Cisco+ Secure Connect SASE Review & Features

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The Cisco+ Secure Connect SASE product builds off of Cisco’s networking expertise to provide a strong secure access service edge (SASE) solution. The rich options and features of their legacy network and SD-WAN offerings, as well as the familiar Umbrella and Duo security features, will continue to be used in the SASE solution and be attractive to current Cisco customers.

For more details, explore the following sections of this review:

To compare Cisco+ Secure Connect against their competition, see the complete list of top SASE solutions.

Who Is Cisco?

Founded in 1984, Cisco pioneered multiprotocol routers and networking and has built on this success to enter many related security fields. Cisco trades publicly on the NASDAQ under the symbol CSCO.

Cisco+ Secure Connect Platform

Cisco+ Secure Connect strives to provide a turnkey SASE solution for a variety of needs. Cisco+ Secure Connect was recognized as a Visionary in the 2023 Gartner Magic Quadrant, and the Unified SASE platform delivers the six key SASE capabilities as follows:

  1. Centralized control through a consolidated management console that provides a single interface to manage policies for both security and operations
  2. Monitored network status pulled either from Cisco+ Secure Connect Fabric interconnect or native integration with Cisco Meraki Secure software defined wide area network (SD-WAN) to provide reports, analytics and control over network operations performance and security 
  3. Monitored user activity through integrated Cisco Umbrella Secure Internet Gateway (SIG) features that include data loss prevention (DLP) analysis, domain name service (DNS) security, and intrusion prevention system (IPS) monitoring
  4. Inspected and decrypted traffic through integrated features from the Cisco Umbrella SIG such as secure web gateway (SWG) and cloud-delivered firewall capabilities that inspect, log, and potentially block unwanted traffic
  5. Controlled access to data and resources based upon user, device, and permissions through cloud access security broker (CASB), zero trust network access (ZTNA, optional), and SD-WAN segmentation
  6. Secured cloud-based assets such as applications, websites, and Software-as-a-Service (SaaS) resources through CASB, SWG, and firewall capabilities

Cisco offers four core versions of their SASE solution:

  • Foundation Essentials: includes Umbrella SIG (SWG, CASB), firewall (DNS), and robust network and cloud connections (including Cisco Meraki Secure SD-WAN integration)
  • Foundation Advantage: includes all Foundation Essentials and adds additional firewall and IPS capability, DLP, and more malware defenses
  • Complete Essentials: includes all Foundation Essentials and adds ZTNA, clientless browser-based access, and more authentication options
  • Complete Advantage: includes all Complete Essentials and increases the limit for clientless browser-based application limits, additional firewall and IPS capability, DLP, and more malware defenses

To create a complete SASE offering, customers may also need to acquire the Cisco AnyConnect Client and appliances necessary to implement SD-WAN.

Pricing & Delivery

Cisco+ Secure Connect can be purchased directly from Cisco or through Cisco partners. Customers purchasing the Essentials (Foundation or Complete) license will be limited in sandbox submissions (500), cloud applications monitored for malware (2), and applications allowed to be accessed through the clientless browser (10).

The four bundles of the SASE product are estimated to cost between $100 and $300 per user per month depending upon the bundle choice. Standard terms for licenses are 12, 36 and 60 months.

Cisco AnyConnect Client and SD-WAN appliances may require additional purchases beyond the scope of the SASE license. All versions of Cisco+ Secure Connect include 24/7 troubleshooting. Troubleshooting support requests can be made through the management portal or by phone. 

Features

  • Full SASE features, including centralized control, monitored user activity, inspected and decrypted traffic, controlled access, secured cloud-based assets, and monitored network status and operations control
  • 5,000 sites and 50,000 users supported per customer
  • Cloud-delivered overlay WAN architecture connects branches to headquarters, data centers, and multi-cloud environments through a single integrated network fabric.
  • SD-WAN integration with the SASE controller for Meraki, Catalyst, and others
  • Cisco Umbrella SIG unifies firewall, SWG, DNS-layer security, CASB, and threat intelligence functions into a single and well-tested cloud service.
  • User authentication options for customer’s SAML or bundled cloud-identity platform
  • Intelligent routing with unified policy enforcement as well as reduced complexity for setup and maintenance
  • Cisco Umbrella global architecture provides high-speed, low latency backbone with globally available points of presence (PoP)
  • Flexible licensing and consumption models allowing organizations to scale up or down as worker distribution shifts 
  • FIPS next generation encryption options can be enabled to comply with Federal Information Processing Standard (FIPS) 140-2

Pros

  • SASE Visionary as recognized by Gartner in their 2023 Single Vendor SASE Magic Quadrant
  • Clientless ZTNA option for least privileged access control without an agent — suitable for BYOD, contractors, and partners
  • ZTNA posture profiles by endpoint OS, browser type, and geolocation
  • Powerful Cisco brand can reduce friction for purchasing and internal adoption 
  • Integrates well-established technology for Cisco networking, SWG, CASB, and SD-WAN technologies
  • Easy upgrade purchase for existing Cisco SD-WAN customers 
  • Strong integrated threat intelligence offerings from Cisco Umbrella accessible in the SASE tool

Cons

  • PoP connections are limited in number and do not offer all Cisco+ Secure Connect options globally
  • Incomplete or out-of-date documentation noted by some customers
  • More complex options from well-established technology can create longer and a more complex setup and possible unintended gaps or conflicts in security policies
  • Limited SD-WAN options without separate purchase of other Cisco SD-WAN technology, such as Meraki SD-WAN
  • No remote browser isolation currently available
  • No reserved IP addresses as an option until 2024
  • No private backbone for high-speed SD-WAN connections; customers use public backbone resources or contract with backbone providers

Alternatives to Cisco+ Secure Connect

Buyers attracted to Cisco+ Secure Connect likely have a working relationship with Cisco for other networking or security products. When looking for alternatives, organizations will likely consider similar brands with similar products or a SASE solution that will work with existing infrastructure such as:

  • Cloudflare One: Provides a SASE option that can work with existing networking appliances and offer a completely different style of solution from Cisco’s appliance oriented solution as well as a private backbone for SD-WAN traffic acceleration
  • Palo Alto Prisma SASE: Recognized by Gartner as the leader in SASE and offers a similar appliance-centric solution with the customization options a Cisco customer may expect
  • Versa Universal SASE: Offers a fully-onsite SASE solution in which a customer can install the SASE controller within their own environment and also offers a private backbone for SD-WAN traffic acceleration for the organizations that prefer to buy a hosted solution

How We Evaluated Cisco+ Secure Connect

Cisco+ Secure Connect is rated and ranked against seven other SASE competitors in our top SASE providers article. That article explains the overall ranking, and here we provide details specific to Cisco+ Secure Connect:

  • Overall Rating: 3.07 / 5 (#8)
  • Licensing Information: 1.5 out of 5 possible criteria
  • Monitoring and Managing: 4.9 out of 7 possible criteria
  • Asset Control: 4 out of 4 possible criteria (tied for #1)
  • Implementation and Administration: 2.75 out of 5 possible criteria
  • Customer Support: 1.92 out of 4 possible criteria

Cisco+ Secure Connect rated well for options, features, and automation. The SASE Solution appears to be complex to deploy in non-Cisco environments, but it also provides the least detail on the licensing required to understand the requirements to implement a SASE solution. 

Bottom Line: Best for Cisco SD-WAN Upgrade

Although Cisco may not beat SASE competition on all aspects, much of the value of any solution will be derived from the installation costs, the time necessary for training, and the time required for installation. The many companies that already have investments in Cisco networking, SD-WAN, or Umbrella solutions will already have the training and some of the equipment needed to upgrade to Cisco+ Secure Connect SASE. 

Switching to another appliance-oriented vendor will likely be very disruptive and switching to a cloud-oriented SASE solution may not offer the network controls the organization may seek. Cisco owners will likely find significantly better return-on-investment to upgrade to Cisco SASE because it builds off of their established Cisco foundation.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Chad Kime Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis