Cisco Secure IPS (NGIPS) Reviews

We are a system integrator, and we resell this solution to our customers.

This solution is for intrusion prevention, and the majority of deployments are on-premises.

The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box. You can activate these services on the same box, which saves a lot in terms of cost because you don't need additional hardware. Moreover, it makes manageability easier because you don't have to use several different devices.

Cisco operates on an open operating system platform so it gives you the flexibility to add other things. Cisco itself is using different manufacturers, or OEM vendors to integrate with their product. For example, Radware is providing a DDoS solution for the NGIPS box.

We would like to see support for DDoS protection.

The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost.

The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.

This is a very stable solution. We have not heard any complaints from customers, and we have not experienced any trouble ourselves.

When it comes to scalability, there is a limitation that is set by the hardware. If you're looking for higher throughput then you have to change boxes. The 2000 series is pretty small when it comes to bandwidth, so scalability is a concern.

Technical support from Cisco is perfectly fine, and they are doing a great job.

Prior to this solution, we used TippingPoint. Although it is a very good solution, there was a problem with the product having too many acquisitions. Every time there was a new acquisition, support was a concern. For example, at one point it was taken over by HP, and then, again, HP disowned it. Support was hampered by this, and if you're not getting support on a critical security appliance then you need to look for other options. This is what led us to adopt Cisco.

The initial setup of this solution is not complex. They have a graphical user interface for managing all of these things, which helps make it easy to deploy.

The price for additional throughput is the highest in the industry.

This is a solution that I recommend for IPS.

I would rate this solution a seven out of ten.

We use the solution as an intrusion prevention system to detect malicious attacks on the network.

The solution updates at regular intervals. It has the most recent definition of the attacks, including zero-day attacks.

They could provide one solution to fit all the use cases. Presently, we have purchased different solutions for total security. It has become expensive for us.

The solution is very stable. I rate its stability a nine out of ten.

The solution is scalable. It integrates with different XDR solutions. Thus, we can manage all the devices on a single pane. It is suitable for SMEs and large enterprises as well.

I rate its scalability an eight out of ten.

The solution's technical support is quite good. Although, it needs to be cohesive in terms of communication.

Positive

The solution's initial setup process is complicated. But we can manage it with the right team for installation and technical support from Cisco.

The solution is good value for money. It is highly-priced but competitive in terms of features and support services.

It is an efficient cyber security solution. I highly recommend it to others and rate it a nine out of ten.

We use this solution as part of our firewall.

This is a great firewall.

I have had a lot of problems with false positives and it would be helpful if this were improved.

I would like to see integration with monitoring tools such as Nagios or BMC.

An improved dashboard would be great.

This is a stable solution.

I have not had contact with technical support.

Prior to this solution, I used the Sophos XG 430.

The initial setup for this solution is complex.

The deployment took four months.

We had a reseller assist with our deployment.

Cisco products are always expensive, but if you can afford the price then it's a great solution. When I compare to Sophos, for example, Sophos is cheaper.

This is a great product. My advice for anybody who is considering this solution is that I would recommend it to anyone who can afford the price of the license.

I would rate this solution an eight out of ten.

I use it for perimeter security for malware prevention.

From a cybersecurity past perspective, it has aligned the features in accordance with our strategic needs. 

The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.

Initially, the solution was not stable. 

The system is a bit rigid. We have more than 1,000 people using the solution.

Technical support is good but it can be much better.

We didn't previously use a different solution.

The initial setup was a bit complex. One had to read so many areas to understand the navigation feature. It took about three years to reach maturity. For deployment, we required about eight people, but for maintenance, we only require four to six.

I had an integrator help implement; they were very professional.

The solution has a high cost. In my opinion, the cost of renewal is a bit too high.

We looked at several: Imperva, Check Point, Juniper, Sophos, and SourceNET.

We're using it continuously. We plan to increase usage.

During setup, I would advise that you must spend more time on planning. If you do, the transition is easier.

I would rate this solution 6 out of 10. The time it takes for the product to mature, the maturity journey, the product maturity cycle, takes too long.

I primarily use NGIPS as perimeter security firewall devices to filter traffic.

NGIPS' best feature is the separate IPSec tunnels, which makes the user's data more secure if they want to access it privately.

NGIPS' GUI interface could be improved and made more user-friendly, especially in comparison to Palo Alto's Next-Generation Firewall.

I've been using NGIPS for around five years.

The initial setup is complex and requires someone with a background in firewalls to set it up. Inexperienced users will find it very difficult to set up. For experienced users, deployment will take around forty-five minutes. I would rate the setup process five out of ten.

NGIPS is expensive.

I would recommend NGIPS to other users, but only as a second choice behind Palo Alto. I would give NGIPS a rating of eight out of ten.

Our primary use case is for the firewall and other security-related features.

I think the Cisco Firepower is the best firewall in the world and the other security features like AMP, IPS, and deep inspection packets.

The most valuable feature would be the IPS is very important in Cisco Firepower because I can configure deep configuration in IPS and tuning.

I would like to see the sanctions lifted so we could use the full solution and have the speed increased.

I have been using Cisco NGIPS for the past eight years.

The stability is evident and without issues.

The scalability is excellent. We have around one thousand two hundred users.

There is a very good community with CISCO.

The initial setup is straightforward.

The implementation can take anywhere from one day to a month for advanced tuning and firewall protection.

There is definitely a return on investment and is worth the money

When it comes to pricing you pay for a permanent licensing structure. One, three, and five-year options. There are no extra costs.

I would rate Cisco NGIPS a ten on a scale of one to ten.

We use this solution as an intrusion prevention system, as well as UI filtering, application control, and anti-malware protection.

The traffic filter feature of this solution has improved our organization. It not only provides ransomware protection, but saves us time in dealing with unnecessary traffic.

The traffic filter of this solution is very valuable to us, and to our clients.

We would like to see some improvement in the configuration process for this solution, as it is currently quite complex.

We have been working with this solution for around a year.

We have found this to be a stable solution in our experience.

This is a scalable product.

The initial setup of this solution is straightforward if it is only the standard package being installed. However, configuring this product is complex and requires a lot of time commitment.

Deployment of the solution usually only takes a few hours, but if it is being implemented in a more complicated environment it can take up to three days.

We would recommend this solution to other organizations as it is very easy to use.

I would rate this solution a seven out of ten.

There are both options of cloud or on-premise solutions. I usually do the on-premise solution. We have others who do the cloud solution. If you want to deploy and protect your network from threats and protect your neighbor, that's one of the uses that we employ. With that, you have Security Intelligence, you have Intelligence, you have an Intrusion Prevention System. In the recent upgrade of Firepower, we have 3.0. You can use that to protect the internal network or if you want to protect your servers. 

We use the Security Intelligence feature. We also use the Cisco AMP for Networks, which is used with the ITL certificate. You can use third-party integrations with the Firepower, about security. You can use the STIX format. With the STIX, you can add emergency threats to rules. This includes malware detection which has a third-party Security Intelligence platform. Included are reporting for the last seven days, V shell, and phishing tank. Cybercrime tracker is to check if any company or domain has a bad reputation on the internet. And it can give that information to the Firepower. You can use Security Intelligence to protect the network. It has preprocessors about security. They have a preprocessor for the SCADA. Cisco has evolved a lot in that area over the last few years.

The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.

We have been using Cisco NGIPS or Firepower NGIPS for five years. We use the latest version.

It's working correctly, it's working without problems. You can buy another Firepower, and you can do a cluster configuration. And it's really easy, we don't have any problems.

Cisco support is really awesome. I have another vendor like Honeywell. I really hate when I call Honeywell. But when I call Cisco, I really appreciate it a lot when I talk with the support engineers because the personnel have really good skills and have a really good passion. Cisco support is awesome.

I think the installation of Firepower NGIPS is really easy. You configure the device, you connect that to the Firepower Management Center, and you have deployed the Firepower.

If they're looking for a platform that can protect from attack, from external or insiders who want to attack the network, I think Firepower is a good solution. With  Security Intelligence, other security features make that platform an awesome platform. I would give Cisco NGIPS a rating of nine on a scale of ten. I think no one platform is perfect. I wouldn't give a 10 to a solution ever because 10 is 100%, and I think no one solution can 100% secure. Not because the platform is not working correctly. Because I think no one platform can be 10 by 10.