Likelihood to Recommend
It is well suited in environments where there is a high mail traffic to handle. [Cofense] Vision basically journals the exchange server and keeps a copy of the mail received in the environment. Really beneficial to revoke and quarantine the mail reported by one user, but footprint is there in other mailboxes as well. Less appropriate in the cases where there is no proper segregation of duties within the organization. As it is possible to see contents of the mail. Only authorized personnel should be able to use it.
Read full review
If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.
Read full review Pros AutoQuaratine prevents in advance and eliminates possible malicious emails from users' inboxes. [Cofense Vision] optimizes protection against any phishing attack. It is simple, friendly and easy to use. [Cofense Vision provides] super detailed analysis reports. Read full review 0 day detection and prevenion Flawless integration with Symantec Ecosystem Integration with other vendors supporting ICAP is also working Custom and golden image support High performance on busy environments Many threats are already detected and prevented through the CAS, it improves the performance drastically. Already builtin virustotal integration Reference to updates and updates information where I can see the product/service detecting which APTs Multiple Antivirus engines which you can select/subscribe Manual submission of file is supported through the gui URL manual submission is also supported Read full review Cons Its cost can be somewhat high when it comes to a small business, so it is perfectly suited to medium or large companies. It can throw problems when it comes to migrating said tool in the different versions of an email. Its configuration is simple, but it is important to fully understand its operation to give adequate responses to possible threats. It would be ideal if it could be integrated with your platform. Read full review API support is lacking Symantec/Broadcom security vision in general Symantec support is not perfect You can't run the product as a standalone network device No packet capture capabiliy or work in span mode You need a dedicated hardware to make it run You need to buy Read full review Alternatives Considered
Apple of Discord is the pricing as we were looking for an email security tool in reasonable pricing and Barracuda was undoubtedly efficient in action and was compatible with our business but it was highly expensive and then we made up our mind for another tool and Cofense Vision was offering almost the same as Barracuda but cheaper.
Read full review
We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.
Read full review Return on Investment Many Phishing attacks are identified and prevented in an instant. Classification of activity helps analysts search and find which emails pose a larger threat. User interface and learning is simple and easy to use. Read full review 0-day and APT risk is covered by the SCMA As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed. Getting full visibility at file trajectory level As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats. Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers. A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost. Read full review ScreenShots