Try our new research platform with insights from 80,000+ expert users

Cisco Security Cloud Control vs FireMon Security Manager comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 27, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Security Cloud Control
Ranking in Firewall Security Management
14th
Average Rating
8.2
Number of Reviews
15
Ranking in other categories
No ranking in other categories
FireMon Security Manager
Ranking in Firewall Security Management
5th
Average Rating
8.2
Reviews Sentiment
7.5
Number of Reviews
56
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Firewall Security Management category, the mindshare of Cisco Security Cloud Control is 1.5%, up from 1.3% compared to the previous year. The mindshare of FireMon Security Manager is 17.8%, up from 15.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewall Security Management Market Share Distribution
ProductMarket Share (%)
FireMon Security Manager17.8%
Cisco Security Cloud Control1.5%
Other80.7%
Firewall Security Management
 

Featured Reviews

Vivek Balaji - PeerSpot reviewer
Useful guides, excellent support, integration could improve
Cisco Defense Orchestrator has useful guides for the steps that need to follow by users Cisco Defense Orchestrator can improve by providing more support for third-party security components. I have been using Cisco Defense Orchestrator for approximately eight months. The Cisco Defense…
Ganesh-Khutwad - PeerSpot reviewer
Rapid policy insights with robust dashboards and cross-vendor automation
FireMon Security Manager is excellent for real-time compliance management. It allows us to quickly retrieve any policy needed for testing and easily analyze it for loopholes. If a loophole exists, FireMon provides comprehensive details within the policy manager. It alerts us to firewall rule additions or changes that violate compliance policies. It supports various firewall platforms, including Checkpoint, Zscaler, Fortinet, Cisco, and AWS, and provides centralized management for all configured policies through a single console. FireMon Security Manager provides many features, like whether my firewall is compatible with required standards such as NTP and SNMP. Each compliance included in our RFPs is shown in the UI of FireMon. It gives robust and clear dashboards, making it easier to understand risks because the policies have ratings showing usage, and the number of hit attacks. It streamlines our compliance reporting processes by providing comprehensive risk and compliance assessments. It offers a range of features, including verification of firewall compatibility with protocols like NTP and SNMP, and detection of signal charges. FireMon effectively addresses all compliance requirements outlined in our RFPs. For instance, it can determine if firewalls or proxies within a stack are configured in Secure Mode or Active-Active mode. FireMon Security Manager enables us to generate reports on all these aspects, ensuring thorough compliance monitoring and documentation. FireMon Security Manager is robust and can help automate firewall policy changes across large multi-vendor enterprise environments. FireMon Security Manager helps automate firewall policy changes across various environments, including on-premises, cloud, hybrid, SASE, and SD-WAN. It also simplifies cleaning up firewall rules in our environment. The time required to accurately create, approve, and deploy firewall policy rules has been reduced. Tasks that took 30 minutes can now be completed in just five minutes using FireMon. FireMon provides immediate visibility into our policies through a robust and clear dashboard, making it easy to identify errors or misconfigurations based on the policy rating.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy."
"The most valuable feature is the Intrusion prevention."
"There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"Policy test, access path analysis, and change reports."
"The most valuable features are the security assessments and the ability to identify unused rules or objects."
"The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place."
"The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,"
"Overall, I would rate this solution a nine out of ten."
"It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
"The most valuable feature for me is its capability for cleanup and managing the complexity of security products."
"We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy."
 

Cons

"Cisco Defense Orchestrator should be made more user-friendly overall. Currently, to use it effectively, one must be specific with the rule set that needs to be set up."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"The dashboard needs to be more customizable to provide better reporting for our network."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly."
"To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated."
"The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support."
"The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing."
"Sometimes, there is a problem related to the sizing itself. If we have many devices added or if the firewall complexity is huge, we might experience some lag in processing. It may relate to the hardware specifications."
"A feature that could be improved is support for more devices, not just the firewall."
"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."
"The issue for me started with Fortinet not being able to see things correctly. It lost its appeal in terms of what it could do for me from a security standpoint, so I do not pay as much attention to it."
 

Pricing and Cost Advice

"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"If you compare to what is available on the market, they are in the same range with respect to pricing."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
"It's around £500 per unit for a three-year license."
"The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average."
"This is an expensive solution. The cost of three modules for three years was approximately one million."
"We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time."
"Relative to what it offers, the price is fair."
"The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin."
"Pricing is reasonable."
"FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated."
"Its pricing is good. Compared to others, it is not so expensive."
report
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
871,469 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
47%
Manufacturing Company
12%
Financial Services Firm
6%
Performing Arts
4%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
12%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise3
Large Enterprise6
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise9
Large Enterprise44
 

Questions from the Community

What needs improvement with Cisco Defense Orchestrator?
Cisco Defense Orchestrator should be made more user-friendly overall. Currently, to use it effectively, one must be specific with the rule set that needs to be set up. Additionally, I suggest impro...
What is your primary use case for Cisco Defense Orchestrator?
Our primary use case for Cisco Defense Orchestrator is the automation of playbooks. We primarily use it for this purpose to streamline processes.
What advice do you have for others considering Cisco Defense Orchestrator?
Those who want to use Cisco Defense Orchestrator should build their own use case and see if it fits their environment. The most significant benefit for us is the response time because it automates ...
What do you like most about FireMon?
I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement.
What is your experience regarding pricing and costs for FireMon?
Comparatively, FireMon has a very good price and is below the general competition in cost. I have not seen any additional fees beyond the general contract fees for the usage I have. So, I have not ...
What needs improvement with FireMon?
For one company I work with, I use Fortinet, and FireMon is not able to understand the zones that Fortinet uses. Part of that compliance piece does not provide me with the necessary information. An...
 

Also Known As

Cisco Defense Orchestrator, CDO
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Insurance Company of British Columbia, Shawmut
Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Verizon, Wells Fargo
Find out what your peers are saying about Cisco Security Cloud Control vs. FireMon Security Manager and other solutions. Updated: September 2025.
871,469 professionals have used our research since 2012.