Cisco Secure IPS (NGIPS) Reviews

The way we use it in my company is just for a basic firewall.

It's a next-generation firewall. You can integrate it with external systems, like Cisco Talos, Cisco Umbrella, all these things. You can do threat detection, threat prevention. You can integrate with your active directory. It can block traffic based on the user or user group.

I use the product mainly for follow-up. I would say the most important is the integration with our directory services, the user directory services. We can block or allow traffic based on the specific users or specific user groups.

There are other features such as the connection with the intelligence systems such as Talos on Cisco. You can do zero-day prevention and detection. It's quite useful.

The solution is stable and the performance is good. 

My understanding is that the initial setup is simple. 

I'd like to see some cloud management. Cisco maybe already has it, however, my company doesn't use it as cloud management. That said, it would be great to manage your device through the cloud instead of managing through a server on-premise.

I've only used the solution for two months. It hasn't been that long just yet.

The product has been stable. Cisco is quite stable as a product. It doesn't crash or freeze. It's reliable. There are no bugs or glitches.

I can't really speak to the scalability of the solution as I haven't used it for long enough.

Due to the fact that all the traffic passes through the firewalls, I would say 500 people or maybe more use the solution in our organization.

Cisco technical support is great. They are helpful and responsive. We are very happy with their capabilities. 

I'm also aware of Palo Alto, which in many ways is a more solid product. We used it in my previous company as it was more mature and much simpler to use in comparison to Cisco. 

While I didn't set it up, my understanding is the implementation is straightforward. You read the documentation. It's this continuation from the old Cisco ASAs. People have used it for many years. Cisco's quite easy to set it up and keep up and running. You just need to add things on top of it, however, it's all quite easy. I have done an installation of the previous Cisco firewall. It's really straightforward. The upgrade is quite simple as well.

We have three technical personnel that can handle deployment and maintenance. We have to cover the whole globe, so we have three people on to handle everything 24/7.

You do need to pay a licensing fee. If you want the additional features, like prevention or integration with extended intelligence systems, you need to pay additional licenses.

I'm not sure which version of the solution we're using. It might be 6.4. It's likely whatever that latest version is.

I would recommend Cisco, however, I do find Palo Alto to be a good product as well, and in some ways more solid. 

I'd rate the solution at a nine out of ten. 

In the previous version, some features were not enabled. For example, you could not access the VPN. So that was one of the downsides of the product. In this latest version, after enabling these features in the previous version and using them, it's been good. Inspection, application, and inspection in the cloud, the detail in the cloud for an indication of compromise and the malicious activity re-hashing are all valuable features. It's more of the cloud and the malicious activities aspects that define this application.

The file trajectory could be improved.

We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.

It's a really good product but I have had a really good experience with Palo Alto UTM Appliances. Which I would give a higher mark than the Firepower. It's just a little bit more expensive than the Cisco Firepower.

Scalability I would say, it has some limitations in the large deployment. I think Cisco is working to improve it.

The technical support is the most valuable part of the solution. Cisco is number one in technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support is not as good compared to Cisco. 

I started with Juniper and the Palo Alto UTM Appliances, and many other vendors. But we do have a policy to use multiple vendors.

Three years ago the setup was very complex. We had two different cables or software. It's like two appliances and one appliance. We had to set up ASA first and then set up Firepower and do the redirect from the old HTTP traffic, from the ASA for a detailed inspection by Firepower. Initially, it was complex. That was a few years back, but now with the newer version, it's just a piece of cake. Deployment took about 40 minutes. I also handle the maintenance myself.

I do the implementation myself but in certain situations, because we have a risk assessment, it's a sort of risk transfer, so we have a contract with a certain integrator. We do have a contract, but I personally do the setup.

We have definitely experienced ROI. Because we have had many incidents where Cisco Firepower has caught malicious activities and triggered an alarm, a true positive alarm. Which is really good in our case.

The solution is extensively used. We have a policy, from a permission security perspective, that you need to have diversity in the vendors and diversity in the products. We have some areas which are using these products and other areas which is using different products.

It's a really good product, but you need to give it some time to form a sort of baseline, before enabling all the features. You need to study the product well because the product will decrease to around 35-40% of the actual product when you start to enable features. Like the application and inspection, the SSL decryption, the URL filtering, and the ITSM inspection. If you enable more features, you will decrease a little bit of the property. Whoever selects the device initially needs to plan which features they are going to use and they might have to shift the sizing of the product. They might need a high-end appliance or a smaller low-end appliance based on the features they are going to use.

I would give the solution 9 out of 10. 

It detects attacks from malicious intrusions and malicious activity before they happen.

This solution has helped improve productivity and detect attacks before they happen.

Signature rules from the Snort community around the world.

• I would like to see better integration with SIEMs. 
• Better rule building using other tools, like LuaH and Python.
• Better performance.
• Better intelligence gathering in domains, the main URLs, and endpoint solutions.

It's very reliable. We really like the product and will be staying with the product a while.

At this point in time, it's making it a little bit difficult to scale due to the company, as the vendor is making some changes. We are waiting to see if the product is scalable or not. 

Rating the technical support from one to five (where five is high), I would rate them as a two. I find them to be very bad.

This was originally a Snort product, which was open source. So, there is a community for it worldwide.

We used ISS from IBM in the past, but it was causing many issues and was dropping packets. It was not an ideal solution, so we moved to Sourcefire FirePower NGIPS.

The initial setup is easy because I am very familiar with the product.

We buy the licensing on a yearly basis, when we renew our contract. It is around $14,000.

McAfee and Palo Alto were on our shortlist.

The product is a ten because it is the only product in the market like this.

We have a Cisco ASA firewall, which is like a standard firewall. We upgraded to Firepower Threat Defense, and it is like a next-generation capability, like NGIPS and NGAV, and has that kind of functionality. It also improves network security and threat defence.

It has helped to improve our cybersecurity and our network security posture.

The FTD has a GUI interface, which is very easy to work around with all the configurations. It is a client-based software based on Java. Now we have the GUI web interface, and it's very interactive and easy to navigate.

Cisco NGIPS runs the backend as a Snort engine, so it is like they customize it with Cisco. So they need to have an engine for threat defence.

We have been using this solution for two years and are using version 9.6. It is deployed on-premises.

It is a stable solution.

It is scalable. NGIPS is based on our user base, so we have around 2000 users. We require two network and security administrators for deployment and maintenance. We do not plan to increase usage because we have already upgraded.

I rate the technical support a ten out of ten.

Positive

We updated from Cisco ASA to NGIPS FTD.

The initial setup is a bit complex because it requires a lot of configuration, firewall and zoning. The deployment was done in-house. We just purchased a box and installed it on our own.

We have seen a return on investment in improving security and defending the threats in our network.

I do not have details about the licensing costs. It has a user-based license and a different model license because it is modular software.

I rate this solution an eight out of ten. From a recommendation perspective, before deploying the NGIPS solution, you need to work with your internal environment. It can minimize the load on the NGIPS, so you should do your IPS signature before moving to production.

It should have a network and content processor and a security process for additional features. Other OEMs have these capabilities to enhance the throughput and performance.

We use the solution for traffic filtering, security, and antivirus capabilities.

I have found the filter and the antivirus to be most valuable.

The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up.

The newer version tends to use a lot of system resources. For example, your processor and RAM.

I have been using the solution for approximately four years.

The solution is stable and reliable, it does the job well.

The scalability is excellent, they can support a large environment. However, a large size organization will need its own dedicated appliance.

The customer support is very good.

We have used and still use Darktrace. We do not use it to replace Cisco's NGIPS solution but we use it predominantly as an in-network snooper.

The installation is complex.

We used an in-house team to do the deployment and it takes roughly a day and a half depending on the size of your organization and the configuration. Setting up the rules, all the features, and the licensing takes time.

To do the maintenance you need somebody familiar with Cisco and networking technologies.

By using this solution we have received a return on our investment. 

Cisco products are not cheap and this solution is no different. However, the price of all of the Firepower is part of a bundle when you buy the actual firewall, the Cisco firewall. It is part of the whole bundle package, but Firepower IPS itself has its own costs.

We are on a yearly license and the price depends on the environment, we pay approximately $33,000. The solution has additional components, and each one of the components cost extra.

For those wanting to implement this solution, I was advice before deploying the solution, understand exactly what you want it to do for you. The product has a couple of different capabilities, do you want to expand, or you may not want to expand. These are scenarios that you have to take into account. I would not recommend the solution for small organizations, it would be too time-consuming for that.

I rate Cisco NGIPS an eight out of ten.

We are a system integrator, and we resell this solution to our customers.

This solution is for intrusion prevention, and the majority of deployments are on-premises.

The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box. You can activate these services on the same box, which saves a lot in terms of cost because you don't need additional hardware. Moreover, it makes manageability easier because you don't have to use several different devices.

Cisco operates on an open operating system platform so it gives you the flexibility to add other things. Cisco itself is using different manufacturers, or OEM vendors to integrate with their product. For example, Radware is providing a DDoS solution for the NGIPS box.

We would like to see support for DDoS protection.

The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost.

The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.

This is a very stable solution. We have not heard any complaints from customers, and we have not experienced any trouble ourselves.

When it comes to scalability, there is a limitation that is set by the hardware. If you're looking for higher throughput then you have to change boxes. The 2000 series is pretty small when it comes to bandwidth, so scalability is a concern.

Technical support from Cisco is perfectly fine, and they are doing a great job.

Prior to this solution, we used TippingPoint. Although it is a very good solution, there was a problem with the product having too many acquisitions. Every time there was a new acquisition, support was a concern. For example, at one point it was taken over by HP, and then, again, HP disowned it. Support was hampered by this, and if you're not getting support on a critical security appliance then you need to look for other options. This is what led us to adopt Cisco.

The initial setup of this solution is not complex. They have a graphical user interface for managing all of these things, which helps make it easy to deploy.

The price for additional throughput is the highest in the industry.

This is a solution that I recommend for IPS.

I would rate this solution a seven out of ten.

The thing about this solution that I like the most is that it's intuitive. The other features I like are the good support chain and ease of use.

My opinion is that this solution should improve the pricing.

I have been using this solution for about two years.

I would rate the technical support of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

I would rate the pricing of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.

At present, we are using different policies against which we gather logs. Logs that have been deleted on a first in, first out basis. The logs are only available for three to four hours max. I work in the IT department of a pharmaceutical company and we are customers of Cisco. 

We are looking for cybersecurity threats, like Pinterest and this solution has a good IPS feature as well as it's VirtualBox which helps us to time and for the QD, our daily routine tasks or issues. The solution provides a clear picture of what a user is doing at a specified time.

Because of cybersecurity threats, other security features should be available in Cisco devices. Sangfor IAM is good because this provides the logging IAM feature which you can retain for up to 12 months. But Cisco does not provide this type of logging because no third-party logging server is supported with the Cisco firewall.

I've been using this solution for three years. 

The stability is fine. We manage to resolve general bugs by updating the software or VirtualBox as well as in the hardware. That is not a big deal for us.

The scalability is fine for us, we currently have 50 users. 

Their technical support is good. We have SLA with Cisco, which will be renewed next year.

We have a somewhat complicated environment over here. We have also implemented SSG Juniper, SSG140, so basically their firewall is working as a router.

The price is a little high in comparison to other similar solutions. If we talk about Sophos Firewall with IBM software, it's cheaper in comparison to Cisco and their VirtualBox.

I recommend this latest model of Cisco firewall. In terms of the wide logging, it gives us as much as we need. We have implemented 30 to 35 policies in which loggings are gathered. 

I would rate this solution an eight out of 10.