Cisco Secure IPS (NGIPS) Reviews

We primarily use this solution as an application filter and for IPS. We have an on-premises deployment.

The most valuable feature of this solution is the support.

I would like to see the total performance for the users improved.

We have a need for security, so we would like to see more protection against virus attacks and ransomware attacks.

The inclusion of bandwidth management features would improve this product.

I would like to have an API for application development.

This solution is one hundred percent stable.

We are very satisfied with the technical support for this solution.

The initial setup of this solution is straightforward.

Licensing fees for this solution are $3,500 USD, and there are no additional costs.

This is a good solution that I recommend, but there is room for more features to be included.

I would rate this solution a nine out of ten.

We are a system integrator, and we resell this solution to our customers.

This solution is for intrusion prevention, and the majority of deployments are on-premises.

The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box. You can activate these services on the same box, which saves a lot in terms of cost because you don't need additional hardware. Moreover, it makes manageability easier because you don't have to use several different devices.

Cisco operates on an open operating system platform so it gives you the flexibility to add other things. Cisco itself is using different manufacturers, or OEM vendors to integrate with their product. For example, Radware is providing a DDoS solution for the NGIPS box.

We would like to see support for DDoS protection.

The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost.

The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.

This is a very stable solution. We have not heard any complaints from customers, and we have not experienced any trouble ourselves.

When it comes to scalability, there is a limitation that is set by the hardware. If you're looking for higher throughput then you have to change boxes. The 2000 series is pretty small when it comes to bandwidth, so scalability is a concern.

Technical support from Cisco is perfectly fine, and they are doing a great job.

Prior to this solution, we used TippingPoint. Although it is a very good solution, there was a problem with the product having too many acquisitions. Every time there was a new acquisition, support was a concern. For example, at one point it was taken over by HP, and then, again, HP disowned it. Support was hampered by this, and if you're not getting support on a critical security appliance then you need to look for other options. This is what led us to adopt Cisco.

The initial setup of this solution is not complex. They have a graphical user interface for managing all of these things, which helps make it easy to deploy.

The price for additional throughput is the highest in the industry.

This is a solution that I recommend for IPS.

I would rate this solution a seven out of ten.

I use it for perimeter security for malware prevention.

From a cybersecurity past perspective, it has aligned the features in accordance with our strategic needs. 

The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.

Initially, the solution was not stable. 

The system is a bit rigid. We have more than 1,000 people using the solution.

Technical support is good but it can be much better.

We didn't previously use a different solution.

The initial setup was a bit complex. One had to read so many areas to understand the navigation feature. It took about three years to reach maturity. For deployment, we required about eight people, but for maintenance, we only require four to six.

I had an integrator help implement; they were very professional.

The solution has a high cost. In my opinion, the cost of renewal is a bit too high.

We looked at several: Imperva, Check Point, Juniper, Sophos, and SourceNET.

We're using it continuously. We plan to increase usage.

During setup, I would advise that you must spend more time on planning. If you do, the transition is easier.

I would rate this solution 6 out of 10. The time it takes for the product to mature, the maturity journey, the product maturity cycle, takes too long.

We use this solution for integration, installing, and supporting.

Cisco NGIPS dropped network Troyans and web application attac almost every day. That helps up to feel more secure.

I find the IPS feature the most valuable.

The main problem with Firepower is the time between deployment and configuration. Now, it's approximately six minutes, so If I configure something during deployment, I understand that maybe if I write up a small mistake, I need to wait twelve minutes before I can fix the configuration. So I think the main problem is the time of deployment.

The solution could add DLT, but it's already full enough of features.

The interface could be simpler and more user-friendly. More flexibility with the dashboards is needed because some of them are not fully developed. We could use more flexible base boards.

For the years we've been using Firepower we have only one or two cases of instability. There were only one or two unpredictable things.

One case was fasten with Active/standby switchover. After switchover some networks has been lost. After rebooting the standby FP next switchover was without problem.

Another case was associated with setting up of NAT. It was a FirePower nuance. Only the second TAC engineer helped us with it.

I find the solution really scalable.

I'd give technical support a five out of five. When things need to get solved, they get solved.

We used to have ASA 5520. But in time we needed more security features to secure our services and users.

The initial setup wasn't complex or complicated. Everything was clear. The initial configuration took a day, but the company that we support has a very complicated topology. During the deployment, they had a different idea about how the configuration should be. Because the customer didn't know what they wanted, the files and the deployment took approximately three or four months. 

For deployment, it depends on the company. It depends on the company's complicated topology. If it's too complicated, then maybe you need two engineers to support Firepower. For employees, you need only one, with a second as a standby in case something goes wrong with the primary engineer, so I'd say you need two engineers to maintain the solution.

I handled the implementation myself.

The company is Cisco oriented and Cisco is a leader in security Gartner Quadrant for Enterprise Network Firewalls.

My advice for anybody implementing this solution is to follow the instructions carefully.

I would rate this solution an eight out of ten.

I've found the web filter and JPS the most valuable features.

There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products.

In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.

The solution is stable. This is one of the good things about Firepower. Especially if we use ESE with it. That would make it the complete solution for Cisco for security. If it is the complete solution, it's stable and there are no issues with the product. If the user isn't connected all the time, for example, if we look at some sites or some users, sometimes the connection for the user gets disconnected with each session. Sometimes the filter doesn't work. 

The solution is good to scale.

The technical support is really good. Not only for this solution. The support of Cisco is always good. From the first call, the response is quick and there is no problem with the support.

The initial setup is not complex. There is a wizard so it's not complex. There is a difference in the complexity of the deployment. Depending on customers and infrastructure, sometimes it takes one day or two days if we're talking about a little infrastructure. Sometimes it can take eight days or more to couple the firewall with ASA, and to do some more complex architecture. If we have a complex architecture, we need 2 people to implement, but if we have an implementation that is not so complex, one person can do it.

I do the implementation myself.

Most of the time the ROI good. The customer, most of the time, is happy and is convinced of the usefulness of the solution.

If someone wants to use Cisco Firepower, the solution is easy. The complete solution is the best for having the full security of a Cisco infrastructure. If I could advise someone with the deployment, I would advise taking the complete solution, in order to have a really scalable and stable solution. Or, if you can't take the complete solution, I'd advise taking a cluster of Firepower to have the scalability and stability.

I would rate this solution a 7 or 8 out of 10. If they could add a few of the mentioned features or do something more with the application filter it would be a 9 or a 10 out of 10.

In the previous version, some features were not enabled. For example, you could not access the VPN. So that was one of the downsides of the product. In this latest version, after enabling these features in the previous version and using them, it's been good. Inspection, application, and inspection in the cloud, the detail in the cloud for an indication of compromise and the malicious activity re-hashing are all valuable features. It's more of the cloud and the malicious activities aspects that define this application.

The file trajectory could be improved.

We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.

It's a really good product but I have had a really good experience with Palo Alto UTM Appliances. Which I would give a higher mark than the Firepower. It's just a little bit more expensive than the Cisco Firepower.

Scalability I would say, it has some limitations in the large deployment. I think Cisco is working to improve it.

The technical support is the most valuable part of the solution. Cisco is number one in technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support is not as good compared to Cisco. 

I started with Juniper and the Palo Alto UTM Appliances, and many other vendors. But we do have a policy to use multiple vendors.

Three years ago the setup was very complex. We had two different cables or software. It's like two appliances and one appliance. We had to set up ASA first and then set up Firepower and do the redirect from the old HTTP traffic, from the ASA for a detailed inspection by Firepower. Initially, it was complex. That was a few years back, but now with the newer version, it's just a piece of cake. Deployment took about 40 minutes. I also handle the maintenance myself.

I do the implementation myself but in certain situations, because we have a risk assessment, it's a sort of risk transfer, so we have a contract with a certain integrator. We do have a contract, but I personally do the setup.

We have definitely experienced ROI. Because we have had many incidents where Cisco Firepower has caught malicious activities and triggered an alarm, a true positive alarm. Which is really good in our case.

The solution is extensively used. We have a policy, from a permission security perspective, that you need to have diversity in the vendors and diversity in the products. We have some areas which are using these products and other areas which is using different products.

It's a really good product, but you need to give it some time to form a sort of baseline, before enabling all the features. You need to study the product well because the product will decrease to around 35-40% of the actual product when you start to enable features. Like the application and inspection, the SSL decryption, the URL filtering, and the ITSM inspection. If you enable more features, you will decrease a little bit of the property. Whoever selects the device initially needs to plan which features they are going to use and they might have to shift the sizing of the product. They might need a high-end appliance or a smaller low-end appliance based on the features they are going to use.

I would give the solution 9 out of 10. 

It detects attacks from malicious intrusions and malicious activity before they happen.

This solution has helped improve productivity and detect attacks before they happen.

Signature rules from the Snort community around the world.

• I would like to see better integration with SIEMs. 
• Better rule building using other tools, like LuaH and Python.
• Better performance.
• Better intelligence gathering in domains, the main URLs, and endpoint solutions.

It's very reliable. We really like the product and will be staying with the product a while.

At this point in time, it's making it a little bit difficult to scale due to the company, as the vendor is making some changes. We are waiting to see if the product is scalable or not. 

Rating the technical support from one to five (where five is high), I would rate them as a two. I find them to be very bad.

This was originally a Snort product, which was open source. So, there is a community for it worldwide.

We used ISS from IBM in the past, but it was causing many issues and was dropping packets. It was not an ideal solution, so we moved to Sourcefire FirePower NGIPS.

The initial setup is easy because I am very familiar with the product.

We buy the licensing on a yearly basis, when we renew our contract. It is around $14,000.

McAfee and Palo Alto were on our shortlist.

The product is a ten because it is the only product in the market like this.

We use it for threat prevention.

It has increased our security posture and has contributed substantially to our security maturity by stopping threats.

• It has good intelligence.
• It does a great job at stopping threats.

In the next release I would like to see better reporting. I also find it's hard to act on the data it gives you.

The stability is excellent.

The scalability is excellent.

Technical support has been excellent.

The initial setup is complex. That's just the nature of that product. It's a really advanced product so it takes a lot of technical knowledge to implement it.

We used a reseller. 

We have definitely seen ROI, but I can't quantify it.

Get a good demo to test it out or do a proof of concept to see if it it's what you're looking for.

I rate it an eight out of ten. Eight because it's good at detecting and stopping threats. Those other two points that would make it a ten are better usability and reporting.