Cisco Secure IPS (NGIPS) Reviews

I work for a system integrator and Cisco NGIPS is one of the products that we implement for our clients. This is a solution for enterprise networks and it has a lot of advanced features including security intelligence feeds and DNS security.

This product can be integrated with other solutions from the Cisco portfolio including Cisco ISE and SecureX. The integration with the Cisco portfolio is very helpful. Cisco ISE will give full control in any network and it can be used to isolate any infected or misbehaving users automatically.

Multi-internet line load balancing should be supported. It is available from other vendors and should be included with this product.

This is one of the most stable solutions in the firewall world. 

Cisco takes scalability into consideration. My clients vary in size from small and medium-sized businesses to enterprises.

The best support that I have ever dealt with is from Cisco. I am very satisfied with their service.

I have experience with a lot of network security products. These include solutions by Cisco, Palo Alto, Fortinet, and Forcepoint.

The initial setup is very simple and in one or two hours, it can be up and running.

The licensing can be billed annually or in multi-year contracts such as three, four, or five years.

I would rate this solution a nine out of ten.

We use this product for intrusion protection.

The most valuable feature is security.

The onboarding process could be made a little bit better.

I have been working with Cisco NGIPS for one year.

We haven't had any problems with this product.

I configured the system myself and the process was okay.

In general, I have nothing negative to say about this product.

I would rate this solution an eight out of ten.

We are a solution provider and I am an engineer who deploys solutions. This is one of the products that I have experience with it in this capacity. The version that we use depends on the client.

Some of our clients are ISPs and they are using the firewall features in this product to replace old firewalls. It is doing the regular firewall inspections, VPN concentration, and other such things. For other customers, who replaced Sourcefire, they use it primarily as an inline IPS and a passive IDS. These customers do not choose very many of the firewall features.

Some customers use it for both; they have a firewall, VPN concentration, and then they do IPS inspection. This is the next-generation of these technologies.

The most valuable feature is the IPS engine. It has been in the security branch for decades and is now integrated into the Cisco portfolio. The difference is that it has been scaled a thousandfold. It provides a base language for intruder inspection for all of the security engineers. Now, they have the same language everywhere in the corporate and the open-source firewalls and IPS.

The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation.

I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.

I have been working with NGIPS for about four years, since 2016 or 2017, shortly after Cisco bought it.

Stability is something that is tricky to judge because when you have a 600-person userbase, there are always going to be issues. As we fix them, it becomes stable again.

This is suitable for organizations of all sizes; small, medium, and large-sized companies. For example, one of our clients has 600 users.

The ease of scaling depends on the number of times you scale, or to which extent. I can start by saying that scaling is easy but if you want to scale a hundredfold, then it's not going to be so easy. It's impossible.

I like Cisco's technical support and find that they are efficient. In fact, I was a technical team leader for Cisco support, and I am now a client. There is amazing support team at TAC and they help Cisco be great. 

I have worked with similar products from different vendors in the past, although I am avoiding this type of task for the moment.

The main advantages to Cisco are the scale, the integration, the training, and the possibility of finding somebody to work with. Also, the reaction time that they have in case of failure is very fast, and it is easy to replace the setup.

The initial setup is complex. It requires that NGIPS be optimized such that it has the best results with the best performance. The deployment model, be it on-premises or cloud-based, depends on the client.

The length of time required for deployment also depends on the client. In a small office, I can do it in a few hours. For an enterprise, it could take half a year. I have worked on many different scales.

I am responsible for deploying this product to our customers. When it comes to maintenance, we cooperate. They know the environment, their tools, the change management, and the internal procedures. I take care of the technical parts, and we have full cooperation until it is complete.

This is an expensive product, with the biggest cost being the license that keeps the service going.

My advice for anybody who is implementing NGIPS is to get in touch with someone who can advise them because every network is different. Properly sizing the appliances is important. 

I would rate this solution a ten out of ten.

We primarily use the solution for network firewalling and intrusion prevention.

We get a bit of visibility into network threats and we can successfully mitigate those threats by using the product.

The most valuable feature would be the intrusion prevention for us for security reasons.

The setup is pretty straightforward.

The solution gives us a lot of visibility into our security.

The product is quite stable.

There are pretty good capabilities for scaling.

Currently, this product is difficult to manage. It needs to be more user-friendly.

A lot of improvements can be made into the overall architecture of the firewall. It's lacking right now. It's something they need to work hard to improve.

The reason for the lack of cohesion in the architecture is due to the fact that Cisco acquired this company and then they merged two products, the Cisco ASA and the Firepower product, into a single product. As a result, the product is not as mature as some of the other comparable products out in the industry.

The price is in the high end of the spectrum, again, comparing to other players in the industry.

The solution requires better management. When it comes to central management capabilities, improvements can be made. 

Better reporting in terms of analytics and dashboards would be very useful in future versions.

We've been using the solution for about five years now.

The stability overall has been good once we get it up and running. We've not seen any issues once we've launched everything. It isn't buggy or glitchy. It doesn't crash or freeze. It's reliable.

The scalability on the solution is good overall. They have a central management console that can assist with the process. The only issue there is we feel like there's room for improvement on the administration side of things.

When it comes to a user installing the networks, all the users essentially traverse this firewall, but when it comes to the administrators of the product, we've got five administrators in networking, they pretty much use it on a daily basis.

The technical support has been good. We're satisfied with the level of service we get. They know what they are talking about. They respond promptly. Overall, they are above-average. I'd rate them eight out of ten. 

Of course, there's always a little bit of room for improvement from any technical support service. In general, it's always about the speed of resolving an issue, responsiveness, et cetera. These are common industry wide. We always want everything resolved faster.

We previously used FortiGate. We switched as we wanted something that had easy management capabilities, so we moved to Cisco. We thought that Cisco would be a bit more mature.

The initial setup is a little bit difficult. It's pretty straightforward, although if we look at it relative to other products on the market, we feel that the other products are easier to set up compared to this one.

The pricing is actually pretty high, especially if you compare it to other solutions that are out there. They are comparable but cost less.

The advice we would give to other organizations is to look at the administrative overhead, and also to pay close attention to when the company is deploying it. We feel that there are certain feature functionalities that might not be mature depending on a company's use case. Everything depends on use cases. A company needs to evaluate its own unique use case, and look at the product feature functionality. A company also needs to look at some of the administrative overhead before they choose the product to make sure that it is suitable for their environment.

This solution overall I would rate at seven out of ten. I would say it's a good product if you look at the primary functionality, which is intrusion prevention. It's is one of the best out there, however, the issue is it's been wrapped around an administrative layer which is quite difficult compared to other products. They've got a really good engine as far as IPSs go, and that's the most important thing. 

We use it on the perimeter, for our infrastructure between our network and our bank's network.

The solution is very powerful coupled with Firepower. It's great for filtering.

The pricing is very expensive. They should make their equipment more affordable.

Cisco should offer better integration capabilities and offer an easier integration process.

This current solution is stable. Last time, we worked with Cisco ASA 6500. That solution sometimes froze and we had to reboot the system. This one, as I mentioned, seems fine. We don't have this problem.

The solution is very scalable, but the main issue surrounds the cost to do so. Scaling can be very expensive. Our network isn't too big. We have around 60 users.

Cisco offers very good technical support. I have no complaints about that. 

We attended the Cisco training, as we always do. When we buy equipment from Cisco, they also give us learning credits. With those learning credits, it makes it easy to attend training. In terms of the knowledge they share surrounding the equipment, it's very good. We don't have a doubt about what to do.

The initial setup of NGIPS was fine. Firepower took the most time. We took about three months to deploy the solution. 

You only need two people for deployment and maintenance. 

We implemented the solution by ourselves. Last time, we worked with a company that deployed for us, but it turned out not to be necessary. We realized we can deploy by ourselves, and attend the training and support by ourselves. 

The advice I would give to others thinking about implementing the solution is to make sure you have a solid knowledge of the network. 

I would rate this solution eight out of ten.

We use the solution to secure our client's networks.

Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use.

It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution.

One feature that is lacking is full interoperability with CLI.

You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.

Technical support is quite good. With firewalls, the last cases I had with Cisco were professionally handled quite quickly and it was great. I can compare with some other manufacturers. FortiGate is awful, for example. I'm generally pleased with Cisco.

The solution has a moderate amount of difficulty. You need to go over and use the documentation.

Cisco has a device manager now but this device manager is not like all device managers from ASA. It lacks a lot of features, and some of these features are very important. It makes it a challenge to configure because of the graphical interface. You have to install the management center and that itself takes time and it's not so simple.

We use the on-premises deployment model.

Ten years ago, when you sold Cisco to clients, customers complained about the price but they knew they were buying the best product in the market. It is totally different now. If they want to buy the best product in the market, they buy Palo Alto or Check Point. Cisco is trying to catch up to the competition.

When we talk about just the IPS manufacturers, I would rate the solution around six or seven out of ten. If we're talking about Cisco as a whole, I would rate them eight out of ten.  

We use this solution as part of our firewall.

This is a great firewall.

I have had a lot of problems with false positives and it would be helpful if this were improved.

I would like to see integration with monitoring tools such as Nagios or BMC.

An improved dashboard would be great.

This is a stable solution.

I have not had contact with technical support.

Prior to this solution, I used the Sophos XG 430.

The initial setup for this solution is complex.

The deployment took four months.

We had a reseller assist with our deployment.

Cisco products are always expensive, but if you can afford the price then it's a great solution. When I compare to Sophos, for example, Sophos is cheaper.

This is a great product. My advice for anybody who is considering this solution is that I would recommend it to anyone who can afford the price of the license.

I would rate this solution an eight out of ten.

We primarily use this solution as an application filter and for IPS. We have an on-premises deployment.

The most valuable feature of this solution is the support.

I would like to see the total performance for the users improved.

We have a need for security, so we would like to see more protection against virus attacks and ransomware attacks.

The inclusion of bandwidth management features would improve this product.

I would like to have an API for application development.

This solution is one hundred percent stable.

We are very satisfied with the technical support for this solution.

The initial setup of this solution is straightforward.

Licensing fees for this solution are $3,500 USD, and there are no additional costs.

This is a good solution that I recommend, but there is room for more features to be included.

I would rate this solution a nine out of ten.