which indicates a potential area for improvement.
Cisco could add new features in the future, such as enhanced automation capabilities. They are providing automation in their technology, which is an improvement area. If you use automation tools like Red Hat, you can perform automation more effectively. Regarding AI, I think Cisco is doing well, though there is still room for improvement in AI capabilities.
For how long have I used the solution?
I started working with Cisco Secure Access relatively recently, but I understand how it works and how we submit proposals for Cisco Secure Access and Fortinet security solutions. When we require cloud security, then we provide Cisco Secure Access and SSE.
What do I think about the stability of the solution?
Cisco is stable and reliable.
What do I think about the scalability of the solution?
Scalability mostly depends on the architecture, not on the hardware or OEM. How you architect and define the network design determines scalability. If you do not have a good architecture, you cannot achieve scalability.
How are customer service and support?
I think Cisco's technical support is good. I believe that both Cisco technical support and Juniper technical support are very good.
What other advice do I have?
If the requirement is for Cisco equipment, then we propose Cisco Secure Access. If the requirement is for Fortinet, then we provide FortiSafety.
As a system implementer, I think the biggest advantage of the product is its usability in various scenarios.
I am not certain who is the leader when comparing Cisco with Fortinet and Palo Alto. Both are good at what they do, and sometimes we cannot use all the features of any product. We use specialized or customized features for our data center according to customer requirements, and all follow standard features and protocols, which are good.
The HTTP protocol is important for connecting through the cloud or establishing a tunnel. A VPN service and another tunnel between the cloud SSE and your on-premises data center are essential.
Cisco Secure Client provides the resource connector. There is a connector on the on-premises data center, so we establish a secure connection, mostly VPN or IPsec VPN, between the cloud and the data center.
I would say that Cisco Secure Access is effective in protection from ransomware and phishing attacks. It is a standard they are using, and when you are using Cisco devices, then you can rely on Cisco cloud.
Both deployment parts are not very difficult. It is straightforward.
I did not deploy Cisco Secure Access myself, but I understand from my team that it is not a big challenge.
Cisco could add new features in the future, such as enhanced automation capabilities. They are providing automation in their technology, which is an improvement area.
My experience is primarily with clients using a hybrid model.
We mostly integrate with Azure and AWS through the cloud.
I cannot say who is the leader when comparing Cisco with Fortinet and Palo Alto. Both are good at what they do, and sometimes we cannot use all the features of any product. We use specialized or customized features for our data center according to customer requirements, and all follow standard features and protocols, which are good.
I would rate Cisco support at an eight out of ten. The overall review rating for this product is nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Marghoob AhmadSalik
Unified access security has simplified cloud architectures and reduced hardware dependency
Reviewed on Jun 17, 2026
Review from a verified AWS customer
What is our primary use case?
My role is to enable partners and customers in Cisco Secure Access and help them understand and design their architecture. When a client comes to me to understand the use case they have with Cisco Secure Access , I suggest how they could use it, such as securely accessing their AWS server via VPN.
What is most valuable?
Cisco Secure Access is distributed by distributors of Cisco, Palo Alto, and Checkpoint, along with other tech companies. All the basic features, including ZTNA , are part of Cisco Secure Access, which can be considered an upgraded version of Umbrella with advanced features of ZTNA and ThousandEyes integrated for Digital Experience Monitoring.
When comparing Cisco Secure Access with other vendors, Cisco approaches it differently because it allows the use of the QUIC protocol rather than blocking it. Cisco Secure Access has a Hybrid Mesh Firewall concept, giving the advantage of managing all firewall capabilities on a single portal. The manageability of Cisco Secure Access is on a single dashboard.
In comparison to Zscaler, with Cisco Secure Access, I can create a Private Access Tunnel with any vendor or routing device. For ZTNA in Cisco Secure Access, Cisco does it differently by allowing ZTNA on both client basis and browser level for contractor access. The integration with CASB is positive for Cisco Secure Access, and multiple applications such as Office 365 and Google Suite are being integrated.
The importance of Cisco Secure Access providing secure access via standard HTTP/2 and QUIC protocols is significant due to QUIC being faster than TCP. Cisco Talos is integrated with every other security product in Cisco, including Cisco Secure Access. For threat detection and response, that integration with Cisco Secure Access is important. Cisco is working on DLP with Cisco Secure Access, which they are continuously upgrading.
For how long have I used the solution?
I have used Cisco Secure Access for three years now.
What do I think about the stability of the solution?
Cisco Secure Access is more stable and reliable than Checkpoint.
What do I think about the scalability of the solution?
With Cisco Secure Access, I can scale it anytime, and licensing is quite easy.
How are customer service and support?
The customer service is good and great because Cisco has a large team of engineers providing support. I would rate the customer service support from Cisco at eight or nine.
Which solution did I use previously and why did I switch?
I started with Fortinet and Checkpoint, and then moved to Cisco regarding security products.
How was the initial setup?
Configuring Cisco Secure Access is straightforward; the dashboard clearly shows the steps needed.
What was our ROI?
ROI with Cisco Secure Access is quite good because it reduces hardware dependencies and offers many features.
What other advice do I have?
Checkpoint has much data latency when connecting to cloud compared to Cisco Secure Access, which has no such issues. Currently, Cisco is giving a very good discount to partners for Cisco Secure Access and providing feasibility in user size. Cisco Secure Access decreases the dependency on hardware while simplifying licensing. It is a cloud-based product. At the back end, Cisco is deploying Cisco Secure Access on AWS or some tenant, but we only see a subscription-based model. I have interacted with AWS Marketplace when deploying ISE, but Cisco SSE service is not available there. I would rate this product nine out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Vusa Ndlovu
Zero trust access has strengthened posture management and secured cloud-based user connections
Reviewed on Jun 12, 2026
Review provided by PeerSpot
What is our primary use case?
The main use case for Cisco Secure Access is for posture management, managing network devices, guaranteeing guest access, BYOD, guest, and sponsor portal. I have used Cisco Secure Access from end to end.
What is most valuable?
I consider network segmentation as one of the most valuable functions of Cisco Secure Access.
I use the Zero Trust Network Access (ZTNA ) feature of Cisco Secure Access, and we have currently deployed it for ZTNA. I appreciate the identity management of devices where they are connecting to the network. The device needs to be trusted always, which is actually a good security best practice because it does not involve trusting a device once and then allowing it network access.
I have experience with the integration of CASB functionality in Cisco Secure Access. The cloud access broker has helped by providing a bridge between the user directory and functionality, allowing the system to enforce data control, compliance, and threat protection. This is good security practice as well.
What needs improvement?
How easy or difficult it is to manage Cisco Secure Access through the single cloud-managed console depends on who you talk to, but for me, with my experience, it has become very easy and really manageable. Much of the interface has been improved significantly, making management easier. The upgrade of the interface really has changed a lot, which makes it easier to remember.
Automation is something Cisco could improve for Cisco Secure Access. I have seen the way they have done this with SD-WAN, where you have automation of VPN through auto VPN tunneling and the creation of tunneling between SD-WAN. If Cisco could improve Cisco Secure Access in the same way, there should not be as much configuration needed, because companies are really keen when it comes to deployment these days. We need to automate deployment. If they could do that with Cisco Secure Access as well, especially with big branches, it would be great. I have worked with almost 200 branches, so configuration in all these branches is needed for security. If this could be integrated and automated exactly like the auto VPN that happens on SD-WAN, it would be excellent.
Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.
For how long have I used the solution?
I have been working with Cisco Secure Access since 2012.
What do I think about the scalability of the solution?
Our deployment process is mixed. We are deploying for different clients, so it depends on what client they have.
How are customer service and support?
Regarding support, I do not know what happened to Cisco. I contact them, and the support has been a pain. The quality of support has dropped so drastically that it is not even funny.
How was the initial setup?
The setup process for Cisco Secure Access is very straightforward. Integrating with SD-WAN is really easy.
Which other solutions did I evaluate?
We are fighting internally with Zscaler because they are saying it is cheaper. Pricing is competitive between solutions. Palo Alto is coming very well as well. I am not sure if Cisco is also looking at that, but they are also coming with a lot of functionality within the Palo Alto space for the SASE function.
What other advice do I have?
Cisco Secure Access does help me protect my company from threats like phishing and ransomware. The fact that Cisco Secure Access integrates Zero Trust, the secure gateway, and data loss integration does a lot to help with email security because of the integration with Cisco Web Gateway. Training users is also necessary because security involves users as well.
I am satisfied with the functionality of Cisco Secure Access. One of the areas I have not investigated much time on is the integration with the segmentation within the SASE solution. I have been doing it on my side, but I still need to understand how it integrates and how it can work instead of using the NAC solution. The ICE function could be integrated within Cisco Secure Access. I think that would be better because Cisco has integrated firewall as a service, so why not also integrate the NAC solution as a service in that platform as well.
I have given this review a rating of 9.
Rajender Bhandari
Remote access has become more secure and integrated security tools work together seamlessly
Reviewed on Jun 12, 2026
Review from a verified AWS customer
What is our primary use case?
The two typical use cases of Cisco Secure Access are how remote workers securely access both private applications, public applications, and SaaS applications from anywhere.
What is most valuable?
In my opinion, Cisco Secure Access is a complete SSE solution. The second good thing about it is that it has very deep end integration with other products which are required to improve security, such as multi-factor authentication and NAC products, all coming from Cisco. Whatever the customer use case may be, not only Cisco Secure Access but other applications coming from the Cisco security product line are available without needing to look outside of that ecosystem. Typically, I can just take it from Cisco and complete the entire solution.
From my perspective, it is quite easy to manage Cisco Secure Access.
The Talos integration for threat detection and response capability is a must for any product, whether running a SIEM or XDR . The Talos threat intelligence, which is possibly one of the largest organizations that gathers all this data and sends updates, comes free with every Cisco security product. That is really important because security is not static; it is dynamic. New viruses and malware are emerging constantly. Talos ensures that I get updates of everything being seen across the globe so that I am not left behind.
When it comes to protecting against phishing and ransomware, it is pretty good because all identified signatures and non-signature-based protections get updated through threat intelligence. However, as I said, it all depends upon what your attack surface is. If the attack surface is mail, for example, where the bulk of threats get percolated, then it has to be augmented by additional security layers such as email security. Based on the threat attack surface, you have to protect those also with an additional set of software.
What needs improvement?
The only negative side of Cisco Secure Access is the mindshare. From my perspective, the greatest positive side of Cisco is that it has a very complete story on the entire overall security requirements of a customer, whether it is end user security, network security, or workload security. It covers it all. Having said that, the customer mindshare of looking at Cisco as a security OEM is pretty low. That is one thing which in my mind, Cisco has to really improve.
The second thing is, of course, multiple panes of glass to manage multiple products. That has been a long-standing demand from customers that they should simplify that, and Cisco is working towards it. The third thing is AI integration. Cisco is also aggressively working on AI integration with their products. Mindshare is one of the biggest challenges of Cisco security products, and they have to increase customer awareness sessions to increase the customer mindshare about their security products.
One big challenge which I see with Cisco is their MDR capabilities. They do not provide it as a service, which Palo Alto does provide. Cisco's policy and strategy is to enable partners so that it becomes partner-enabled services using Cisco products. Whereas Palo Alto provides MDR as a service and Sophos provides MDR as a service, Cisco enables partners such as us to provide equivalent services. However, there are multiple enterprise customers who would prefer to go to the OEM for that service. There are multiple big wins which Palo Alto had in India because of their own MDR capability. If I were to fight as a partner with my capability and Cisco products, I surely cannot fight the might of Palo Alto. That is one area where possibly Cisco has to relook.
For how long have I used the solution?
With regards to my experience with Cisco Secure Access, I have been working with it for at least two years now.
What do I think about the stability of the solution?
Regarding Cisco Secure Access, I would agree that it is a 99.9% stable and reliable product.
What do I think about the scalability of the solution?
My impression of scalability for Cisco Secure Access is good. Being a cloud solution, it has unlimited scalability. Scalability is not an issue. You can scale based on the number of users and licenses. You have SIA, SPA, and all licenses. Scalability is not an issue since it is a cloud-based solution.
How are customer service and support?
I believe customer service from Cisco is good and not a problem in India.
How was the initial setup?
Regarding the deployment procedure and installation of Cisco Secure Access, it is straightforward and not much of a challenge.
What about the implementation team?
We usually deploy Cisco Secure Access in our Center of Excellence, and we keep demonstrating that to the customers. It is fine and not much of a hassle.
What was our ROI?
Quantifying the return on investment depends upon what the use case is and the automation we can build up. We just did some study where, with automation and all of that, we can get almost 30% ROI.
Which other solutions did I evaluate?
In comparing Cisco Secure Access to its competitors in the market, I think the leader is definitely Palo Alto.
Comparing Cisco Secure Access pricing with its peer group, I think they are still comparable in terms of pricing. It also depends upon how desperate Cisco is to win the deal; they can also go better. When I say peer group, I am talking of Palo Altos of the world, and so forth. They are a little bit on the higher side, but still, when it comes to closure of the deal, they get aggressive and they can meet up with the competitive price points.
What other advice do I have?
I have to study more about Cisco Secure Access's ability to provide secure access via HTTP/2 and optionally QUIC, so I am not aware of this, and I will not comment on that.
Summarizing all that I have told you about Cisco Secure Access, mindshare, multiple panes of glass, AI integration, and MDR are all aspects that could be slightly better. Those are the areas for improvement. Overall, I would give Cisco Secure Access a rating of eight out of ten.