Cisco Secure Firewall Reviews

Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen security with intrusion prevention (IPS), anti-malware protection (AMP), and URL filtering. These particular services can run as a hardware or software module within the ASA. Unlike ASA with CSM, these modules are managed by FireSight, a single pane for all of your FirePower nodes. It’s intuitive and easy to use, but still lacks some automation capabilities (e.g., bulk edits, etc.).

Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco, although sometimes considered to be "behind the times" with firewall technology, continues to prove it has momentum in the industry through acquisitions such as Sourcefire and OpenDNS, with rapid integration into their systems. Additionally, ASA is synergistic with other security offerings from Cisco, such as ISE, remote tele-office workers, etc.

When running multiple firewalls in your network, you need someone to manage them from a central point. Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this is a suite of applications that is in much need of an overhaul. It is riddled with bugs and lacks the intuitive experience found in competing vendor offerings. The counter-intuitive interface makes configuration management cumbersome and prone to mistakes. There are software defects within certain modules of the application, resulting in a frustrating experience. Reporting is almost useless. The best part about it is the logging component, but it still is lacking, compared to what you get from other competing vendors.

Aside from management, I think Cisco needs to become more application-focused, something that a few of their competitors shine in.

I've deployed and managed Cisco ASA's for over a decade. I've used the X-series models for about three years now.

I have not encountered any stability issues; this is a solid firewall platform. Stability is where it shines.

The newer clustering capabilities have introduced some solid scalability design options. From a cost perspective, scalability is quite intimidating.

Cisco's TAC engineers are competent, responsive and typically resolve issues in a timely fashion. Do not use them for "best practice"; this is what channel partners are for.

I previously used Check Point. Check Point relied on a thick, Windows-based client and, at the time, did not support transparent contexts. However, Check Point has a solid management platform, which is something Cisco should take some pointers from.

Initial setup is complex for a new user, straightforward for a seasoned user. Tons of documentation is available, but you can easily get lost for days if you've never touched one. Cisco offers ASDM, a GUI wizard that can help set up the firewalls. This is nice for newer folks.

Work very closely with your channel partners to verify you have all the licensing you need (VPN, Firepower, etc.). Pricing is always a challenge. Buy closer to Cisco's EOY and you might save a few bucks.

Before choosing this product, I also evaluated Palo Alto. I really liked their firewall platform, their Panorama management platform, and wildfire technology. Their SSL VPN was seriously lacking. This is a decent option to consider as well.

Read the Cisco Validated Designs (CVDs) regarding ASAs. Find some decent blogs, discuss topologies and scenarios with a seasoned engineer, and get your final design validated by Cisco. Your Cisco SE should be able to assist with this. If you need assistance implementing, work with your channel partner.

We mostly use Cisco Secure Firewall as a VPN concentrator and for its firewall features.

Using Cisco Secure Firewall has helped grow our familiarity with people that know Cisco.

The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs.

Changes you make in the GUI sometimes do not reflect in the command line and vice versa.

We have been using the solution since its inception, so, for many years now.

We did not have any stability issues with Cisco Secure Firewall.

We did not see any limitations with Cisco Secure Firewall’s scalability.

We also use Aruba in our organization. We never have to factor in extra development time when we go to a new major version of Cisco. With Aruba, we have a pretty drawn-out development timeline for any upgrades or software improvements. Aruba and Cisco Secure Firewall are very different in their implementation and development.

The initial setup of the Cisco Secure Firewall is very straightforward. The average time it took to deploy the solution was very short. Deploying the VM and automating our configurations took a couple of minutes.

Cisco smart licensing is a hassle for a disconnected environment. However, I haven't licensed anything in a while. There have been many changes, making it easier to license disconnected devices connected to the internet.

ASAv uses the solution as a VPN concentrator and a firewall because it could be used for both. It can be used for landing AnyConnect clients on ASAv and as a firewall.

What sets Cisco Firewall apart from other products is that when we do an update, we know we're not going to break a lot of things, and there are not a lot of bugs. The integration on the Cisco side is pretty good.

Most of our team is familiar with Cisco, and everyone knows what to expect when they log in. So it's easy in that way.

I like the application visibility and control with Cisco Secure Firewall. My only complaint is that the changes made in the GUI sometimes do not reflect in the command line.

I haven't had any problems with Cisco Secure Firewall. It's very straightforward and reliable. Also, it's trustworthy because it has the Cisco name.

Cisco Secure Firewall has helped free up our IT staff for other projects. The product is quite heavy into automation. So with it being Cisco, it is very scalable in generating configs. The solution saves a week or two for implementation and integration.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience through the reliability aspect.

You know what you're getting when you use an ASAv from Cisco. Cisco Secure Firewall is a great product in terms of reliability and scalability.

Overall, I rate Cisco Secure Firewall ten out of ten.

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

I have been using the solution for 20 years.

I've never had a stability problem with firewalls.

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

Support is very good. I've never had a problem with any form of support.

Positive

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

To safeguard our clients' system data and related aspects, we rely on Next-Generation Firewalls as a system integrator. In particular, we use Cisco Secure Firewall for enhanced security measures.

We have provided our services to the National Information Center in Riyadh, which is a government database. They installed Cisco Secure Firewall systems and have given us positive feedback, which is why most of the areas prefer to use Cisco. To date, we have not received any negative feedback from our clients regarding any issues, such as hacking. Everything has been secure, and I hope it stays that way in the future.

Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.

In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial.

One of the major issues we face in the Middle East is the long delivery time for Cisco products. Currently, they are taking almost 10 months to deliver, which is much longer compared to before when we received the products within 70 to 80 days or even two to three months. For instance, we recently placed an order that has a delivery date in the middle of 2024. This delay is unacceptable as customers cannot wait that long, and they may opt for other alternatives, such as Huawei, Juniper, or HPE. Therefore, Cisco needs to improve its delivery time and ensure that they deliver products within a reasonable timeframe, as it did before.

I have been working with Cisco Secure Firewall for more than 10 years.

We have not encountered any stability issues. The only issue we faced was with another company that did not have proper cooling systems in their data center.

The scalability of the Cisco Secure Firewall is excellent.

A few years ago, we faced an issue with some of our devices in Saudi Arabia, and we reached out to Cisco for assistance. They responded promptly and repaired our devices within the given time frame. While the delivery time for their solutions in the Middle East may be longer, Cisco still delivers their solutions on time, whether it's for repair or new orders. Even if the delivery time is up to a year, Cisco ensures that our products are provided on time.

I rate the support from Cisco Secure Firewall a ten out of ten.

Positive

As a system integrator, our primary focus is not on selling products, but rather on providing comprehensive solutions to our customers, starting from scratch and ensuring everything runs smoothly. In this regard, we rely heavily on Cisco devices, including switches, routers, code devices, NK, Nexus, 7000, and 9000. We also use other Cisco products, such as IP phones and access points. In Saudi Arabia, Cisco is the most popular brand in the market, but its popularity is declining due to prolonged delivery times. Customers cannot afford to wait a year, and this is the primary reason for the decline in demand.

The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market.

Our current company, SNC ICT, is already a Cisco Gold Partner. We are actively involved in investing, purchasing, and selling Cisco products to our customers, as well as performing installations, configurations, and providing other related services.

In the Middle East, most people with a budget opt for Cisco. However, I do not have any information about the preferences in Europe, South Asia, or Asia.

We have all kinds of use cases. Our customers are large enterprises, and they need perimeter security. Zero trust, network access control, and network segmentation are quite important these days.

We are a partner and reseller. We implement, and we resell. As a Cisco Secure reseller, we have all the expertise. Our customers are usually overworked and have no time to learn how to implement these things and get some expertise. That's what we bring in. We help them select the right solution, select the proper design and architecture, and implement it. They basically lack the time and expertise, and we are a trusted advisor who helps them with their issues.

I'm working with security. It improves the security posture of our customers and protects them from threats. We recently saw a bunch of hacks in Germany and our customers are concerned. We help to protect our customers from that, and that's very important.

The analysis tools and encrypted traffic analysis save time. They help detect security threats and incidents that can cause outages for customers. It's a great improvement.

Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers. I'm from Germany, and in Germany, people are very concerned about privacy. We have a bunch of public customers, and they have an issue with decrypting traffic, even if it's only for security analysis. They have some fears. So, they are quite interested in the capability to detect threats without decrypting traffic.

The usability of Cisco Firepower Threat Defense is an issue. The product is still under development, and the user interface is very difficult to deal with. That's one area where it should be improved. Another area for improvement, which is also related to the firewall, is stability. We are having stability issues, and we had some cases where customers had a network down situation for about one or two days, which is not great.

As a partner, I have been working here for about nine years, but we offered this solution all the time. The company has probably been doing that for at least 15 years.

Cisco Firepower Threat Defense has improved a lot over the last few years, but we sometimes still have really big issues.

Their support is pretty awesome. It doesn't really matter if you have a hardware issue or a software issue. If it's a hardware issue, you get a replacement quickly, and if you have a software issue, you get quick support. There are also some bad examples. I have one from wireless where after a problem was acknowledged, it needed about one year to get fixed. It depends a little bit on how complex the issue is, but in general, it's quite okay.

We are also selling Fortinet, Palo Alto, and Check Point. We sell all solutions, but I'm quite focused on Cisco. It's mostly because I have the most expertise and experience with it over the years. I've been working with Cisco security solutions for 15 to 20 years. That's where my expertise is, and with Cisco, you have a solution for everything. It's not always the best of breed, but in the overall solution frame, you have something for everything, and they interact nicely with each other, which is great.

The deployment model is totally customer dependent. The way we work, we look at the customer environment and develop a proper deployment model for them. Some of them are using enterprise agreements. It's becoming more and more common, so they can use several solutions at once or with some kind of added use price and other benefits.

I'm not always involved in the deployment. I work as an architect. I do not implement all the solutions I design, but I implement some of them. For me, it's important because, for one, I like it, and second thing is that I need to have some kind of hands-on experience to understand the solution so that I can make better designs.

If you do the initial setup for the first time, it's somewhat complex., but over time, you get the experience, and then it's more or less straightforward. 

Our clients rarely used the firewall migration tool. It gives you a starting point for the configuration, but usually, there are so many things you need to rework afterward. We use it sometimes, but it only does a part of the job.

It does require maintenance. The clients have maintenance contracts for that.

In our company in Germany, just for the security solutions, we have about 20 to 30 engineers. They are experienced in different areas. For the firewalls, we have 10 engineers.

Cisco was never a cheap solution. Compared to other vendors, it's more or less at the same level, except maybe Fortinet which is fairly cheap.

In terms of licensing, we still have issues with the subscription model. Many of our customers are used to buying a solution and owning it. It takes time to convince people to go for the subscription model. That's still an issue for us.

We have Cisco Firepower Threat Defense, email security, web security, and Cisco Umbrella. Most of the time, I am working with Identity Services Engine for identity-related things. That's the main product I work with all the time. I have almost no direct contact with Talos, but I know that below the hood, it just improves all their security solutions.

To those evaluating this solution, I would advise being a little bit careful with it. It interfaces well with other Cisco solutions, so it has value, but it's not always the best solution.

At the moment, I would rate it a six out of ten.

This solution is a next-generation firewall. We use it to inspect our traffic going through the internet edges. This solution blocks Tor nodes or botnets that try to invade the system using various methods for intrusion. 

This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.

It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

The application detection feature of this solution could be improved as well as its integration with other solutions. 

I have been using this solution for five years. 

There is room for improvement when it comes to stability. We have encountered a lot of bugs using this solution.

This is a scalable solution. 

I would rate the customer support for this solution an eight out of ten. 

Positive

We previously used Check Point. We had an option to connect all of our security products from the endpoint to the firewalls to SASE-based solutions. This is why we changed solutions.

The initial setup is straightforward because it is supported by good documentation. We did not experience many issues and deployment took a couple of months.

We first deployed the solution in monitoring mode before moving into protection mode. We required four or five engineers for this. It takes a lot of time to do any maintenance or upgrades. This is one of my key pain points for this product.

Maintenance requires two people; one to focus on the upgrade and one to monitor the traffic.

We have experienced a return on investment in terms of security that has added value. 

This solution offers smart licensing that is comparable to other solutions on the market. 

I would rate this solution a seven out of ten. 

There are multiple data planes that run within this solution. My advice is to unify those data planes into a single data plane, so that traffic is sectioned and can be handled effectively. If you need a next-generation firewall, this is a good product.

We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.

I have been using Cisco Firepower NGFW Firewall for approximately three years.

The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.

There is room for improvement in the scalability of this solution.

I was satisfied with the support we received.

When I did the installation three or four years ago it was challenging. 

This solution is expensive and other solutions, such as FortiGate, are cheaper.

I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.

I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system. 

I would recommend everyone to use this solution.

I rate Cisco Firepower NGFW Firewall a six out of ten.

It is for defense, protecting workloads from a distributed type of an environment. On-premises, we are hosting several different distributed user session type environments. In our case, it is remote desktop services, which enable users to go out and browse the Internet, in some cases to do legitimate services, and in other cases, it is more of a personal browsing session. In this case, the primary purpose is to protect those user sessions when they are accessing the Internet. The secondary use case is to protect these services and applications from inbound threats, e.g., Internet scanning, Internet exploit attempts, any sort of attack, reconnaissance, or anything of that nature coming from the public Internet.

Firepower is an add-on to Cisco ASAs that enables intrusion prevention detection and some additional advanced functionalities. We have both.

We have two on-premise data centers where Firepower is deployed.

In terms of logging, that has been a big benefit because it is a fairly straightforward and easy process to log results. We stream through a folder and that information goes out to Splunk. It delivers immediate value. While Firepower reporting is generally pretty good, there is some delay, as far as when information shows up and updates the internal Firepower reporting mechanism. What we found is if this information is streamed into a SIEM, then it can immediately apply additional enrichment on top of it and build slightly more relevant, near real-time reporting, in comparison to doing it directly from Firepower. In terms of value for Firepower data, the ability to stream that out as a log, then characterize and enrich it within the SIEM that is where we gain the most value from a security perspective.

The solution’s ability to provide visibility into threats is good. Combined with Cisco's own trend intelligence characterization as well as the creation and application of that sort of tag into the stream of data that Firepower detects, that immediately tells us which threat type it is: 

• Does it belong to a threat group? 
• Is it an IP block list?
• Is it a URL block list? 
• Is it a known threat? 
• Which threat list does it belong to?

All this additional information is definitely useful. We treat it personally as set and forget because we are in the block mode - intrusion prevention mode. We don't let threats in. We err on the side of being overly protective. This is opposed to letting in threats, then detecting, identifying, and taking action on stuff that got through. Instead, we just block it. In our day-to-day operations, normally what was blocked is generally useful, but it's not operationally important.

It is set up to automatically apply the blocks and use the threat intelligence delivered by Talos as well as the intrusion prevention rules. All of that is entirely automated.

It has improved our organization's security posture dramatically. It has definitely given us modern protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats, so we can be protected against them.

Intrusion prevention is its most valuable feature because of its effectiveness. Cisco is the largest security company and one of the largest threat intelligence services with Talos. Cisco can identify and immediately apply any new threat information into signature sets for their Intrusion Prevention tools, including endpoint. In our case, we are talking about Firepower. That scope is what results in is an almost immediate application of application prevention signatures against any upcoming network attacks. So, if there is a new vulnerability, some sort of high critical value globally, the Cisco team is typically able to identify and write corresponding detection or prevention signatures, then apply them across their toolset.

It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.

We are using Cisco Cloud Email Security and DNS security from Cisco as well as endpoint protection. The integration between these products is pretty good. The benefit is the ability of all these disparate tools to talk to each other and be able to take action, sort of feeding each other with newly intelligent detection mechanisms and passing that information on to the next tool, then taking action on that next tool based on information identified on the first tool. That is really the biggest benefit of using the ecosystem. So, we've optimized it. We leveraged Cisco's tech response, which connects with each of these tools. We definitely find value every day.

It was very easy to integrate with the SIEM, which is really our primary use case. Besides the Cisco ecosystem, it is integrating with a standalone separate SIEM solution, which is Splunk in our case. This was an easy, simple approach to accomplish. We had no issues or problems with that.

Try to understand if there is a need, e.g., if there is a need to log this information, get these logs out, and forward to some sort of a SIEM technology or perhaps a data store that you could keep it for later. There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.

In some cases, I could see how SIEM is not an option for certain companies, perhaps they either cannot afford it, or they do not have the resources to dedicate a security analyst/engineer who could deploy, then manage the SIEM. In most cases, Firepower is a useful tool that a network engineer can help set up and manage, as opposed to a security engineer. To make the solution more effective and appealing, Cisco could continue to improve some of the reporting that is generated within the Firepower Management Console. Overall, that would give a suitable alternative to a full-fledged SIEM, at least on a network detection side, application identification side, and endpoint identification and attribution side. Potentially, a security analyst or network engineer could then simply access the Firepower Management Console, giving them the visibility and data needed to understand what is going on in their environment. If Cisco continues to improve anything, then I would suggest continuing to improve the dashboarding and relevant operational metrics present within the platform, as opposed to taking those logs and shipping them elsewhere.

About four years.

Once it is deployed, not much staff is required as long as the intrusion rules are specifically configured to automatically update. That is the primary thing. Then, the continuous periodic updates from Cisco apply operating system patches just to make sure that critical vulnerabilities are patched and operating system optimization is applied routinely. Strategy-wise, I would patch quarterly unless there was a critical vulnerability that Cisco would discover, then apply a patch against it. At which point, we would then patch our appliance.

The stability is very good. As far as I can tell, we don't have any issues with availability or stability.

Cisco accounts for scalability by having different hardware recommendations, depending on what the throughput is, the required coverage is in terms of number of devices, the amount of traffic, etc. In our case, I don't see any issues. We are appropriately sized, but I could see how if someone's environment doubles, then someone should account for that by either procuring another appliance and separating some of the traffic flows or getting a bigger, more powerful system that can handle increase in throughput.

We try fitting to an ecosystem mentality. For example, we have four different Cisco products, which is technically a single ecosystem. If you were to think of it that way, then it is four different tools from Cisco. Then, there are two additional ones on the network, which makes six. There are additional two or three for an endpoint, plus another two or three for email, and another two or three for identities. So, I would say there are probably around 20 security solutions total.

The network team as well as the security team use it. Combined, that is approximately six people.

We are perfectly sized. I don't think there will be a need to increase the footprint or anything like that, at least for a while.

I know that people typically say TAC is hit or miss. In my case, it was always a good experience. Whether it was Firepower related for licensing questions or email, I have never had any issues with Cisco TAC.

Cisco Talos is very good. They are very well-regarded and well-known. I respect the team. They know what they are doing. They are one of the best overall. They are probably the best threat intelligence organization out there. Their visibility is unparalleled, because the data that Cisco has access to and the telemetry that it's able to gather are quite amazing.

Almost all networks globally in the world are built with the Cisco products. The telemetry that it generates gives Cisco unparalleled visibility, and Talos steps into that. They are able to apply their analytics over that data and identify emerging threats before practically anyone else, but Microsoft. From that perspective, my organization appreciates what Talos is able to do. Cisco's intelligence is delivered through Talos, applying it to other products that are not Cisco, but we haven't gone down that path yet.

We started with Firepower. It was one of the first products that helped secure our organization. We are close to sort of an advanced maturity, primarily compliance-driven. We are not there yet, but we are close to it. We are somewhere sort of in the high to middle area. We have sort of a high compliance-driven security and close to the compliance-driven area, but still slightly below it. We are still fine-tuning and implementing some security technologies. Then, within a year's time, these will be simply managed and audited.

In my current place, I did not help set it up, but I did set it up previously as a dedicated intrusion detection and prevention tool with another security engineer. Honestly, the setup was pretty straightforward. This was a couple of versions behind. It definitely has well-understood requirements from a virtual machine and resources required perspective. No questions that came up.

For the dedicated intrusion appliance, we needed to identify where the most benefit would come from, so we identified the network space. The sort of choke point where we could apply the Firepower appliance in order to inspect the most traffic. In terms of efficiencies, the primary goal was to identify how to maximize the visibility using Firepower. We deployed it in a choke point and ensured that most of the traffic for the company goes through this intrusion appliance and the initial deployment occurred in a visibility mode only - No blocking, intrusion detection only. Then, with time, as we got comfortable with all the traffic that was being seen with a signature application across the traffic and understood the chances for false positives were low to none. At that point, we put it into prevention.

If we needed to address something with Cisco directly regarding Firepower support, that was also addressed fairly quickly with no issues.

The automated policy application and enforcement saves us at least a third of an FTE per day. In terms of time, that is about 30 percent per day. By deploying the solution, we are saving $600 a week, which is significant.

In some cases, resources, like a security engineer, are actually hard to come by because they are expensive. Substituting some of that engineering time with an effective technology, like Firepower, is probably a good strategy.

I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs. 

I have used one of Cisco's competitors and am fairly familiar with it: Palo Alto. I am also familiar with the Barracuda solution. I would say Palo is comparable with Firepower to some degree. The Barracuda solutions that I've used are nowhere near as close in terms of capability, metrics, user interface, or anything like that to Cisco.

Palo Alto and Cisco are about the same in terms of application visibility, user assignments, and attributions. They are comparable. On the threat side is where I think Firepower is better. It's able to identify and characterize better. It's also able to deliver metrics around that information in a clearer fashion. As an example, it is easier to extract fields and values in the log. It seems that the design of the appliance was focused around security, which is evident in how that information is being presented, both in the Firepower Management Console as well as in the log.

On the IT infrastructure side, we are using Cisco hardware for the network. Then, as a security team, we are looking at adding Cisco's incident response solution, but we have not done it yet.

Firepower provides us with application visibility and control. We don't utilize it to the fullest extent. We rely on some additional tools like DNS, to identify applications being used across our endpoints. However, the Firepower deployment primarily protects the servers. So, on the servers, it is a controlled environment. Therefore, we do know the applications and services being used and deployed out of the servers.

Applying something like this to protect yourself from the Internet, which is where most of the threats come from, besides email. It guarantees that you are able to refocus your energy on internal processes: endpoints, people, etc. Intrusion Prevention is effective because it helps security teams refocus their efforts to build out other components, such as security pillars of the organization.

The solution is effective. My initial exposure to Cisco started through Firepower, since then I have understood that Cisco is moving towards an ecosystem approach. Basically, Firepower represents what I think Cisco stands for.

I would rate the solution as a nine (out of 10). 

It does what it needs to do and does it great with a good sense of confidence, allowing the team and me to focus on other things. If needed, we can always leverage that data to derive different values from it.