Cisco Secure IPS (NGIPS) Reviews

We are a system integrator, and we resell this solution to our customers.

This solution is for intrusion prevention, and the majority of deployments are on-premises.

The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box. You can activate these services on the same box, which saves a lot in terms of cost because you don't need additional hardware. Moreover, it makes manageability easier because you don't have to use several different devices.

Cisco operates on an open operating system platform so it gives you the flexibility to add other things. Cisco itself is using different manufacturers, or OEM vendors to integrate with their product. For example, Radware is providing a DDoS solution for the NGIPS box.

We would like to see support for DDoS protection.

The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost.

The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.

This is a very stable solution. We have not heard any complaints from customers, and we have not experienced any trouble ourselves.

When it comes to scalability, there is a limitation that is set by the hardware. If you're looking for higher throughput then you have to change boxes. The 2000 series is pretty small when it comes to bandwidth, so scalability is a concern.

Technical support from Cisco is perfectly fine, and they are doing a great job.

Prior to this solution, we used TippingPoint. Although it is a very good solution, there was a problem with the product having too many acquisitions. Every time there was a new acquisition, support was a concern. For example, at one point it was taken over by HP, and then, again, HP disowned it. Support was hampered by this, and if you're not getting support on a critical security appliance then you need to look for other options. This is what led us to adopt Cisco.

The initial setup of this solution is not complex. They have a graphical user interface for managing all of these things, which helps make it easy to deploy.

The price for additional throughput is the highest in the industry.

This is a solution that I recommend for IPS.

I would rate this solution a seven out of ten.

In the previous version, some features were not enabled. For example, you could not access the VPN. So that was one of the downsides of the product. In this latest version, after enabling these features in the previous version and using them, it's been good. Inspection, application, and inspection in the cloud, the detail in the cloud for an indication of compromise and the malicious activity re-hashing are all valuable features. It's more of the cloud and the malicious activities aspects that define this application.

The file trajectory could be improved.

We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.

It's a really good product but I have had a really good experience with Palo Alto UTM Appliances. Which I would give a higher mark than the Firepower. It's just a little bit more expensive than the Cisco Firepower.

Scalability I would say, it has some limitations in the large deployment. I think Cisco is working to improve it.

The technical support is the most valuable part of the solution. Cisco is number one in technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support is not as good compared to Cisco. 

I started with Juniper and the Palo Alto UTM Appliances, and many other vendors. But we do have a policy to use multiple vendors.

Three years ago the setup was very complex. We had two different cables or software. It's like two appliances and one appliance. We had to set up ASA first and then set up Firepower and do the redirect from the old HTTP traffic, from the ASA for a detailed inspection by Firepower. Initially, it was complex. That was a few years back, but now with the newer version, it's just a piece of cake. Deployment took about 40 minutes. I also handle the maintenance myself.

I do the implementation myself but in certain situations, because we have a risk assessment, it's a sort of risk transfer, so we have a contract with a certain integrator. We do have a contract, but I personally do the setup.

We have definitely experienced ROI. Because we have had many incidents where Cisco Firepower has caught malicious activities and triggered an alarm, a true positive alarm. Which is really good in our case.

The solution is extensively used. We have a policy, from a permission security perspective, that you need to have diversity in the vendors and diversity in the products. We have some areas which are using these products and other areas which is using different products.

It's a really good product, but you need to give it some time to form a sort of baseline, before enabling all the features. You need to study the product well because the product will decrease to around 35-40% of the actual product when you start to enable features. Like the application and inspection, the SSL decryption, the URL filtering, and the ITSM inspection. If you enable more features, you will decrease a little bit of the property. Whoever selects the device initially needs to plan which features they are going to use and they might have to shift the sizing of the product. They might need a high-end appliance or a smaller low-end appliance based on the features they are going to use.

I would give the solution 9 out of 10. 

People still aggregate these functions. We have files that only serve the purpose of NextGen NGIPS.  They have no rules that just allow pure source running and execution. We need regular firewall protection with NetGen. It's nice because we can lease both firewall and IPS system functions. We have both running on the network.

Apex IPaaS functions itself. You can create an intrusion rule that can be used for blocking purposes.

I like the security solutions from Cisco. They don't only give you the IPS itself, but you also have another database and other applications. 

They also have the security intelligence feature. This is one of the first software lines. This brings you the URLs, IPs, etc. This is even before the access control.

There are certain limitations that need to be addressed. 

I have been using the Cisco NGIPS for two years. 

Cisco support is very good. 

Positive

For the time being, I never received a complaint about a policy, but this may happen in the future. This can be due to consistent integration. 

They filter even between different companies and stuff and cloud providers and I've never received any complaints about the speed.

Overall, I rate the solution an eight out of ten. 

I primarily use NGIPS as perimeter security firewall devices to filter traffic.

NGIPS' best feature is the separate IPSec tunnels, which makes the user's data more secure if they want to access it privately.

NGIPS' GUI interface could be improved and made more user-friendly, especially in comparison to Palo Alto's Next-Generation Firewall.

I've been using NGIPS for around five years.

The initial setup is complex and requires someone with a background in firewalls to set it up. Inexperienced users will find it very difficult to set up. For experienced users, deployment will take around forty-five minutes. I would rate the setup process five out of ten.

NGIPS is expensive.

I would recommend NGIPS to other users, but only as a second choice behind Palo Alto. I would give NGIPS a rating of eight out of ten.

The Cisco NGIPS and IGS are used as network firewalls for IPS and IGS protection. I have both the Cisco Firepower and Cisco Meraki solutions in different customers' locations. They have the capability of the NGIPS built into it. We have different customers that they are using it. For example, on Edge, data centers, and campus networks.

Among all the different solutions I have worked with, such as Palo Alto many other firewalls. Cisco has the support, documentation, and design. The documentation is widely available and it can help you a lot with implementation. It makes the implementation much easier.

What I don't like about Cisco recently is they keep changing the names, which makes it hard for customers and sometimes even us as engineers to know what is the solution they are speaking about. For example, with AMP, now they call it Secure Endpoint and I don't know if in the next couple of years they're going to change it to something else. They should keep the names the same.

I have been using Cisco NGIPS for approximately 10 years.

Cisco NGIPS is stable, however, it is nothing special.

The scalability of Cisco NGIPS I am not too familiar with. The solution can do clustering and other operations. With the Orchestrator, I haven't worked with it yet but I hope that will help to make standard policies all run better. The most important part about scalability is how do you want to apply the same policy all around and across the different locations that you have. This is something that is not easy with any firewall unless you have a Secure Orchestrator. I don't see any issues with the scalability at this time.

The support from Cisco NGIPS is very good.

I have used many other solutions, such as Palo Alto.

I would rate the price of Cisco NGIPS a three out of five.

They are very expensive in some places and not reasonable at times for many customers. I have had customers choose another solution because of the high price.

When speaking about the features of Cisco NGIPS, what makes the feature good is dependent on what the customer likes and the skillset that they have. I cannot say what is the best feature because it depends on the use case.

There are times I see customers spend a lot of money on something which they really don't use. Whether this solution is good or not depends on what exactly the customer wants to implement and protect. They should pick the right solution with the skillset that they have.

I rate Cisco NGIPS nine out of ten.

At present, we are using different policies against which we gather logs. Logs that have been deleted on a first in, first out basis. The logs are only available for three to four hours max. I work in the IT department of a pharmaceutical company and we are customers of Cisco. 

We are looking for cybersecurity threats, like Pinterest and this solution has a good IPS feature as well as it's VirtualBox which helps us to time and for the QD, our daily routine tasks or issues. The solution provides a clear picture of what a user is doing at a specified time.

Because of cybersecurity threats, other security features should be available in Cisco devices. Sangfor IAM is good because this provides the logging IAM feature which you can retain for up to 12 months. But Cisco does not provide this type of logging because no third-party logging server is supported with the Cisco firewall.

I've been using this solution for three years. 

The stability is fine. We manage to resolve general bugs by updating the software or VirtualBox as well as in the hardware. That is not a big deal for us.

The scalability is fine for us, we currently have 50 users. 

Their technical support is good. We have SLA with Cisco, which will be renewed next year.

We have a somewhat complicated environment over here. We have also implemented SSG Juniper, SSG140, so basically their firewall is working as a router.

The price is a little high in comparison to other similar solutions. If we talk about Sophos Firewall with IBM software, it's cheaper in comparison to Cisco and their VirtualBox.

I recommend this latest model of Cisco firewall. In terms of the wide logging, it gives us as much as we need. We have implemented 30 to 35 policies in which loggings are gathered. 

I would rate this solution an eight out of 10. 

Some of our customers are having DDOS attacks and ransomware attacks.

Earlier in July 2019, I noted that there was an attack. To mitigate future attacks from the ransomware in Columbia Bank and other similar situations, we at Cisco Talent, which is responsible for security intelligence, provided updated security rules. We offered intrusion policies and codes through signatures to help overcome such situations.

It's a good solution.

The solution is not that bad. Next-generation firewalls work from my experience, they work. 

The URL filtering feature and the new locations feature are both valuable additions to the solution.

While the Management GUI and FMC could be improved, the devices themselves function well.

I have been using Cisco NGIPS for more than five years.

I provided support for version 6.4, but in our company, we do have Firepower version 7.0.

Cisco NGIPS is a stable solution.

Cisco has great support.

I would rate Cisco NGIPS an eight out of ten.

Our primary use case is as a firewall segregating networks and defending the perimeter.

I would consider this to be a medium product in its field across the board.

Some features, for instance, are a way for the management console to be able to manage each specific firewall, for instance. Because if we have more than one firewall configured in the management center, we cannot delegate administration, just one of the equipment. I think the part of IPS and everything else needs to be better equated to the real needs or current needs of the business compared to the other manufacturer, because it is not straightforward, a way to configure it compared to the other competitors.

I have been using Cisco NGIPS for one year.

It is more or less stable. Sometimes I have some issues normally when we need to upgrade it to newer versions. I think it does the job. The hardware does the job, and the current models do the job.

We have around four thousand users and that would be an example of its scalability.

Technical support is good. If you open a case about the support, it is good. Compared to the other manufacturer, it is very good.

The initial setup was complex and the upgrade took a lot of time with a very big image to download and everything else. We had many versions and patches that had to be installed. The deployment took between two and three hours.

In this case, we did it in-house and I was the integrator.

I think we have to have a good knowledge of the product. It is not easy to set up from the beginning. And I am also using the comparison with the other manufacturer. You need to have very good training before managing the product. I would rate Cisco NGIPS a seven on a scale of one to ten.