Cisco Secure IPS (NGIPS) Reviews

We use the solution to secure our client's networks.

Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use.

It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution.

One feature that is lacking is full interoperability with CLI.

You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.

Technical support is quite good. With firewalls, the last cases I had with Cisco were professionally handled quite quickly and it was great. I can compare with some other manufacturers. FortiGate is awful, for example. I'm generally pleased with Cisco.

The solution has a moderate amount of difficulty. You need to go over and use the documentation.

Cisco has a device manager now but this device manager is not like all device managers from ASA. It lacks a lot of features, and some of these features are very important. It makes it a challenge to configure because of the graphical interface. You have to install the management center and that itself takes time and it's not so simple.

We use the on-premises deployment model.

Ten years ago, when you sold Cisco to clients, customers complained about the price but they knew they were buying the best product in the market. It is totally different now. If they want to buy the best product in the market, they buy Palo Alto or Check Point. Cisco is trying to catch up to the competition.

When we talk about just the IPS manufacturers, I would rate the solution around six or seven out of ten. If we're talking about Cisco as a whole, I would rate them eight out of ten.  

I like Firepower's automation, and the security intelligence is a powerful feature. 

If Firepower had an embedded vulnerability scanner, it could better detect the vulnerabilities on different platforms in the network. It needs to integrate with other solutions to detect these vulnerabilities. It cannot detect system vulnerabilities on its own. A new trend is encrypted security solutions. Firepower can integrate with Cisco products like Stealthwatch, and Stealthwatch can primarily integrate with other Cisco products. 

Firepower APIs that allow it to integrate with other vendors need more flexibility. For example, if I want to integrate with Forcepoint, I can't because Forcepoint cannot integrate with other sandbox vendors. This integration has become essential for the latest security solutions because most customers are now thinking about integrated security solutions. However, not every product is like that. We have to think about the integrated security solutions, so Firepower needs to improve in this area, the integrations with other vendors.

We are a partner with Cisco and we have sold these products to multiple customers. Most of them have given us positive feedback about Cisco Firepower.

We had multiple bugs and issues on the old versions, but the new versions Cisco has recently released are much more stable. However, our customers are still facing many bugs on the system. It has matured noticeably, but we are still facing multiple stability issues on Firepower. There are more than 80 or 90 bugs for each release node. It's a considerable number of bugs. It's much better than before, but there are still too many bugs in the new versions. The R&D team needs to put more work into new releases to minimize the number of bugs.

Cisco has some limitations in clustering if we want to upgrade the hardware currently deployed at customer sites. If Cisco can improve or optimize this clustering limitation, this will add more scalability to Firepower.

Cisco's most powerful support team is based in the United States. Most cases this team handles are solved quickly, but I've had a different experience with the Indian team. It takes too much time to solve the issues. We have different experiences with tech teams in other time zones, and I prefer to communicate cases with a US-based team. It depends on when we open the ticket. Sometimes it will route to the Indian tech team. If we open the ticket between 9 a.m. and 9 p.m. Cairo time, I think it will go to the US team.

Signature tuning is automated in Cisco Firepower. This is the most powerful feature, which most vendors don't have. It makes deploying the solution straightforward for the customer and us implementers as well. So the automation and the fine-tuning are effortless in Firepower.

Cisco Firepower is a good investment because one product can cover such a large part of the NIST security framework.

The weakness of Cisco Firepower is the cost. Some of the customers see it as very expensive. 

I would rate Cisco Firepower NGIPS nine out of 10. For any customers thinking about implementing this solution, I would suggest being aware of the security areas they want to cover. They need to consider the NIST cybersecurity framework and focus on each area of this framework to make sure that there are no security gaps in their environment. Firepower covers three main areas of this framework: detection, response, and identification. 

Our primary use case is for the firewall and other security-related features.

I think the Cisco Firepower is the best firewall in the world and the other security features like AMP, IPS, and deep inspection packets.

The most valuable feature would be the IPS is very important in Cisco Firepower because I can configure deep configuration in IPS and tuning.

I would like to see the sanctions lifted so we could use the full solution and have the speed increased.

I have been using Cisco NGIPS for the past eight years.

The stability is evident and without issues.

The scalability is excellent. We have around one thousand two hundred users.

There is a very good community with CISCO.

The initial setup is straightforward.

The implementation can take anywhere from one day to a month for advanced tuning and firewall protection.

There is definitely a return on investment and is worth the money

When it comes to pricing you pay for a permanent licensing structure. One, three, and five-year options. There are no extra costs.

I would rate Cisco NGIPS a ten on a scale of one to ten.

We primarily use the solution for network firewalling and intrusion prevention.

We get a bit of visibility into network threats and we can successfully mitigate those threats by using the product.

The most valuable feature would be the intrusion prevention for us for security reasons.

The setup is pretty straightforward.

The solution gives us a lot of visibility into our security.

The product is quite stable.

There are pretty good capabilities for scaling.

Currently, this product is difficult to manage. It needs to be more user-friendly.

A lot of improvements can be made into the overall architecture of the firewall. It's lacking right now. It's something they need to work hard to improve.

The reason for the lack of cohesion in the architecture is due to the fact that Cisco acquired this company and then they merged two products, the Cisco ASA and the Firepower product, into a single product. As a result, the product is not as mature as some of the other comparable products out in the industry.

The price is in the high end of the spectrum, again, comparing to other players in the industry.

The solution requires better management. When it comes to central management capabilities, improvements can be made. 

Better reporting in terms of analytics and dashboards would be very useful in future versions.

We've been using the solution for about five years now.

The stability overall has been good once we get it up and running. We've not seen any issues once we've launched everything. It isn't buggy or glitchy. It doesn't crash or freeze. It's reliable.

The scalability on the solution is good overall. They have a central management console that can assist with the process. The only issue there is we feel like there's room for improvement on the administration side of things.

When it comes to a user installing the networks, all the users essentially traverse this firewall, but when it comes to the administrators of the product, we've got five administrators in networking, they pretty much use it on a daily basis.

The technical support has been good. We're satisfied with the level of service we get. They know what they are talking about. They respond promptly. Overall, they are above-average. I'd rate them eight out of ten. 

Of course, there's always a little bit of room for improvement from any technical support service. In general, it's always about the speed of resolving an issue, responsiveness, et cetera. These are common industry wide. We always want everything resolved faster.

We previously used FortiGate. We switched as we wanted something that had easy management capabilities, so we moved to Cisco. We thought that Cisco would be a bit more mature.

The initial setup is a little bit difficult. It's pretty straightforward, although if we look at it relative to other products on the market, we feel that the other products are easier to set up compared to this one.

The pricing is actually pretty high, especially if you compare it to other solutions that are out there. They are comparable but cost less.

The advice we would give to other organizations is to look at the administrative overhead, and also to pay close attention to when the company is deploying it. We feel that there are certain feature functionalities that might not be mature depending on a company's use case. Everything depends on use cases. A company needs to evaluate its own unique use case, and look at the product feature functionality. A company also needs to look at some of the administrative overhead before they choose the product to make sure that it is suitable for their environment.

This solution overall I would rate at seven out of ten. I would say it's a good product if you look at the primary functionality, which is intrusion prevention. It's is one of the best out there, however, the issue is it's been wrapped around an administrative layer which is quite difficult compared to other products. They've got a really good engine as far as IPSs go, and that's the most important thing. 

We use it for threat prevention.

It has increased our security posture and has contributed substantially to our security maturity by stopping threats.

• It has good intelligence.
• It does a great job at stopping threats.

In the next release I would like to see better reporting. I also find it's hard to act on the data it gives you.

The stability is excellent.

The scalability is excellent.

Technical support has been excellent.

The initial setup is complex. That's just the nature of that product. It's a really advanced product so it takes a lot of technical knowledge to implement it.

We used a reseller. 

We have definitely seen ROI, but I can't quantify it.

Get a good demo to test it out or do a proof of concept to see if it it's what you're looking for.

I rate it an eight out of ten. Eight because it's good at detecting and stopping threats. Those other two points that would make it a ten are better usability and reporting.

Our primary use case is securing the network. It has a deep learning intelligence ability to filter packages and traffic coming to networks and to different workstations in networks. 

This solution is deployed on-premises. 

The most valuable feature is its IPS ability. You are able to balance security and connectivity. 

The CLI, the console line interface, of the FTD could be improved. It's very complex, so without a GUI, it doesn't work well. I would like it to be more simple. 

As far as additional features or next releases, I think the price could be cheaper. 

We have been using this solution for more than eight years. 

This product is stable. 

This product is very scalable. 

Cisco's technical support is very, very fast. 

Before implementing Cisco, we used Fortigate and Check Point. 

The installation is straightforward. You have to install the device, but if you want to actually manage it, you need a GUI for it. For deployment, you will need two engineers, maximum. 

We implemented this solution through an in-house team and deployed it ourselves. 

We pay for the IPS license to use this solution. 

I rate this product a nine out of ten, and would recommend this product to others who are considering using it. 

We use this product to prevent unwanted traffic and to define policies.

The tracking intelligence feature is very good. This solution provides us with the opportunity to detect threats in real-time. 

Some Next-Generation Firewall solutions come with Intrusion Prevention. It would be nice if Cisco NGIPS included that. 

I have been using this solution for almost one year. 

Cisco's support is unmatched. There are very few companies that can match their support. 

Overall, on a scale from one to ten, I would give this solution a rating of nine. 

We use NGIPS for monitoring and firewall purposes. We have about 3,000 users. 

I like how NGIPS has everything in one console.  

The look and feel of the console could be updated. 

I have used NGIPS for about five years.

NGIPS is stable.

Setting up NGIPS was complex. We needed help from a Cisco specialist. 

I rate Cisco NGIPS eight out of 10 overall.