Please share with the community what you think needs improvement with Cisco Web Security Appliance.
What are its weaknesses? What would you like to see changed in a future version?
Sometimes reporting is a little bit short. Cisco has always put more emphasis on developing big products that are very robust security-wise, rather than focusing on developing solutions with a lot of bells and whistles. In other words, it's not beautiful, but it gets the job done. Reporting is not so beautiful compared to other solutions, it's not so cute and colorful; however, it does a very good job in the areas that it supports — because it detects malware and malicious code. There is a ton of intelligence behind it.
The GUI is not user-friendly, so it needs to improve or be simplified. The initial setup is complex, it could be easier.
Obviously there is always room for improvement for almost all the appliances available in the market. But there are scopes for improvement. I'm pretty sure that Cisco will keep on integrating different feature sets as the market demands and I have seen Cisco as an organization that puts in proactive efforts providing different features before they come into the market. So I'm pretty sure that Cisco will give due diligence in terms of providing all the features in their WSA. But one thing I don't like with Cisco is that they're very fragmented in terms of feature sets. What I mean is that the one thing I don't like about Cisco is that they are very much fragmented in terms of providing the complete solution. They keep on breaking their different feature sets into different boxes. The days are coming when almost all the customers are looking for a consolidated box or a box wherein you can have multiple feature sets based on infrastructure, which will decrease the carbon footprint in the data center. Then, obviously, the number of devices they will have in the data center will go down. So cooling requirements and power requirements will also go down. So that's what the customer is looking at. But Cisco is too segmented. They gave ESA, they gave WSA, they give their next-generation Firewall Firepower. Then they gave a management center. And for network AMP they made a separate box set. So there are too many devices. Though I understand technically that, yes, fragmented technology is best because we should let the dedicated device do dedicated jobs. But again, in terms of customer acceptability and the customer's point of view, consolidated devices make much more sense for them. I would obviously prefer the WSA to be integrated with ESA because there is no point putting so many hardware devices and infrastructures in. So if WSA had the functionality of ESA, at least the basic functionality of ESA, it could be merged into a single box, and that would be good.
There are some problems with this solution but it's not related to this product. If a user wants to use it for other devices like mobile or smartphones, this product isn't so reliable. If you want to implement it in a track point mode, it is difficult to implement and is not so reliable. There should be more implementation.
The licensing model needs to be more flexible. How it works is that you can have from zero to 499 users at the first stage, then from 500 to 999 users at stage two, and so on. They need to be more flexible because when you exceed 1,000 users then you are supposed to deploy a separate appliance to cater to them. The technical support could use some improvement.
They need a better graphical interface, and they need a better ISE mechanism. In the next release, I would like to see the reporting features enhanced.
Technical support needs to be improved because they take a very long time and there is no communication or notification. Controlling engines at the network layer needs to handle more links or multiple links from the internet. Controlling with the applications, or more applications as part of the local applications so that it's bigger. The price should be moderated.
The price of this solution needs to be reduced. The FTD 21 model's Firepower Threat Defense does not have the multi-instance feature for the virtualization with the physical equipment. This makes it difficult to propose this solution to the customers. The issue that we are facing is, for example, if we have a project with a client, and we suggest the twenty-one series, we don't know until we have implemented it that we do not have the multi-instance feature.
The pricing is too high, so that could be improved. Also, the solution is not very compatible with other products.
I would like to see management automation in the next release.
What do you like most about Cisco Web Security Appliance?
Thanks for sharing your thoughts with the community!
Let the community know what you think. Share your opinions now!