Cisco Secure IPS (NGIPS) Reviews

The Cisco NGIPS and IGS are used as network firewalls for IPS and IGS protection. I have both the Cisco Firepower and Cisco Meraki solutions in different customers' locations. They have the capability of the NGIPS built into it. We have different customers that they are using it. For example, on Edge, data centers, and campus networks.

Among all the different solutions I have worked with, such as Palo Alto many other firewalls. Cisco has the support, documentation, and design. The documentation is widely available and it can help you a lot with implementation. It makes the implementation much easier.

What I don't like about Cisco recently is they keep changing the names, which makes it hard for customers and sometimes even us as engineers to know what is the solution they are speaking about. For example, with AMP, now they call it Secure Endpoint and I don't know if in the next couple of years they're going to change it to something else. They should keep the names the same.

I have been using Cisco NGIPS for approximately 10 years.

Cisco NGIPS is stable, however, it is nothing special.

The scalability of Cisco NGIPS I am not too familiar with. The solution can do clustering and other operations. With the Orchestrator, I haven't worked with it yet but I hope that will help to make standard policies all run better. The most important part about scalability is how do you want to apply the same policy all around and across the different locations that you have. This is something that is not easy with any firewall unless you have a Secure Orchestrator. I don't see any issues with the scalability at this time.

The support from Cisco NGIPS is very good.

I have used many other solutions, such as Palo Alto.

I would rate the price of Cisco NGIPS a three out of five.

They are very expensive in some places and not reasonable at times for many customers. I have had customers choose another solution because of the high price.

When speaking about the features of Cisco NGIPS, what makes the feature good is dependent on what the customer likes and the skillset that they have. I cannot say what is the best feature because it depends on the use case.

There are times I see customers spend a lot of money on something which they really don't use. Whether this solution is good or not depends on what exactly the customer wants to implement and protect. They should pick the right solution with the skillset that they have.

I rate Cisco NGIPS nine out of ten.

We use Cisco as a firewall. It is an intrusion detection and prevention solution.

The malware detection, threat defense, sandboxing, VPN, and mail security have all been valuable features of Cisco NGIPS.

The performance of CISCO Firepower could be improved. 

We moved from Sophos to Cisco before the pandemic. During the pandemic, there was an increase in VPN connections. We had a layer of security within CISCO Umbrella, and now with Cloud. The firewall protects the internal system, but we needed to add another layer of security for the endpoints that are outside the local area network. We needed another product to cover this lack of security.

We prefer to have integration with the points that are outside our local area networks using the same brand using one single console. Because the firewall only protects the people inside the network, we required another solution.

I would like to see Cisco NGIPS include home office support in one single product.

Our organization has been using Cisco NGIPS for two years.

Cisco NGIPS is stable most of the time.

This solution is not easily scaled. I would like Cisco NGIPS to be easier to scale. With the increase in work from home, we needed to add another layer of security to ensure we can meet the demand of stability, high availability, and connection.

Our company has two layers of support with Cisco. One is the local support, which is very good. The second support is directly from Cisco. They are quick to respond and have quick solutions to the problems.

We moved from Sophos to Cisco Firewall because we were looking for better integration between all the appliances and data center. All of our core switches, our wireless system, and other tools are the Cisco brand, meaning that all our monitoring options are integrated under Cisco.

We hired a professional service to install this solution.

With the increase in work from home, companies may need more than just a firewall. I recommend anyone considering Cisco NGIPS evaluate all the demands from their in-home offices and determine if their solution needs to be bigger, or wider, for security and performance.

I would rate this product a 9 out of 10, particularly if you work in a LAN environment.

The way we use it in my company is just for a basic firewall.

It's a next-generation firewall. You can integrate it with external systems, like Cisco Talos, Cisco Umbrella, all these things. You can do threat detection, threat prevention. You can integrate with your active directory. It can block traffic based on the user or user group.

I use the product mainly for follow-up. I would say the most important is the integration with our directory services, the user directory services. We can block or allow traffic based on the specific users or specific user groups.

There are other features such as the connection with the intelligence systems such as Talos on Cisco. You can do zero-day prevention and detection. It's quite useful.

The solution is stable and the performance is good. 

My understanding is that the initial setup is simple. 

I'd like to see some cloud management. Cisco maybe already has it, however, my company doesn't use it as cloud management. That said, it would be great to manage your device through the cloud instead of managing through a server on-premise.

I've only used the solution for two months. It hasn't been that long just yet.

The product has been stable. Cisco is quite stable as a product. It doesn't crash or freeze. It's reliable. There are no bugs or glitches.

I can't really speak to the scalability of the solution as I haven't used it for long enough.

Due to the fact that all the traffic passes through the firewalls, I would say 500 people or maybe more use the solution in our organization.

Cisco technical support is great. They are helpful and responsive. We are very happy with their capabilities. 

I'm also aware of Palo Alto, which in many ways is a more solid product. We used it in my previous company as it was more mature and much simpler to use in comparison to Cisco. 

While I didn't set it up, my understanding is the implementation is straightforward. You read the documentation. It's this continuation from the old Cisco ASAs. People have used it for many years. Cisco's quite easy to set it up and keep up and running. You just need to add things on top of it, however, it's all quite easy. I have done an installation of the previous Cisco firewall. It's really straightforward. The upgrade is quite simple as well.

We have three technical personnel that can handle deployment and maintenance. We have to cover the whole globe, so we have three people on to handle everything 24/7.

You do need to pay a licensing fee. If you want the additional features, like prevention or integration with extended intelligence systems, you need to pay additional licenses.

I'm not sure which version of the solution we're using. It might be 6.4. It's likely whatever that latest version is.

I would recommend Cisco, however, I do find Palo Alto to be a good product as well, and in some ways more solid. 

I'd rate the solution at a nine out of ten. 

There are both options of cloud or on-premise solutions. I usually do the on-premise solution. We have others who do the cloud solution. If you want to deploy and protect your network from threats and protect your neighbor, that's one of the uses that we employ. With that, you have Security Intelligence, you have Intelligence, you have an Intrusion Prevention System. In the recent upgrade of Firepower, we have 3.0. You can use that to protect the internal network or if you want to protect your servers. 

We use the Security Intelligence feature. We also use the Cisco AMP for Networks, which is used with the ITL certificate. You can use third-party integrations with the Firepower, about security. You can use the STIX format. With the STIX, you can add emergency threats to rules. This includes malware detection which has a third-party Security Intelligence platform. Included are reporting for the last seven days, V shell, and phishing tank. Cybercrime tracker is to check if any company or domain has a bad reputation on the internet. And it can give that information to the Firepower. You can use Security Intelligence to protect the network. It has preprocessors about security. They have a preprocessor for the SCADA. Cisco has evolved a lot in that area over the last few years.

The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.

We have been using Cisco NGIPS or Firepower NGIPS for five years. We use the latest version.

It's working correctly, it's working without problems. You can buy another Firepower, and you can do a cluster configuration. And it's really easy, we don't have any problems.

Cisco support is really awesome. I have another vendor like Honeywell. I really hate when I call Honeywell. But when I call Cisco, I really appreciate it a lot when I talk with the support engineers because the personnel have really good skills and have a really good passion. Cisco support is awesome.

I think the installation of Firepower NGIPS is really easy. You configure the device, you connect that to the Firepower Management Center, and you have deployed the Firepower.

If they're looking for a platform that can protect from attack, from external or insiders who want to attack the network, I think Firepower is a good solution. With  Security Intelligence, other security features make that platform an awesome platform. I would give Cisco NGIPS a rating of nine on a scale of ten. I think no one platform is perfect. I wouldn't give a 10 to a solution ever because 10 is 100%, and I think no one solution can 100% secure. Not because the platform is not working correctly. Because I think no one platform can be 10 by 10.

It is our main firewall. We use it for reporting and for firewall purposes to block unwanted inputs and outputs.

Its ease of use and its ability to block and allow ports in and out of our organization are the most valuable features.

It works very well. It gives us all the information that we need.

We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license. 

Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower.

I have been using this solution for two years.

It has been very stable. I don't think it has gone down at all in two years.

It is very scalable. In terms of the number of users, we have 26,000 students and 3,500 staff members. Everybody in our organization goes through it and takes advantage of it on our system. We have about five people who are managing it, and they are from the network group, infrastructure group, and storage group.

We did have some engagement with the technical support people regarding the integration with Nexus Switches, and they were very good. They helped us out quite a bit.

We were using Cisco ASAs. They were going out of service. They were going out of sale and support. So, we decided to move to Firepower. We wanted to go to the Next-Gen IPS type of stuff, and ASAs didn't have that kind of feature set.

It was quite complex. It required some workarounds with other network components in our system. It could have been a lot less complicated. Nexus Switches that we had were a little bit older, and they didn't integrate as well with Firepower as they could have. So, we ended up having to buy some new switches. 

The deployment pretty much took about three weeks. It involved moving all of our stuff from our old firewall onto the new one. Rules were a little different, so we had to work on it for a while. Fortunately, we could run them in parallel, so it worked out okay.

We did it in-house.

It has definitely given us our return on the investment.

It is expensive. It has separate licensing for all the features, and every feature set seems to require another license.

Licensing is on a yearly basis. There are no additional costs besides the standard licensing fee.

I would advise others to make sure that the rest of their equipment is completely compatible with the newest Firepowers.

I would rate Cisco NGIPS an eight out of ten. It gives us all the information that we need. We've got to dig for it sometimes, but it is a good product.

The solution works on a base set of rules to detect malicious traffic or certain exploits, which can be done from both the outside and inside network.

In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected. It is quite flexible because it can be deployed on the cloud as well. All the kinks which were in the previous versions were fixed.

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.

They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

I have been using the solution for approximately five years.

The solution is stable.

The solution is scalable. The management center, which controls the sensors, you can deploy it. You have two different virtual appliances, one is for managing up to 25 sensors and the bigger one is up to 300 sensors. The hardware list of the products ranges from, I think, 20 sensors and up to 500. Depending on your needs, you can scale it.

We have three administrators working on the solution and the whole organization is being protected by it.

Cisco support is really great. Especially when you have a priority case, when everything is down, you can get an engineer in 15 minutes.

The setup is easy, you do not need hardware. You can just sign up for AWS or Azure and you can deploy it there.

There are licensing fees depending on the features that you are using.

I have evaluated Palo Alto in the past.

Before this version of the solution, it was like a normal IPS. The source for IPS was bought by Cisco, and now it is integrated into the Firepower Threat Defense. The Firepower Defense is a unified image of both the previous firewall which Cisco had, the ASA, and the source for IPS. Currently, the FTD is like a UTM device, a unified threat management device, because it has firewall capabilities and IPS capabilities.

I am going to continue using this solution even though I enjoyed using their main competitors product from Palo Alto. I would recommend this solution to others.

I rate Cisco NGIPS a seven out of ten.

The NGIPS handles all of the IPS functionality for our security.

The most valuable feature for our cloud-based deployment is the autoscaling.

For our on-premises deployment, clustering is the most valuable.

I think their fingerprints are good in terms of how they whitelist and blacklist. This is because of Talos, which is really awesome. We use that a lot.

The anomaly detection capabilities are awesome.

The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery. You need that to really handle finding anomalies properly. In the past, I've noticed that some applications are not identified correctly, based on the OS and the fingerprints that they're pulling from the host.

In the future, we would like to see more involvement with the on-premises hybrid cloud. We want to see Cisco do more in the cloud space, and basically improving the connection between on-premises and the cloud. This including things such as automation.

I have been using Cisco NGIPS for almost seven years.

The code is well-stabled right now and we've never had issues upgrading from one version to another. We've had it since version 2.0 and for every time we upgrade, it gets better. We're currently on version 6.6 and we're expecting that when 6.7 comes out, it will get better.

This is a very scalable product. You can add multiple devices to the same policy and then push that out.

In the cloud space, scaling is done automatically based on the amount of traffic and the amount of bandwidth that's generated. It scales up and down, back and forth, as needed. For example, if there is not much traffic then it drops, whereas if there is a lot of traffic then it creates another FTD, and then it just shares the load with load balancing.

Everything is scaled properly both in the cloud and on-premises.

Cisco's technical support is really good. I would say that they are number one. They follow up on their calls and tags, as well.

I also have experience with Check Point and I find that the pricing is better with Cisco.

The initial setup is straightforward. With the Firepower Threat Defense (FTD), everything is in one box. You can do everything from firewalls to IPS and more. It also includes the next-generation firewall.

It is an easy upgrade process that is easy to understand. I would say that from version 3.0, it has improved.

The cost of the license depends on the level of support that you have with Cisco. 

My advice for anybody who is implementing Cisco NGIPS is to read and understand all of the documentation before you start. Whatever it is that you might need help with, reach out to Cisco support and let them help you. The documentation is available and it is very understandable so you may not need their help. I would say that if you take your time to read it then you shouldn't have any problems in deploying.

I would rate this solution a nine out of ten.

Basic IPS functionality for intrusion prevention. We have two kinds of deployment. The one that is Inline and the one that is not Inline, where it's just listening. We have like a tap to which its monitoring traffic. For the one that is kind of offline deployment but for the Inline deployment, all traffic goes through it, like for North-South traffic, towards internet to provide some real-time intrusion prevention.

Ir's signature-based. We are also using the anomaly baseline formation, where it links the network, then anything that goes away from the norm is also flagged. Those are the two most valuable features. 

It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own. It learns patterns, learns what good traffic looks like then is able to stop bad traffic, not just based on behavior but based on every other thing. I think other next-generation IPS solutions are turning towards integration of ML and AI. I need machine learning and the ability to share intelligence. 

I have been using Cisco NGIPS for seven years.

It is pretty stable and has good throughput.

It's scalable. You can add more to it as traffic requires, one cluster can do HA, so it's pretty scalable. In fact, you can cluster up to six chassis on the 4100.

If it's host-based IPS, we can count a number of users and say we have 45,0000 users but for network-based IPS, where it's just picking traffic from different connections when you're trying to go to the internet or when you're trying to come back to the internet it can support up to 10 million concurrent sessions. We have around 200,000 users but it can support 10 million concurrent sessions.

For maintenance, once you configure it, depending on what you call maintenance if it's software upgrade it doesn't take a lot to upgrade it. If it's active/standby you can upgrade the active. The standby becomes the active. Then when the active comes back on, you can upgrade the standby. So usually, at least you have an active/standby scenario, but if you have a cluster, you can take each out of production in codes. We start while others are in production. 

If you're talking about maintenance in terms of log collections and shipping of the logs, it's also easy to deploy from that perspective.

Cisco has very good support. We get good support from Cisco. 

We've been using Cisco for a while. Going from the IPS module on ASA or the IPS appliance, we've transitioned from different Cisco IPS solutions to this Cisco Next Generation IPS. 

It's been Cisco all along, it's just that this one has more visibility and it's next-generation style compared to the older IPS. 

The initial setup was straightforward and easy to deploy. It was very quick.

We also looked at Sourcefire.

They bought this particular one from Sourcefire and Sourcefire was the world leader in next-generation IPS before Cisco bought it and I know it wasn't just in terms of visibility and how much it can do but in terms of cost too because it was an open-source project that was going on before Cisco bought it. Cisco bought the enterprise version so I feel it's not expensive, but I've not really checked the licensing cost.

Sourcefire wasn't originally Cisco and it was already a world leader and if I'm not mistaken or quoting wrongly, I think it's from the Snort project. I know the open-source community is still contributing to what Cisco is presenting with FirePower or FireSIGHT IPS. It's an open-source project. You can trust it because of the originality score and with what we've used so far too, I see the difference in the old version and this new one. You get better security compared to these other next-generation IPS out there.

In the next release, I would like to see AI machine learning capabilities built into it.

I would rate it a nine out of ten.