Cisco Secure IPS (NGIPS) Reviews

The solution works on a base set of rules to detect malicious traffic or certain exploits, which can be done from both the outside and inside network.

In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected. It is quite flexible because it can be deployed on the cloud as well. All the kinks which were in the previous versions were fixed.

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.

They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

I have been using the solution for approximately five years.

The solution is stable.

The solution is scalable. The management center, which controls the sensors, you can deploy it. You have two different virtual appliances, one is for managing up to 25 sensors and the bigger one is up to 300 sensors. The hardware list of the products ranges from, I think, 20 sensors and up to 500. Depending on your needs, you can scale it.

We have three administrators working on the solution and the whole organization is being protected by it.

Cisco support is really great. Especially when you have a priority case, when everything is down, you can get an engineer in 15 minutes.

The setup is easy, you do not need hardware. You can just sign up for AWS or Azure and you can deploy it there.

There are licensing fees depending on the features that you are using.

I have evaluated Palo Alto in the past.

Before this version of the solution, it was like a normal IPS. The source for IPS was bought by Cisco, and now it is integrated into the Firepower Threat Defense. The Firepower Defense is a unified image of both the previous firewall which Cisco had, the ASA, and the source for IPS. Currently, the FTD is like a UTM device, a unified threat management device, because it has firewall capabilities and IPS capabilities.

I am going to continue using this solution even though I enjoyed using their main competitors product from Palo Alto. I would recommend this solution to others.

I rate Cisco NGIPS a seven out of ten.

The primary use case is for intrusion prevention. We install the solution between the firewall and the call switches.

The most valuable features are the intrusion detection ones. We channel the intrusion engine to create a policy of prevention. We only use this solution for intrusion prevention, not as a firewall.

There is room for improvement in the policy documentation. It gets confusing trying to understand what all of the policies mean. We need clear documentation explaining what each policy does.

For the Cisco STD, if we lose the connection with the SMC and STD, we can only assist with the STD via the CLI, so we can only do some troubleshooting. I think this is an area that needs improvement. In terms of the architecture, it needs to be more comfortable to change our own managed STD via the UI even if SMC is not available.

The technical support has room for improvement.

I have been using the solution for six years.

Some of the engineers within Cisco's tech support are knowledgeable and others are not. Sometimes we have to go back and forth for a week to get an answer.

Neutral

The initial setup is not complex; we only need to define the IP address and add the SMC IP. Both STD and SMC have the capability of SDM. Also if we don't have SMC, we mainly require the anti-SDM in UI. However, after we enroll the Cisco file from the SMC, we can no longer manage the STD from there. Therefore, it is very difficult to roll back if there is a connection loss between the STD and SMC, as SMC cannot manage the STD via the UI. In comparison, if there is a connection loss between Palo Alto Panorama, we can simply lock it with Palo Alto following the file and do some configuration. 

I give the solution a seven out of ten.

There are both options of cloud or on-premise solutions. I usually do the on-premise solution. We have others who do the cloud solution. If you want to deploy and protect your network from threats and protect your neighbor, that's one of the uses that we employ. With that, you have Security Intelligence, you have Intelligence, you have an Intrusion Prevention System. In the recent upgrade of Firepower, we have 3.0. You can use that to protect the internal network or if you want to protect your servers. 

We use the Security Intelligence feature. We also use the Cisco AMP for Networks, which is used with the ITL certificate. You can use third-party integrations with the Firepower, about security. You can use the STIX format. With the STIX, you can add emergency threats to rules. This includes malware detection which has a third-party Security Intelligence platform. Included are reporting for the last seven days, V shell, and phishing tank. Cybercrime tracker is to check if any company or domain has a bad reputation on the internet. And it can give that information to the Firepower. You can use Security Intelligence to protect the network. It has preprocessors about security. They have a preprocessor for the SCADA. Cisco has evolved a lot in that area over the last few years.

The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.

We have been using Cisco NGIPS or Firepower NGIPS for five years. We use the latest version.

It's working correctly, it's working without problems. You can buy another Firepower, and you can do a cluster configuration. And it's really easy, we don't have any problems.

Cisco support is really awesome. I have another vendor like Honeywell. I really hate when I call Honeywell. But when I call Cisco, I really appreciate it a lot when I talk with the support engineers because the personnel have really good skills and have a really good passion. Cisco support is awesome.

I think the installation of Firepower NGIPS is really easy. You configure the device, you connect that to the Firepower Management Center, and you have deployed the Firepower.

If they're looking for a platform that can protect from attack, from external or insiders who want to attack the network, I think Firepower is a good solution. With  Security Intelligence, other security features make that platform an awesome platform. I would give Cisco NGIPS a rating of nine on a scale of ten. I think no one platform is perfect. I wouldn't give a 10 to a solution ever because 10 is 100%, and I think no one solution can 100% secure. Not because the platform is not working correctly. Because I think no one platform can be 10 by 10.

We have a data center and we need security products such as Cisco NGIPS to protect us from attacks that are going to impact our organization. For the purpose of completing our compliance audit and VAPT process, we have these kinds of security solutions in place.

The features that I find most valuable are the DDoS protection, IPS/IDS, and Firepower for web application filtering. These three things are pretty good and each is valuable as per the different needs of my business operations.

I would like to see better support for preventing cross-scripting and brute-force attacks that may originate from our homegrown applications. This is needed because the applications that we are developing for internal use do not go through the heavy security check that we have in place. If there is some flaw in an application, which happens every now and then, then there will be a huge cost that I may have to pay. I would like to know that if I have a security solution in place then I am at least 99% confident that problems will be prevented. As it is now, I cannot say that I am 80% secure against my applications being attacked.

Better integration with other products, such as a SIEM tool, would provide better peer visibility about your security posture. Adding this type of functionality would make this product unbeatable.

We have been using Cisco NGIPS for more than five years.

This is a stable product.

Cisco NGIPS is scalable and we have about 600 users.

Technical support is outsourced and it is good.

I did not work with another solution before this one.

The initial setup is straightforward and the deployment took about three weeks.

I have ten people who take care of maintenance.

Pricing depends on negotiation with the vendor, although I can say that it is moderate. I would not say that it is very high or low, but rather, average.

I am now trying to implement a more rigorous web application firewall because I don't want to manage the bugs or attacks that are going to come from the outside. I would prefer it is managed by somebody who is an expert in web application firewalls. I want to couple it with additional software for load-balancing to improve speed. Allowing somebody else to manage this will free up my time to run my business, which is better for generating revenue for the company.

I would rate this solution a nine out of ten.

I use it for perimeter security for malware prevention.

From a cybersecurity past perspective, it has aligned the features in accordance with our strategic needs. 

The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.

Initially, the solution was not stable. 

The system is a bit rigid. We have more than 1,000 people using the solution.

Technical support is good but it can be much better.

We didn't previously use a different solution.

The initial setup was a bit complex. One had to read so many areas to understand the navigation feature. It took about three years to reach maturity. For deployment, we required about eight people, but for maintenance, we only require four to six.

I had an integrator help implement; they were very professional.

The solution has a high cost. In my opinion, the cost of renewal is a bit too high.

We looked at several: Imperva, Check Point, Juniper, Sophos, and SourceNET.

We're using it continuously. We plan to increase usage.

During setup, I would advise that you must spend more time on planning. If you do, the transition is easier.

I would rate this solution 6 out of 10. The time it takes for the product to mature, the maturity journey, the product maturity cycle, takes too long.

We use the solution as an intrusion prevention system to detect malicious attacks on the network.

The solution updates at regular intervals. It has the most recent definition of the attacks, including zero-day attacks.

They could provide one solution to fit all the use cases. Presently, we have purchased different solutions for total security. It has become expensive for us.

The solution is very stable. I rate its stability a nine out of ten.

The solution is scalable. It integrates with different XDR solutions. Thus, we can manage all the devices on a single pane. It is suitable for SMEs and large enterprises as well.

I rate its scalability an eight out of ten.

The solution's technical support is quite good. Although, it needs to be cohesive in terms of communication.

Positive

The solution's initial setup process is complicated. But we can manage it with the right team for installation and technical support from Cisco.

The solution is good value for money. It is highly-priced but competitive in terms of features and support services.

It is an efficient cyber security solution. I highly recommend it to others and rate it a nine out of ten.

We use this solution as part of our firewall.

This is a great firewall.

I have had a lot of problems with false positives and it would be helpful if this were improved.

I would like to see integration with monitoring tools such as Nagios or BMC.

An improved dashboard would be great.

This is a stable solution.

I have not had contact with technical support.

Prior to this solution, I used the Sophos XG 430.

The initial setup for this solution is complex.

The deployment took four months.

We had a reseller assist with our deployment.

Cisco products are always expensive, but if you can afford the price then it's a great solution. When I compare to Sophos, for example, Sophos is cheaper.

This is a great product. My advice for anybody who is considering this solution is that I would recommend it to anyone who can afford the price of the license.

I would rate this solution an eight out of ten.

We are a solution provider and I am an engineer who deploys solutions. This is one of the products that I have experience with it in this capacity. The version that we use depends on the client.

Some of our clients are ISPs and they are using the firewall features in this product to replace old firewalls. It is doing the regular firewall inspections, VPN concentration, and other such things. For other customers, who replaced Sourcefire, they use it primarily as an inline IPS and a passive IDS. These customers do not choose very many of the firewall features.

Some customers use it for both; they have a firewall, VPN concentration, and then they do IPS inspection. This is the next-generation of these technologies.

The most valuable feature is the IPS engine. It has been in the security branch for decades and is now integrated into the Cisco portfolio. The difference is that it has been scaled a thousandfold. It provides a base language for intruder inspection for all of the security engineers. Now, they have the same language everywhere in the corporate and the open-source firewalls and IPS.

The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation.

I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.

I have been working with NGIPS for about four years, since 2016 or 2017, shortly after Cisco bought it.

Stability is something that is tricky to judge because when you have a 600-person userbase, there are always going to be issues. As we fix them, it becomes stable again.

This is suitable for organizations of all sizes; small, medium, and large-sized companies. For example, one of our clients has 600 users.

The ease of scaling depends on the number of times you scale, or to which extent. I can start by saying that scaling is easy but if you want to scale a hundredfold, then it's not going to be so easy. It's impossible.

I like Cisco's technical support and find that they are efficient. In fact, I was a technical team leader for Cisco support, and I am now a client. There is amazing support team at TAC and they help Cisco be great. 

I have worked with similar products from different vendors in the past, although I am avoiding this type of task for the moment.

The main advantages to Cisco are the scale, the integration, the training, and the possibility of finding somebody to work with. Also, the reaction time that they have in case of failure is very fast, and it is easy to replace the setup.

The initial setup is complex. It requires that NGIPS be optimized such that it has the best results with the best performance. The deployment model, be it on-premises or cloud-based, depends on the client.

The length of time required for deployment also depends on the client. In a small office, I can do it in a few hours. For an enterprise, it could take half a year. I have worked on many different scales.

I am responsible for deploying this product to our customers. When it comes to maintenance, we cooperate. They know the environment, their tools, the change management, and the internal procedures. I take care of the technical parts, and we have full cooperation until it is complete.

This is an expensive product, with the biggest cost being the license that keeps the service going.

My advice for anybody who is implementing NGIPS is to get in touch with someone who can advise them because every network is different. Properly sizing the appliances is important. 

I would rate this solution a ten out of ten.