Cisco IOS Security Reviews

This includes monitoring, incident detection, secure management, and advanced options such as Cisco integration with Cisco DNA, Cisco ICE, TrustSec, and encryption on Layer 2 such as MACsec.

We could consider those advanced functions as main use cases depending on the customer itself. However, all other features are a foundation and necessity in each Cisco IOS Security implementation and with each customer.

Cisco IOS Security's threat detection features are effective from the point of real-time insights and alerts. There are several features, starting from basic ones such as control-plane policing, which protects the device itself from known attacks or influences on the network devices. There are higher-level systems such as intrusion prevention systems which detect intrusions within the system.

This is an issue that I have observed for years now. Cisco changes their licensing policy quite frequently, which is becoming confusing and complicated. This is an area for improvement with Cisco.

My impression is that the support quality has deteriorated over time. It was much better before. Although when I personally contact them, I usually receive good feedback.

I receive premium support due to our status as a Cisco Gold Partner and CCIE certification. While I have noticed a decline in the quality of support through the years, I still find it great.

Positive

I might not be the best person to evaluate this aspect due to my extensive experience. I have observed that some customers who attempt the setup independently do struggle, but overall, it is straightforward.

They are working diligently in this area and making improvements. The return on investment is satisfactory with Cisco products as they have long lifespans, and our customers are satisfied with them.

This can be a major issue as enterprise customers are often price-sensitive. The competition is strong in this sector, and it would be beneficial to have a more price-competitive position. While Cisco targets enterprise and lower-end customers with Meraki products and other acquisitions, they remain on the higher end of pricing.

As a large company, Cisco was not as agile or quick in adapting to modern security trends. Security requires rapid flexibility to keep up with the latest threats, which is more dynamic than traditional networking.

We do not extensively use Zone-Based Firewalls in Cisco IOS Security, instead typically deploying standalone firewalls such as Cisco FTDs or Cisco ASA devices.

For threat analytics and vulnerability scanning, we utilize third-party vendors with dedicated devices and software. We use products such as Tenable from Nessus for this type of analysis.

We have implemented Secure Access Control Server in Cisco IOS Security, which combines multiple security mechanisms including AAA, 802.1X for network access control with Cisco ICE, TrustSec for identity-based segmentation, and Cisco DNA Center.

Cisco IOS Security's VPN support is comprehensive and increasingly important in daily communication, from basic site-to-site tunnels to remote access VPNs and SD-WAN secure VPNs. Protecting and encrypting communication is essential in modern networks.

The challenges with Cisco IOS Security are more operational than product-related. There is an understaffing issue, making automation and orchestration capabilities particularly valuable. For the products themselves, we only encounter routine operational matters such as addressing new vulnerabilities and patching.

For those considering Cisco IOS Security, it is important to understand that Cisco offers a complete ecosystem. When embracing the Cisco ecosystem fully, customers receive excellent products and comprehensive solutions.

On a scale of 1-10, I rate Cisco IOS Security a 9.

This solution should be implemented for most enterprise-level customers. It ensures that users accessing the corporate network or wireless network with their own devices are authenticated and authorized. As a network administrator, I can track who is accessing the network, what devices they are using, and their device profiling.

This solution, called Network Access Controller, handles authentication, authorization, and accounting for devices accessing the network. It includes device profiling and various other features. I focus primarily on the MAC part for access control, but there are other features available.

While I do not have specific recommendations for improvement, pricing can be reduced.

I have been using Cisco IOS Security for more than four to five years now.

I find Cisco IOS Security to be a very stable product. I would rate its stability around seven point five out of ten.

I think Cisco IOS Security is a scalable solution.

Customer service and support are responsive and helpful.

The initial configuration of Cisco IOS Security can be completed in three to four days. That said, onboarding devices depends on the customer's environment and number of devices.

The implementation is typically done by one person who has experience with AI technology and the necessary protocols, rules, and policies. However, the number of people can vary depending on expertise.

I estimate that the return on investment is at least 30%.

Pricing can be reduced. I rate the current price for the product a four out of ten.

I recommend Cisco IOS Security for other organizations. 

The overall rating for the product is eight out of ten.

I deal with Cisco Secure Firewall, especially when dealing with zero-day attacks, and known and unknown malware, both inbound and from within the network.

So, it includes IOS Security and IDPS functionalities. 

Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It offers good network visibility, which helps in rapid response through the Rapid Threat Containment feature. Its deployment and configuration are straightforward.

From a networking perspective, for instance, Cisco IOS incorporates time-tested security features.

The zone-based firewall feature has significantly influenced our network security management. For instance, when managing multiple geolocations, it's essential to apply geographically appropriate policies. 

If a customer operates within the UK zone, I need to implement UK-specific policies. This approach is also applicable to customers in the Asia Pacific and UK regions. It enables me to tailor security policies based on the geographical location of my customers, such as adjusting policies for customers in China or Japan. This flexibility helps in creating a comprehensive zone list.

Additionally, this feature allows for seamless service agreements between all zones from headquarters, providing access to all zones within the firewall we create. Essentially, it facilitates the creation of zones within the firewall.

It's hard to pinpoint a single feature as the most crucial for threat detection because threats can penetrate the network in various ways. However, securing email is vital as it's often the primary vector for threats globally. 

Therefore, monitoring what the user accesses and applying necessary restrictions is paramount for maintaining security.

In the security portfolio from Cisco, the issue is marketing. Cisco is still seen primarily as an enterprise network player rather than being acknowledged as a security vendor. 

Cisco offers a vast array of potent security products, yet the global market hasn't fully accepted Cisco as a top security provider.  Palo Alto, for instance. They have made their mark in the global market, leading in firewalls and building robust security portfolios.

The product is very stable. We receive a proper attack response service, and it is a good product.

When we compare the results, the product is quite stable, and they continually improve it. It's not that they stop improving; they keep enhancing the product.

I am in the system integrator industry, we deal with Cisco products, with a customer base of 2,000 plus. All of my customers, whether from an enterprise network or a security standpoint, are engaged with Cisco.

The scalability is good. It's very accommodating.

The technical support is fast and knowledgeable. It depends on the SLA and priority, but they always give proper attention to the ticket. 

The technical team is very knowledgeable and they extend their support effectively.

The products from Cisco Security are easy to deploy, monitor, and configure. There are no complications in configuring them. The documentation is perfect, with recommendations that are crystal clear for reading and building. It is easy to configure and it is easy to deploy. 

Compared to other OEMs, like Fortinet, for instance, they might be well-recognized in the market, but from an engineer's standpoint, configuring their products can be challenging. Cisco's approach, however, is pretty straightforward, making it easy to deploy, configure, and monitor.

Configuring VPNs with Cisco Security is very user-friendly. Cisco is number one in documentation, making it easier to resolve issues. 

As a partner, we have access to partner portals that offer excellent study materials. This enables my team to learn about configuring the firewall, understanding essential configurations, and identifying priorities within the firewall setup. The documentation is pretty neat and comprehensive.

We assist a customer in setting up a new branch office, and we evaluate and recommend the necessary security solutions. This includes firewall deployment, user and device security, and endpoint protection to ensure secure access to sensitive data.

The challenge often comes down to pricing for SMB customers or those below enterprise level. It's tough for them to invest in Cisco Security products, not because the products lack quality—on the contrary, they recognize the products' are good.

As consultants, we do convince customers of the product's value. However, it's crucial to consider the customer's budget. The cost is a significant factor for them. So, the pricing structure should be improved. It is expensive. 

You can get a better price if you commit to a longer-term license. Three years, five years, or even seven or ten years will be cheaper than a three-month or one-year term. So, a longer term, like three or five years, is definitely recommended for cost savings.

When it comes to the product, I would rate it a ten out of ten. It's very good.

For end customers looking to evaluate vendors, my advice is not to focus solely on one vendor. Instead of comparing features directly, consider your use case. 

For instance, I might recommend Cisco, while another might suggest Zscaler or Fortinet. Customers should base their decisions on whether a specific use case is better served by Cisco or another vendor, rather than a feature-by-feature comparison. It should be a use case-driven comparison.

We use it as a firewall, mainly for protection.

The most valuable features are DNS service and shell self-service within a network.

We faced significant challenges related to licensing issues, particularly when licenses expire. When licenses are not renewed, it becomes necessary to upgrade both hardware and software, which can be extremely costly. It can also cause difficulties for users due to delays in policy creation and publishing.

I have been working with it for three years.

I would rate the stability of the solution ten out of ten.

The scalability features are excellent, especially for enterprise businesses. Our company has over seventy thousand employees. I would rate it ten out of ten.

We experienced some delays in technical support services when encountering significant issues. When seeking assistance from Cisco's support team for specific cases, the solutions provided can sometimes be quick, while at other times, they may take longer to address the problems.

Neutral

The initial setup was easy.

The deployment process is significantly lengthy, spanning ten to fifteen years, primarily due to licensing issues. When initially setting up the firewall, the focus was primarily on regular business needs. This setup involves numerous routers and servers, including a central server and individual servers. Consequently, the complexity of the setup has driven up both the labor involved and the associated costs, particularly in terms of internet connectivity.

The cost of the license, to the best of my knowledge, is approximately two thousand dollars.

A good configuration mode is crucial for security features. This mode involves mapping server IPs and parameters from previous servers, including policy mapping and fetching packages through policy inspection. Refining these sites is necessary and should be implemented promptly. However, the challenge lies in the waiting period of ten to twenty minutes for common or single mapping to take effect. The system already has a global enablement, but there's a need to streamline and reduce conversation qualifications and authentication processes.

We use the solution for the security of the network.

The stability is fine. The technical support is good.

The updates take time and cost.

I have been working with the solution for five to six years.

I rate the tool’s stability a nine out of ten. When there is an issue, it takes more time than expected to resolve it.

I rate the product scalability an eight to nine out of ten. More than 100 people, including event managers, use the solution in our organization.

The customers come to us first. They raise a ticket to us, and if we don’t find a solution, we go to Cisco. There is no major issue between our support and Cisco’s support team.

The initial setup is complicated. We took one to two days only for dispatch.

The product is expensive. We pay a yearly licensing fee for it.

Overall, I rate the tool an eight out of ten.

We employ a firewall to safeguard our secret clusters within our infrastructure. Additionally, we utilize panels such as Internet panels, which handle a substantial amount of security traffic, including handheld products. This setup extends to our routers and connector switches as well. 

There is a positive impact on security, particularly the intrusion feature, which helps keep the solution concealed and secure. It's a valuable aspect of the solution that we find favorable, and it enhances overall security across the board.

We’ve implemented the Cisco firewall along with additional security licenses. These licenses have been configured and the system is adequately protected. The entire process takes some time, but the most time-consuming part is creating the region and applying the necessary security policies to it.

I have been using Cisco IOS Security for some time.

It is a scalable solution.

The technical support is good. 

I find their configuration somewhat complex, which has led to some challenges on our end. Additionally, there's an issue with false positives. While they aren't major, they do have a significant impact and contribute to higher costs. We aim to minimize or optimize these aspects of the solution. It takes less than one day to deploy the solution. 

It is worth it.

We need to pay for the license and it is expensive.

If you want to improve our infrastructure, you should consider implementing Cisco with appropriate configuration, along with a software-defined network and architecture.

I rate the overall solution an eight out of ten. 

IOS Security is a firewall, and every connection goes through it. We have around 12,000 people in the company.

In Pakistan, we only use Cisco because they have good local support infrastructure. Huawei and Fortinet don't offer direct support in Pakistan.

It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies. 

The update process could also be smoother. They could improve the FirePOWER integration to reduce the time needed to update to the newer version. Sometimes, in the middle of the update, the process starts, but it doesn't find the new installation, so we have to force it to run that particular part. 

I have been using IOS Security for about six or seven years.

When we have FirePOWER integrated into the solution, there are some gaps, so it's not as stable as the legacy solutions like SFR and ASA. 

It depends on the size of the box. We don't have any issues regarding scalability with the appliance we have.

We don't directly connect with the principal. In Pakistan, we have vendors providing support indirectly to our principal. We have Smart Net support, but in the banking sector, management always prefers an indirect channel.

I also use FortiGate. IOS Security is more stable than competitors, and Cisco is more comprehensive in its approach. The company is trusted and has a greater presence. That is the main reason to use Cisco over other vendors. 

I rate Cisco IOS Security seven out of 10. To make it a 10, Cisco needs to speed up all the processes to reduce downtime to a minimum. For example, if a department comes to me to do a UAT, I might find out I have to make some changes. There's an additional 10 minutes. It's a lengthy process for me.

If you have the support for another firewall, I suggest researching your options. Go for the UAT environment and check as you're comparing them. I won't say that you should definitely go for Cisco.

Primarily, we were looking for security solutions for a specific project and another one after that.

Compared to other products I've used, it offers greater stability and performance, along with a wider range of features. Plus, the VPN connection portal scan works flawlessly, which was a big plus for us.

Some GUI modules have extended prices compared to other vendors, which isn't ideal.

Cisco is a scalable product, but it is expensive compared to other vendors. Huawei, Netgear, and FortiGate all offer scalable solutions at a lower cost. There is room for improvement in licensing. 

I've been using Cisco IOS security for quite some time. Everything worked smoothly without any issues.

I would rate the stability an eight out of ten.

It is a scalable product. We have about 15 devices implemented across the company.

We can get technical support from Cisco directly or the support community. It was customer-friendly. 

Positive

It has easy installation. I didn't face any complex configurations, whether in the program itself, firewalls, routers, or switches.  

Our current firewall isn't cloud-based, so we rely on both standalone firewalls and independent ones. Some features have cloud-based deployment options, but that's not our main concern.

Deployment time really depends on the specific project scope. Let's say you have a project with 100 users and need the full installation implemented. That might take around a week, including design, installation, and finalizing the project. However, if you only need specific changes or process implementations, it could be as quick as two days.

We need one architect, two engineers, and one technician for this project.

Cisco comes with a premium reputation, and while it's certainly not the cheapest option. Compared to other products like Huawei, Netgear, or even Fortinet, which are cheaper than Cisco. 

We pay yearly for the license. 

I would recommend this product if it fits the budget. Overall, I would rate the solution an eight out of ten.

The solution is the core of our network to implement, for example, Cisco Eyes, since we have Cisco Eyes on our network. At the core and access layers, we also use the solution for all our configurations concerning admission control into the network.

The solution is easy to use. It provides hotkeys that help you remember commands you've forgotten about.

I would like upgrading iOS to be a bit easier. If you want the old version to continue running, that should be a bit easier. People have made many apps to do that online, but if Cisco could have that at the click of a button to quickly download or upload it, after which everything starts to work, that would be good. Sometimes, setting up your TFTB is difficult even though there are tools now. There should be something that would make it much easier where I just have to download, upload it into the iOS, and start it up.

I've used the solution for about eight to ten years.

The solution is very stable.

The solution is very scalable. We have about 500 users on this solution.

The solution is easy to set up if you know what to do. You can copy all the content and slam it into the switch if you have a configuration. After five to ten minutes at most, the switch is ready.

The initial setup is not much of a problem if you have an existing configuration. You just need to copy and paste. But if you're designing things, you might need a consultant.

We mostly need technical people for the solution to support users. Most of the issues we have are the Mac and our Cisco Eye. Sometimes, the user's password will expire, and the user must be called to connect them back. Sometimes, Eye does not allow the users to work, and we need to clear the ports and things like that. That's a bit of the experience where we have one challenge after another, but we are finding our way around it. Regarding the number of technical staff, we need a password administrator who does the configuration and then support guys who ensure that all the endpoints have access to the network.

You might need some level of support depending on what you're doing. Because even if it is in a cloud environment, as long as you understand the setup of what you want, you're good to go.

I rate the solution an eight out of ten. Before now, there were things that you could log in and get them to do for you. Because we have Smart Net for our devices, that's the way to go most of the time because you are sure that at the click of a button, Cisco will always be there to help.

We use Cisco IOS Security for firewalls and security purposes. Cisco has licenses that allow you to create registered ports.

The product's stability is good.

The weakness of Cisco's products is that it has higher prices for even its lowest configurations. Cisco has to come a little forward with its products. Cisco very slowly introduces and implements the products, unlike other brands.

I have 10 years of experience with Cisco IOS Security. 

It is a very good product stability-wise, even if it is an entry-level product.

We have our own digital team who deploys the solution, but the support team is fine.

It is not an easy product and doesn’t have a plug-in system. Only experienced people can integrate it with other functions. It has a different set of protocols that need to be followed during the deployment, as compared to Aruba. It requires experience to deploy and the team needs to have knowledge of all specifications. 

I have global customers who have applied this product. People who are buying this solution should know that they need and have the required solutions. I recommend Cisco IOS Security only for enterprises because it is expensive and involves complex implementation processes. It is not the easiest product available in the market and requires a strong infrastructure and an experienced workforce. Small and medium companies don’t have the required resources to apply this product and a lot of licensing is involved for each port. Given the price, stability, features, and other factors, I would rate it an eight out of ten.