Cisco Secure IPS (NGIPS) Reviews

We are a solution provider and I am an engineer who deploys solutions. This is one of the products that I have experience with it in this capacity. The version that we use depends on the client.

Some of our clients are ISPs and they are using the firewall features in this product to replace old firewalls. It is doing the regular firewall inspections, VPN concentration, and other such things. For other customers, who replaced Sourcefire, they use it primarily as an inline IPS and a passive IDS. These customers do not choose very many of the firewall features.

Some customers use it for both; they have a firewall, VPN concentration, and then they do IPS inspection. This is the next-generation of these technologies.

The most valuable feature is the IPS engine. It has been in the security branch for decades and is now integrated into the Cisco portfolio. The difference is that it has been scaled a thousandfold. It provides a base language for intruder inspection for all of the security engineers. Now, they have the same language everywhere in the corporate and the open-source firewalls and IPS.

The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation.

I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.

I have been working with NGIPS for about four years, since 2016 or 2017, shortly after Cisco bought it.

Stability is something that is tricky to judge because when you have a 600-person userbase, there are always going to be issues. As we fix them, it becomes stable again.

This is suitable for organizations of all sizes; small, medium, and large-sized companies. For example, one of our clients has 600 users.

The ease of scaling depends on the number of times you scale, or to which extent. I can start by saying that scaling is easy but if you want to scale a hundredfold, then it's not going to be so easy. It's impossible.

I like Cisco's technical support and find that they are efficient. In fact, I was a technical team leader for Cisco support, and I am now a client. There is amazing support team at TAC and they help Cisco be great. 

I have worked with similar products from different vendors in the past, although I am avoiding this type of task for the moment.

The main advantages to Cisco are the scale, the integration, the training, and the possibility of finding somebody to work with. Also, the reaction time that they have in case of failure is very fast, and it is easy to replace the setup.

The initial setup is complex. It requires that NGIPS be optimized such that it has the best results with the best performance. The deployment model, be it on-premises or cloud-based, depends on the client.

The length of time required for deployment also depends on the client. In a small office, I can do it in a few hours. For an enterprise, it could take half a year. I have worked on many different scales.

I am responsible for deploying this product to our customers. When it comes to maintenance, we cooperate. They know the environment, their tools, the change management, and the internal procedures. I take care of the technical parts, and we have full cooperation until it is complete.

This is an expensive product, with the biggest cost being the license that keeps the service going.

My advice for anybody who is implementing NGIPS is to get in touch with someone who can advise them because every network is different. Properly sizing the appliances is important. 

I would rate this solution a ten out of ten.

I've found the web filter and JPS the most valuable features.

There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products.

In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.

The solution is stable. This is one of the good things about Firepower. Especially if we use ESE with it. That would make it the complete solution for Cisco for security. If it is the complete solution, it's stable and there are no issues with the product. If the user isn't connected all the time, for example, if we look at some sites or some users, sometimes the connection for the user gets disconnected with each session. Sometimes the filter doesn't work. 

The solution is good to scale.

The technical support is really good. Not only for this solution. The support of Cisco is always good. From the first call, the response is quick and there is no problem with the support.

The initial setup is not complex. There is a wizard so it's not complex. There is a difference in the complexity of the deployment. Depending on customers and infrastructure, sometimes it takes one day or two days if we're talking about a little infrastructure. Sometimes it can take eight days or more to couple the firewall with ASA, and to do some more complex architecture. If we have a complex architecture, we need 2 people to implement, but if we have an implementation that is not so complex, one person can do it.

I do the implementation myself.

Most of the time the ROI good. The customer, most of the time, is happy and is convinced of the usefulness of the solution.

If someone wants to use Cisco Firepower, the solution is easy. The complete solution is the best for having the full security of a Cisco infrastructure. If I could advise someone with the deployment, I would advise taking the complete solution, in order to have a really scalable and stable solution. Or, if you can't take the complete solution, I'd advise taking a cluster of Firepower to have the scalability and stability.

I would rate this solution a 7 or 8 out of 10. If they could add a few of the mentioned features or do something more with the application filter it would be a 9 or a 10 out of 10.

We are using Cisco NGIPS for our company network. We are comparing how it works with the other companies.

The most valuable feature of Cisco NGIPS is its protection.

The price of Cisco NGIPS could improve.

I have been using Cisco NGIPS for approximately four years.

Cisco NGIPS is stable.

The scalability of Cisco NGIPS is good.

We have approximately 100 people using this solution in my company.

I did not use the support.

We previously used a Russian-based solution that was not popular.

The initial setup of Cisco NGIPS was straightforward.

We used a consultant for the implementation of the solution.

I have not seen a return on investment.

The price of Cisco NGIPS could be reduced. It is more expensive than other solutions.

The solution only requires one person for maintenance.

I would recommend this solution to others but it depends on their budget. It is expensive.

I rate Cisco NGIPS a seven out of ten.

We use it on the perimeter, for our infrastructure between our network and our bank's network.

The solution is very powerful coupled with Firepower. It's great for filtering.

The pricing is very expensive. They should make their equipment more affordable.

Cisco should offer better integration capabilities and offer an easier integration process.

This current solution is stable. Last time, we worked with Cisco ASA 6500. That solution sometimes froze and we had to reboot the system. This one, as I mentioned, seems fine. We don't have this problem.

The solution is very scalable, but the main issue surrounds the cost to do so. Scaling can be very expensive. Our network isn't too big. We have around 60 users.

Cisco offers very good technical support. I have no complaints about that. 

We attended the Cisco training, as we always do. When we buy equipment from Cisco, they also give us learning credits. With those learning credits, it makes it easy to attend training. In terms of the knowledge they share surrounding the equipment, it's very good. We don't have a doubt about what to do.

The initial setup of NGIPS was fine. Firepower took the most time. We took about three months to deploy the solution. 

You only need two people for deployment and maintenance. 

We implemented the solution by ourselves. Last time, we worked with a company that deployed for us, but it turned out not to be necessary. We realized we can deploy by ourselves, and attend the training and support by ourselves. 

The advice I would give to others thinking about implementing the solution is to make sure you have a solid knowledge of the network. 

I would rate this solution eight out of ten.

The most valuable features of Cisco NGIPS are the VPN, IPS, access policy management, EIM, and the ASA model as part of Firepower.

I have been using Cisco NGIPS for approximately three years.

Cisco NGIPS is highly stable.

Cisco NGIPS is scalable. The scalability is easy to do because if the Firepower threat defense works in the cluster mode, someone can scale up the system using two and three Firepower threat defenses at the same time in one system.

We use this solution in different companies and provide them with support. We have some clients that have 3,000 users whereas others have 700.

In our company process some team, we have three or four people and the solution can be easily maintained because it is managed in one place in the Firepower management center. In one company we have approximately 24 Firepower models and these devices are controlled by one system, the Firepower management system (FMC). It's very easy to control and maintain the solution.

The price of the solution is expensive to a degree it cannot be used by small businesses. It is best suited for medium and enterprise businesses.

I would recommend this solution to others for medium, large, and enterprise businesses only.

I rate Cisco NGIPS a ten out of ten.

We use this product for IPS detection and reporting purposes.

We have found the IPS detection to be a very valuable feature of this solution. It is easy to use to stop policy violations.

We would like an option to search through the logs to be added to this solution.

We have been working with this solution for three years.

The current version of this solution is proving to be very stable.

We believe this to be a scalable solution.

The technical support for this product is good. They respond to tickets quickly when they are raised, and they generally respond within 24 hours.

The initial setup and configuration of this solution was straightforward.

Licenses for this product are available for either one, or three year terms.

I would rate this solution a nine out of ten.

We replaced an ASA with Firepower managed by FMC with NGIPS, and we're also using it for advanced security, like anti-malware protection and IPS. 

We used to have different solutions integrated together between Cisco and non-Cisco, or Cisco and a third party. We now have an all-in-one which is kind of nice. 

I believe the IPS is a valuable function, because they update the signatures all the time and it's very granular. This is a good, stable solution and it's always up to date with all the security features.

I think the GUI user interface could be improved and the login is not very user friendly. They could maybe improve on that. 

The stability is good, we haven't had any problems. 

I think scalability is good although we only have a couple of people in our company that use it - the IT Manager and myself.  

The technical support is very good. I've never had issues with Cisco support, they're the best. 

The initial setup is straightforward, it took a few hours. As the consultant, I deployed the solution. 

I'm not sure of the licensing costs, I know we have a three-year subscription. 

Compared with other solutions, this is very good. 

I rate this product a nine out of 10. 

We are using the WAF models to monitor the IDS and IPS also, and it is integrated with Cisco Umbrella.

Cisco NGIPS is working well overall with our current needs.

The stability of the user console and some features could be easier to access.

I have been using Cisco NGIPS for the past one and half years.

The stability can be better. The Cisco console is unstable.

The scalability is fine. I believe it covers the expectations that we have.

Technical support is very good, but you must have the expertise and technical people with Cisco NGIPS.

Positive

It is very straightforward, clear, and easy.

I usually work with Fortinet and FortiGate which is a lower cost in comparison with Cisco NGIPS.

I would rate Cisco NGIPS a nine out of ten.