Try our new research platform with insights from 80,000+ expert users

Cisco Defense Orchestrator vs FireMon Security Manager comparison

Cisco and FireMon are both solutions in the Firewall Security Management category. Cisco is ranked #14, while FireMon is ranked #5 with an average rating of 7.8. Cisco holds a 1.2% mindshare in Firewall Security Management, compared to FireMon’s 16.2% mindshare. Additionally, 100% of Cisco users are willing to recommend the solution, compared to 87% of FireMon users who would recommend it.
Cisco Defense Orchestrator
Read 14 Cisco Defense Orchestrator reviews
  • 861 Views
  • 270 Comparison Views
100% willing to recommend
FireMon Security Manager
Read 53 FireMon Security Manager reviews
  • 5,196 Views
  • 3,995 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 4, 2024

FireMon Security Manager and Cisco Defense Orchestrator are competing products in the security management sector. Although FireMon is attractive due to its pricing and customer service, Cisco Defense Orchestrator has the advantage with its comprehensive feature set and cloud integration.

Features: FireMon Security Manager offers policy management, analytics capabilities, and detailed security rule assessments. Cisco Defense Orchestrator stands out with cloud integration, automation features, and a unified management interface.

Room for Improvement: FireMon could enhance its cloud capabilities, improve deployment processes, and expand integration options. Cisco would benefit from optimizing pricing strategies, expanding policy management capabilities, and improving analytics tools to match FireMon’s depth.

Ease of Deployment and Customer Service: Cisco Defense Orchestrator facilitates quick setup through cloud-based deployment and is praised for responsive customer service. FireMon offers a straightforward deployment process but may require more extensive configuration, yet provides competitive support.

Pricing and ROI: FireMon Security Manager has a lower upfront cost and offers favorable ROI, appealing to budget-conscious users. Cisco Defense Orchestrator justifies its higher setup cost with integrated capabilities and has potential for greater long-term ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Defense Orchestrator vs. FireMon Security Manager Report (Updated: October 2024).
Buyer's Guide
Cisco Defense Orchestrator vs. FireMon Security Manager
October 2024
Download the complete report
Helped 814,649 peers since 2012
 

Categories and Ranking

Cisco Defense Orchestrator
Ranking in Firewall Security Management
14th
Average Rating
8.2
Number of Reviews
14
Ranking in other categories
No ranking in other categories
FireMon Security Manager
Ranking in Firewall Security Management
5th
Average Rating
8.2
Number of Reviews
53
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Firewall Security Management category, the mindshare of Cisco Defense Orchestrator is 1.2%, up from 1.0% compared to the previous year. The mindshare of FireMon Security Manager is 16.2%, up from 16.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewall Security Management
 

Featured Reviews

Vivek Balaji - PeerSpot reviewer
Feb 28, 2022
Useful guides, excellent support, integration could improve
Cisco Defense Orchestrator has useful guides for the steps that need to follow by users Cisco Defense Orchestrator can improve by providing more support for third-party security components. I have been using Cisco Defense Orchestrator for approximately eight months. The Cisco Defense…
Read full review
JeffReese - PeerSpot reviewer
Jul 25, 2022
Makes compliance much easier compared to doing it manually, and automates policy changes across environments
People have a tendency to just add rules to firewalls, but they don't go back and take rules away. Some of our customers have thousands of unused rules that have been sitting out there for over a year. In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level. It also identifies risks in your environment and helps to prioritize fixes. It actually rates the risk level, meaning you look for the red and try to bring everything to green.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple."
"With Cisco Defense Orchestrator, we can manage the complete Cisco Security solution. It provides a simple and centralized way to manage all products."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too."
"The most valuable feature is the Intrusion prevention."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
More Cisco Defense Orchestrator pros
"The firewall assessment feature is great."
"The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries."
"Vendor agnostic when it comes to integrating with other product."
"Policy test, access path analysis, and change reports."
"The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule."
"The technical support is very good. They've always been helpful."
"The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,"
"The unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees... The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used."
More FireMon Security Manager pros
 

Cons

"I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"It should have more features to manage FirePOWER appliances."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
More Cisco Defense Orchestrator cons
"We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement."
"The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement."
"Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric. I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there."
"The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing."
"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."
"We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually."
"Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."
"The current health and monitoring of the devices is atrocious... Imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined... Out of all those categories, I only find one or two of them that are, perhaps, pertinent."
More FireMon Security Manager cons
 

Pricing and Cost Advice

"If you compare to what is available on the market, they are in the same range with respect to pricing."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"It's around £500 per unit for a three-year license."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
"We pay for it yearly."
"We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time."
"The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average."
"Relative to what it offers, the price is fair."
"It's a good value. From a licensing standpoint... it's very simple to understand, and gives us a good bang for the buck."
"FireMon is cheaper than AlgoSec."
"Pricing is reasonable."
"Pricing model seems fair."
More FireMon Security Manager pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
See recommendations
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
48%
Financial Services Firm
9%
Manufacturing Company
6%
Government
4%
Computer Software Company
20%
Financial Services Firm
16%
Manufacturing Company
8%
Energy/Utilities Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Ask a question
Earn 20 points
What do you like most about FireMon?
I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement.
See all answers
What needs improvement with FireMon?
We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain d...
See all answers
What is your primary use case for FireMon?
We use Security Manager for firewall changes, monitoring, and audits.
See all answers
 

Comparisons

Palo Alto Networks Panorama vs Cisco Defense Orchestrator Logo
Palo Alto Networks Panorama vs Cisco Defense Orchestrator
Compared 37% of the time
Tufin Orchestration Suite vs Cisco Defense Orchestrator Logo
Tufin Orchestration Suite vs Cisco Defense Orchestrator
Compared 33% of the time
AlgoSec vs Cisco Defense Orchestrator Logo
AlgoSec vs Cisco Defense Orchestrator
Compared 30% of the time
More Cisco Defense Orchestrator Competitors
Tufin Orchestration Suite vs FireMon Security Manager Logo
Tufin Orchestration Suite vs FireMon Security Manager
Compared 41% of the time
AlgoSec vs FireMon Security Manager Logo
AlgoSec vs FireMon Security Manager
Compared 37% of the time
Skybox Security Suite vs FireMon Security Manager Logo
Skybox Security Suite vs FireMon Security Manager
Compared 12% of the time
Palo Alto Networks Panorama vs FireMon Security Manager Logo
Palo Alto Networks Panorama vs FireMon Security Manager
Compared 5% of the time
ManageEngine Firewall Analyzer vs FireMon Security Manager Logo
ManageEngine Firewall Analyzer vs FireMon Security Manager
Compared 3% of the time
More FireMon Security Manager Competitors
 

Product Reports

Buyer's Guide
Cisco Defense Orchestrator
November 2024
Cisco Defense Orchestrator reportDownload Cisco Defense Orchestrator product report
Buyer's Guide
FireMon Security Manager
November 2024
FireMon Security Manager reportDownload FireMon Security Manager product report
 

Also Known As

CDO
No data available
 

Learn More

Video not available
Cisco
FireMon
 

Interactive Demo

Cisco
Demo not available
FireMon
 

Overview

Cisco Defense Orchestrator (CDO) is a cloud-based management solution designed to ensure streamlined and consistent security policies across the Cisco security portfolio. Specifically tailored to manage all Cisco Secure Firewall form factors (running either ASA or Firepower Threat Defense (FTD) software), CDO offers real-time visibility and troubleshooting capabilities, effectively enhancing overall network security.

CDO addresses the challenges of migration, supporting transitions from on-premises to cloud environments and facilitating the shift from ASA to FTD configurations. As organizations embark on their cloud adoption journey, CDO simplifies provisioning workflows for remote branches, reduces operational expenditures related to inventory management, and offers scalability for multi-cloud deployments.

The increasing complexity of networks, driven by the constant influx of new devices, applications, and cloud services, presents a daunting challenge for managing firewall policies and rules. A typical enterprise environment has millions of rules, and just one simple misconfiguration can lead to devastating consequences like compliance violations, outages, and data breaches. 

FireMon’s Security Manager is a purpose-built network security policy management (NSPM) platform that automates the management of firewall and cloud security policies to eliminate policy-related risk, accurately and quickly change rules, and meet internal and external compliance requirements.

  • Reduce Risk Manage risk with real-time visibility and control
  • Manage Change Avoid misconfigurations, accelerate business, and improve security
  • Enforce and Maintain Compliance Avoid violations, avoid risk, and avoid fines
 

Sample Customers

Insurance Company of British Columbia, Shawmut
Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Verizon, Wells Fargo
Buyer's Guide
Cisco Defense Orchestrator vs. FireMon Security Manager
October 2024
Free Report: Cisco Defense Orchestrator vs. FireMon Security Manager
Find out what your peers are saying about Cisco Defense Orchestrator vs. FireMon Security Manager and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,649 professionals have used our research since 2012.
See our Cisco Defense Orchestrator vs. FireMon Security Manager report.
See our list of best Firewall Security Management vendors.

We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.