Cisco Secure IPS (NGIPS) Reviews

The primary use case is for intrusion prevention. We install the solution between the firewall and the call switches.

The most valuable features are the intrusion detection ones. We channel the intrusion engine to create a policy of prevention. We only use this solution for intrusion prevention, not as a firewall.

There is room for improvement in the policy documentation. It gets confusing trying to understand what all of the policies mean. We need clear documentation explaining what each policy does.

For the Cisco STD, if we lose the connection with the SMC and STD, we can only assist with the STD via the CLI, so we can only do some troubleshooting. I think this is an area that needs improvement. In terms of the architecture, it needs to be more comfortable to change our own managed STD via the UI even if SMC is not available.

The technical support has room for improvement.

I have been using the solution for six years.

Some of the engineers within Cisco's tech support are knowledgeable and others are not. Sometimes we have to go back and forth for a week to get an answer.

Neutral

The initial setup is not complex; we only need to define the IP address and add the SMC IP. Both STD and SMC have the capability of SDM. Also if we don't have SMC, we mainly require the anti-SDM in UI. However, after we enroll the Cisco file from the SMC, we can no longer manage the STD from there. Therefore, it is very difficult to roll back if there is a connection loss between the STD and SMC, as SMC cannot manage the STD via the UI. In comparison, if there is a connection loss between Palo Alto Panorama, we can simply lock it with Palo Alto following the file and do some configuration. 

I give the solution a seven out of ten.

We have a Cisco ASA firewall, which is like a standard firewall. We upgraded to Firepower Threat Defense, and it is like a next-generation capability, like NGIPS and NGAV, and has that kind of functionality. It also improves network security and threat defence.

It has helped to improve our cybersecurity and our network security posture.

The FTD has a GUI interface, which is very easy to work around with all the configurations. It is a client-based software based on Java. Now we have the GUI web interface, and it's very interactive and easy to navigate.

Cisco NGIPS runs the backend as a Snort engine, so it is like they customize it with Cisco. So they need to have an engine for threat defence.

We have been using this solution for two years and are using version 9.6. It is deployed on-premises.

It is a stable solution.

It is scalable. NGIPS is based on our user base, so we have around 2000 users. We require two network and security administrators for deployment and maintenance. We do not plan to increase usage because we have already upgraded.

I rate the technical support a ten out of ten.

Positive

We updated from Cisco ASA to NGIPS FTD.

The initial setup is a bit complex because it requires a lot of configuration, firewall and zoning. The deployment was done in-house. We just purchased a box and installed it on our own.

We have seen a return on investment in improving security and defending the threats in our network.

I do not have details about the licensing costs. It has a user-based license and a different model license because it is modular software.

I rate this solution an eight out of ten. From a recommendation perspective, before deploying the NGIPS solution, you need to work with your internal environment. It can minimize the load on the NGIPS, so you should do your IPS signature before moving to production.

It should have a network and content processor and a security process for additional features. Other OEMs have these capabilities to enhance the throughput and performance.

Customers who are trying to replace their internal firewall with good visibility at the application-level content level use Cisco NGIPS. It has the ability to do packet inspection and the customer can check their users while they're searching the web and going to different websites. Cisco NGIPS has the ability to connect to your firewall with advanced intrusion prevention.  

The most valuable feature of Cisco NGIPS is the centralized user interface. You have the ability to quickly push out configurations across your environment using the Cisco UI. It's a powerful capability of that solution.

Cisco NGIPS could improve its ability to do SSL inspections. Sometimes the ability to do SSL inspection is not scalable and you might not be able to get the installment required if you don't size the right hardware.

I have been using Cisco NGIPS for approximately five years.

Cisco NGIPS is stable, but I there is more that can be done.

Cisco is particularly strong when it comes to firewalls and the IPS, IBS, or next-generation firewalls. When I was working as a system architect we went from Cisco to Palo Alto or Fortinet. I don't know if they've made some recent improvements or maybe it's in the roadmap, but I would say there's still room for improvement with Cisco security appliances.

Cisco NGIPS is scalable. However, the cost to the customer is always high, because it's still a hardware base. After the resource cycle of three or five years, you have to replace them. From that perspective, they are not the greatest solution out there.

Our networking team of approximately 50 people that are mostly using this solution in my organization.

The support from Cisco NGIPS is good.

The initial setup of Cisco NGIPS is of a medium difficulty level.

My advice to others is they should look into other vendors and cloud-based solutions. Solutions that don't require you to refresh and get hardware, because nowadays there are new problems for hardware. It's getting more difficult, try to get a more software-based, cloud-centric model solution.

I rate Cisco NGIPS a six out of ten.

There are both options of cloud or on-premise solutions. I usually do the on-premise solution. We have others who do the cloud solution. If you want to deploy and protect your network from threats and protect your neighbor, that's one of the uses that we employ. With that, you have Security Intelligence, you have Intelligence, you have an Intrusion Prevention System. In the recent upgrade of Firepower, we have 3.0. You can use that to protect the internal network or if you want to protect your servers. 

We use the Security Intelligence feature. We also use the Cisco AMP for Networks, which is used with the ITL certificate. You can use third-party integrations with the Firepower, about security. You can use the STIX format. With the STIX, you can add emergency threats to rules. This includes malware detection which has a third-party Security Intelligence platform. Included are reporting for the last seven days, V shell, and phishing tank. Cybercrime tracker is to check if any company or domain has a bad reputation on the internet. And it can give that information to the Firepower. You can use Security Intelligence to protect the network. It has preprocessors about security. They have a preprocessor for the SCADA. Cisco has evolved a lot in that area over the last few years.

The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.

We have been using Cisco NGIPS or Firepower NGIPS for five years. We use the latest version.

It's working correctly, it's working without problems. You can buy another Firepower, and you can do a cluster configuration. And it's really easy, we don't have any problems.

Cisco support is really awesome. I have another vendor like Honeywell. I really hate when I call Honeywell. But when I call Cisco, I really appreciate it a lot when I talk with the support engineers because the personnel have really good skills and have a really good passion. Cisco support is awesome.

I think the installation of Firepower NGIPS is really easy. You configure the device, you connect that to the Firepower Management Center, and you have deployed the Firepower.

If they're looking for a platform that can protect from attack, from external or insiders who want to attack the network, I think Firepower is a good solution. With  Security Intelligence, other security features make that platform an awesome platform. I would give Cisco NGIPS a rating of nine on a scale of ten. I think no one platform is perfect. I wouldn't give a 10 to a solution ever because 10 is 100%, and I think no one solution can 100% secure. Not because the platform is not working correctly. Because I think no one platform can be 10 by 10.

It is our main firewall. We use it for reporting and for firewall purposes to block unwanted inputs and outputs.

Its ease of use and its ability to block and allow ports in and out of our organization are the most valuable features.

It works very well. It gives us all the information that we need.

We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license. 

Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower.

I have been using this solution for two years.

It has been very stable. I don't think it has gone down at all in two years.

It is very scalable. In terms of the number of users, we have 26,000 students and 3,500 staff members. Everybody in our organization goes through it and takes advantage of it on our system. We have about five people who are managing it, and they are from the network group, infrastructure group, and storage group.

We did have some engagement with the technical support people regarding the integration with Nexus Switches, and they were very good. They helped us out quite a bit.

We were using Cisco ASAs. They were going out of service. They were going out of sale and support. So, we decided to move to Firepower. We wanted to go to the Next-Gen IPS type of stuff, and ASAs didn't have that kind of feature set.

It was quite complex. It required some workarounds with other network components in our system. It could have been a lot less complicated. Nexus Switches that we had were a little bit older, and they didn't integrate as well with Firepower as they could have. So, we ended up having to buy some new switches. 

The deployment pretty much took about three weeks. It involved moving all of our stuff from our old firewall onto the new one. Rules were a little different, so we had to work on it for a while. Fortunately, we could run them in parallel, so it worked out okay.

We did it in-house.

It has definitely given us our return on the investment.

It is expensive. It has separate licensing for all the features, and every feature set seems to require another license.

Licensing is on a yearly basis. There are no additional costs besides the standard licensing fee.

I would advise others to make sure that the rest of their equipment is completely compatible with the newest Firepowers.

I would rate Cisco NGIPS an eight out of ten. It gives us all the information that we need. We've got to dig for it sometimes, but it is a good product.

We use the solution for traffic filtering, security, and antivirus capabilities.

I have found the filter and the antivirus to be most valuable.

The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up.

The newer version tends to use a lot of system resources. For example, your processor and RAM.

I have been using the solution for approximately four years.

The solution is stable and reliable, it does the job well.

The scalability is excellent, they can support a large environment. However, a large size organization will need its own dedicated appliance.

The customer support is very good.

We have used and still use Darktrace. We do not use it to replace Cisco's NGIPS solution but we use it predominantly as an in-network snooper.

The installation is complex.

We used an in-house team to do the deployment and it takes roughly a day and a half depending on the size of your organization and the configuration. Setting up the rules, all the features, and the licensing takes time.

To do the maintenance you need somebody familiar with Cisco and networking technologies.

By using this solution we have received a return on our investment. 

Cisco products are not cheap and this solution is no different. However, the price of all of the Firepower is part of a bundle when you buy the actual firewall, the Cisco firewall. It is part of the whole bundle package, but Firepower IPS itself has its own costs.

We are on a yearly license and the price depends on the environment, we pay approximately $33,000. The solution has additional components, and each one of the components cost extra.

For those wanting to implement this solution, I was advice before deploying the solution, understand exactly what you want it to do for you. The product has a couple of different capabilities, do you want to expand, or you may not want to expand. These are scenarios that you have to take into account. I would not recommend the solution for small organizations, it would be too time-consuming for that.

I rate Cisco NGIPS an eight out of ten.

The solution works on a base set of rules to detect malicious traffic or certain exploits, which can be done from both the outside and inside network.

In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected. It is quite flexible because it can be deployed on the cloud as well. All the kinks which were in the previous versions were fixed.

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.

They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

I have been using the solution for approximately five years.

The solution is stable.

The solution is scalable. The management center, which controls the sensors, you can deploy it. You have two different virtual appliances, one is for managing up to 25 sensors and the bigger one is up to 300 sensors. The hardware list of the products ranges from, I think, 20 sensors and up to 500. Depending on your needs, you can scale it.

We have three administrators working on the solution and the whole organization is being protected by it.

Cisco support is really great. Especially when you have a priority case, when everything is down, you can get an engineer in 15 minutes.

The setup is easy, you do not need hardware. You can just sign up for AWS or Azure and you can deploy it there.

There are licensing fees depending on the features that you are using.

I have evaluated Palo Alto in the past.

Before this version of the solution, it was like a normal IPS. The source for IPS was bought by Cisco, and now it is integrated into the Firepower Threat Defense. The Firepower Defense is a unified image of both the previous firewall which Cisco had, the ASA, and the source for IPS. Currently, the FTD is like a UTM device, a unified threat management device, because it has firewall capabilities and IPS capabilities.

I am going to continue using this solution even though I enjoyed using their main competitors product from Palo Alto. I would recommend this solution to others.

I rate Cisco NGIPS a seven out of ten.

The NGIPS handles all of the IPS functionality for our security.

The most valuable feature for our cloud-based deployment is the autoscaling.

For our on-premises deployment, clustering is the most valuable.

I think their fingerprints are good in terms of how they whitelist and blacklist. This is because of Talos, which is really awesome. We use that a lot.

The anomaly detection capabilities are awesome.

The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery. You need that to really handle finding anomalies properly. In the past, I've noticed that some applications are not identified correctly, based on the OS and the fingerprints that they're pulling from the host.

In the future, we would like to see more involvement with the on-premises hybrid cloud. We want to see Cisco do more in the cloud space, and basically improving the connection between on-premises and the cloud. This including things such as automation.

I have been using Cisco NGIPS for almost seven years.

The code is well-stabled right now and we've never had issues upgrading from one version to another. We've had it since version 2.0 and for every time we upgrade, it gets better. We're currently on version 6.6 and we're expecting that when 6.7 comes out, it will get better.

This is a very scalable product. You can add multiple devices to the same policy and then push that out.

In the cloud space, scaling is done automatically based on the amount of traffic and the amount of bandwidth that's generated. It scales up and down, back and forth, as needed. For example, if there is not much traffic then it drops, whereas if there is a lot of traffic then it creates another FTD, and then it just shares the load with load balancing.

Everything is scaled properly both in the cloud and on-premises.

Cisco's technical support is really good. I would say that they are number one. They follow up on their calls and tags, as well.

I also have experience with Check Point and I find that the pricing is better with Cisco.

The initial setup is straightforward. With the Firepower Threat Defense (FTD), everything is in one box. You can do everything from firewalls to IPS and more. It also includes the next-generation firewall.

It is an easy upgrade process that is easy to understand. I would say that from version 3.0, it has improved.

The cost of the license depends on the level of support that you have with Cisco. 

My advice for anybody who is implementing Cisco NGIPS is to read and understand all of the documentation before you start. Whatever it is that you might need help with, reach out to Cisco support and let them help you. The documentation is available and it is very understandable so you may not need their help. I would say that if you take your time to read it then you shouldn't have any problems in deploying.

I would rate this solution a nine out of ten.