What needs improvement with Cisco NGIPS?

It's better to strengthen the AI feature of the IPS. Considering different attack vectors, using AI to understand the behavior or features of network-level intrusions and protecting against zero-day attacks would be beneficial.

There are certain limitations that need to be addressed.

My company does not use the URL filtering capabilities offered by Cisco NGIPS. My company prefers to use the URL filtering feature offered by a brand other than Cisco since other tools provide an easier way to use the functionality. I wanted to look into the other products offered in the market because Cisco NGIPS is expensive. The product's high price is an area of concern where improvements are required.

Cisco NGIPS' performance could be better.

From an improvement perspective, Cisco's technical support team should work on their speed of response. If there is a delay in the response time from Cisco's technical support team, it causes a problem since for our company, we don't have access to Cisco's site since it is a restricted zone. If we have some project in our company and we want to set up some remote access, then we need to enter some commands and tests. Some problems exist on my company's side when it comes to the product, but a better speed of response from the technical support team of Cisco would be good. Cisco NGIPS should work on its shortcomings related to the issues that stem from bugs and performance.

The attack patterns and payloads go undetected in Cisco. We would like to see a new solution with more effective detection of attack patterns. There should be more data analyzing patterns as well which provides useful information.

They could provide one solution to fit all the use cases. Presently, we have purchased different solutions for total security. It has become expensive for us.

While the Management GUI and FMC could be improved, the devices themselves function well.

The solution could always enhance detection for zero-day attacks, SQL injection, and signature-based anomalies.

There is room for improvement in the policy documentation. It gets confusing trying to understand what all of the policies mean. We need clear documentation explaining what each policy does. For the Cisco STD, if we lose the connection with the SMC and STD, we can only assist with the STD via the CLI, so we can only do some troubleshooting. I think this is an area that needs improvement. In terms of the architecture, it needs to be more comfortable to change our own managed STD via the UI even if SMC is not available. The technical support has room for improvement.

I would like to see the sanctions lifted so we could use the full solution and have the speed increased.

Some features, for instance, are a way for the management console to be able to manage each specific firewall, for instance. Because if we have more than one firewall configured in the management center, we cannot delegate administration, just one of the equipment. I think the part of IPS and everything else needs to be better equated to the real needs or current needs of the business compared to the other manufacturer, because it is not straightforward, a way to configure it compared to the other competitors.

Cisco NGIPS runs the backend as a Snort engine, so it is like they customize it with Cisco. So they need to have an engine for threat defence.

We would like to see some improvement in the configuration process for this solution, as it is currently quite complex.

The feedback from some of our customers is that they weren't interested in Cisco because it was too complicated to deploy, especially in cloud-related areas. Something else that our customers have commented on is that, in the current release of Cisco NGIPS that we are using, there have been some issues when they have tried to synchronize Cisco's hardware products with Cisco's management software. If I recall correctly, the problems came from Cisco's Firepower Management software after we had proposed to our customers to use virtual machines as a cost-saving measure. After setting up the VMs, the software would start crashing, and it greatly disturbed the customers. It is possible that this was related to power issues because most of the time it would crash on power-on or power-off, but at other times it would crash due to incoming firewall traffic. I hope that in future releases, these problems will be solved. In general, the ASA level features are working very well in Cisco products, but when it comes to the Next-Generation product, it has been somewhat unstable. To remedy this situation, Cisco needs to make the software more stable, easier to manage, and easier to update (possibly with an auto-updating mechanism). The small intricacies of the software product make the system more complicated than it needs to be for our engineers and our customers.

Cisco NGIPS could improve its ability to do SSL inspections. Sometimes the ability to do SSL inspection is not scalable and you might not be able to get the installment required if you don't size the right hardware.

The next Cisco NGIPS release should include more features for production ideas and more intelligence for IDS and IPS features.

We have a separate management controller for Cisco NGIPS. If they have not done it already they should integrate Cisco NGIPS with the Cloud Portal. The solution has some bugs that sometimes take time to resolve.

The GUI could be improved. The pain point is really only focused toward the security engineer who configures it and the operation engineer who manages it. Those are the guys that have the pain points because the GUI is so bad.

The performance of CISCO Firepower could be improved. We moved from Sophos to Cisco before the pandemic. During the pandemic, there was an increase in VPN connections. We had a layer of security within CISCO Umbrella, and now with Cloud. The firewall protects the internal system, but we needed to add another layer of security for the endpoints that are outside the local area network. We needed another product to cover this lack of security. We prefer to have integration with the points that are outside our local area networks using the same brand using one single console. Because the firewall only protects the people inside the network, we required another solution. I would like to see Cisco NGIPS include home office support in one single product.

I'd like to see some cloud management. Cisco maybe already has it, however, my company doesn't use it as cloud management. That said, it would be great to manage your device through the cloud instead of managing through a server on-premise.

If Firepower had an embedded vulnerability scanner, it could better detect the vulnerabilities on different platforms in the network. It needs to integrate with other solutions to detect these vulnerabilities. It cannot detect system vulnerabilities on its own. A new trend is encrypted security solutions. Firepower can integrate with Cisco products like Stealthwatch, and Stealthwatch can primarily integrate with other Cisco products. Firepower APIs that allow it to integrate with other vendors need more flexibility. For example, if I want to integrate with Forcepoint, I can't because Forcepoint cannot integrate with other sandbox vendors. This integration has become essential for the latest security solutions because most customers are now thinking about integrated security solutions. However, not every product is like that. We have to think about the integrated security solutions, so Firepower needs to improve in this area, the integrations with other vendors.

The CLI, the console line interface, of the FTD could be improved. It's very complex, so without a GUI, it doesn't work well. I would like it to be more simple. As far as additional features or next releases, I think the price could be cheaper.

The solution should contain the sandbox features which we find in Check Point.

It's coming to its end of life. We will be considering another solution because it is no longer scalable. While it is stable, I would like it to be even more stable.

The price could be improved.

Some Next-Generation Firewall solutions come with Intrusion Prevention. It would be nice if Cisco NGIPS included that.

Multi-internet line load balancing should be supported. It is available from other vendors and should be included with this product.

I think the GUI user interface could be improved and the login is not very user friendly. They could maybe improve on that.

We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license. Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower.

The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.

The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up. The newer version tends to use a lot of system resources. For example, your processor and RAM.

The onboarding process could be made a little bit better.

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers. They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery. You need that to really handle finding anomalies properly. In the past, I've noticed that some applications are not identified correctly, based on the OS and the fingerprints that they're pulling from the host. In the future, we would like to see more involvement with the on-premises hybrid cloud. We want to see Cisco do more in the cloud space, and basically improving the connection between on-premises and the cloud. This including things such as automation.

Because of cybersecurity threats, other security features should be available in Cisco devices. Sangfor IAM is good because this provides the logging IAM feature which you can retain for up to 12 months. But Cisco does not provide this type of logging because no third-party logging server is supported with the Cisco firewall.

I would like to see better support for preventing cross-scripting and brute-force attacks that may originate from our homegrown applications. This is needed because the applications that we are developing for internal use do not go through the heavy security check that we have in place. If there is some flaw in an application, which happens every now and then, then there will be a huge cost that I may have to pay. I would like to know that if I have a security solution in place then I am at least 99% confident that problems will be prevented. As it is now, I cannot say that I am 80% secure against my applications being attacked. Better integration with other products, such as a SIEM tool, would provide better peer visibility about your security posture. Adding this type of functionality would make this product unbeatable.

The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation. I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.

Currently, this product is difficult to manage. It needs to be more user-friendly. A lot of improvements can be made into the overall architecture of the firewall. It's lacking right now. It's something they need to work hard to improve. The reason for the lack of cohesion in the architecture is due to the fact that Cisco acquired this company and then they merged two products, the Cisco ASA and the Firepower product, into a single product. As a result, the product is not as mature as some of the other comparable products out in the industry. The price is in the high end of the spectrum, again, comparing to other players in the industry. The solution requires better management. When it comes to central management capabilities, improvements can be made. Better reporting in terms of analytics and dashboards would be very useful in future versions.

It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own. It learns patterns, learns what good traffic looks like then is able to stop bad traffic, not just based on behavior but based on every other thing. I think other next-generation IPS solutions are turning towards integration of ML and AI. I need machine learning and the ability to share intelligence.

The pricing is very expensive. They should make their equipment more affordable. Cisco should offer better integration capabilities and offer an easier integration process.

Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use. It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution. One feature that is lacking is full interoperability with CLI. You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.

I have had a lot of problems with false positives and it would be helpful if this were improved. I would like to see integration with monitoring tools such as Nagios or BMC. An improved dashboard would be great.

I would like to see the total performance for the users improved. We have a need for security, so we would like to see more protection against virus attacks and ransomware attacks. The inclusion of bandwidth management features would improve this product. I would like to have an API for application development.

We would like to see support for DDoS protection. The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost. The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.

There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products. In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.

The file trajectory could be improved. We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.

The main problem with Firepower is the time between deployment and configuration. Now, it's approximately six minutes, so If I configure something during deployment, I understand that maybe if I write up a small mistake, I need to wait twelve minutes before I can fix the configuration. So I think the main problem is the time of deployment. The solution could add DLT, but it's already full enough of features. The interface could be simpler and more user-friendly. More flexibility with the dashboards is needed because some of them are not fully developed. We could use more flexible base boards.

The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.

* I would like to see better integration with SIEMs. * Better rule building using other tools, like LuaH and Python. * Better performance. * Better intelligence gathering in domains, the main URLs, and endpoint solutions.

In the next release I would like to see better reporting. I also find it's hard to act on the data it gives you.