Cisco Defense Orchestrator vs FireMon Security Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Defense Orchestrator and FireMon Security Manager based on real PeerSpot user reviews.

Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management.
To learn more, read our detailed Firewall Security Management Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is the Intrusion prevention.""The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us.""This product provides excellent centralized device controls and reporting.""For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product.""The bulk changes feature is definitely the most valuable.""If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.""Cisco Defense Orchestrator has useful guides for the steps that need to follow by users.""If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."

More Cisco Defense Orchestrator Pros →

"What I like about FireMon is the ability to track changes made by network engineers on the network.""The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.""In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level.""Policy test, access path analysis, and change reports.""The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,""Vendor agnostic when it comes to integrating with other product.""It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on.""The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."

More FireMon Security Manager Pros →

Cons
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.""CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.""I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.""The dashboard needs to be more customizable to provide better reporting for our network.""I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.""If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO.""They need to work on the user interface. It needs to be improved to make it more user-friendly.""When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."

More Cisco Defense Orchestrator Cons →

"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box.""The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement.""The advanced features are complex in setting up the rules.""One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was.""We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually.""The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly.""I don't like that it comes with bugs, constant issues, and limited functionality.""Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."

More FireMon Security Manager Cons →

Pricing and Cost Advice
  • "It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
  • "It's around £500 per unit for a three-year license."
  • "After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
  • "It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
  • "If you compare to what is available on the market, they are in the same range with respect to pricing."
  • "I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
  • More Cisco Defense Orchestrator Pricing and Cost Advice →

  • "Pricing model seems fair."
  • "Relative to what it offers, the price is fair."
  • "The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin."
  • "Regarding additional costs, if you want things like Policy Optimizer, extra features, that's extra."
  • "We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time."
  • "We pay for it yearly."
  • "FireMon is cheaper than AlgoSec."
  • "Pricing is reasonable."
  • More FireMon Security Manager Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Top Answer:What I like about FireMon is the ability to track changes made by network engineers on the network.
    Top Answer:It's a good value. From a licensing standpoint, our only limitation is the number of devices that we manage. Our environment is small. We have fewer than 20 enterprise firewalls, meaning it's hard to… more »
    Top Answer:FireMon could be made more user-friendly when it comes to creating filters or conducting traffic analysis.
    Ranking
    Views
    1,131
    Comparisons
    343
    Reviews
    1
    Average Words per Review
    204
    Rating
    7.0
    Views
    7,181
    Comparisons
    5,434
    Reviews
    7
    Average Words per Review
    1,117
    Rating
    8.6
    Comparisons
    Also Known As
    CDO
    Learn More
    Cisco
    Video Not Available
    Interactive Demo
    FireMon
    Demo Not Available
    Overview

    Cisco Defense Orchestrator (CDO) is a cloud-based management solution designed to ensure streamlined and consistent security policies across the Cisco security portfolio. Specifically tailored to manage all Cisco Secure Firewall form factors (running either ASA or Firepower Threat Defense (FTD) software), CDO offers real-time visibility and troubleshooting capabilities, effectively enhancing overall network security.

    CDO addresses the challenges of migration, supporting transitions from on-premises to cloud environments and facilitating the shift from ASA to FTD configurations. As organizations embark on their cloud adoption journey, CDO simplifies provisioning workflows for remote branches, reduces operational expenditures related to inventory management, and offers scalability for multi-cloud deployments.

    The increasing complexity of networks, driven by the constant influx of new devices, applications, and cloud services, presents a daunting challenge for managing firewall policies and rules. A typical enterprise environment has millions of rules, and just one simple misconfiguration can lead to devastating consequences like compliance violations, outages, and data breaches. 

    FireMon’s Security Manager is a purpose-built network security policy management (NSPM) platform that automates the management of firewall and cloud security policies to eliminate policy-related risk, accurately and quickly change rules, and meet internal and external compliance requirements.

    • Reduce Risk Manage risk with real-time visibility and control
    • Manage Change Avoid misconfigurations, accelerate business, and improve security
    • Enforce and Maintain Compliance Avoid violations, avoid risk, and avoid fines
    Sample Customers
    Insurance Company of British Columbia, Shawmut
    Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Verizon, Wells Fargo
    Top Industries
    REVIEWERS
    Manufacturing Company43%
    University14%
    Consumer Goods Company14%
    Healthcare Company14%
    VISITORS READING REVIEWS
    Computer Software Company43%
    Manufacturing Company7%
    Financial Services Firm5%
    Government5%
    REVIEWERS
    Financial Services Firm27%
    Insurance Company9%
    Government9%
    Computer Software Company7%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm14%
    Manufacturing Company7%
    Comms Service Provider6%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise21%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business11%
    Midsize Enterprise5%
    Large Enterprise83%
    REVIEWERS
    Small Business14%
    Midsize Enterprise16%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    Firewall Security Management
    March 2024
    Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while FireMon Security Manager is ranked 4th in Firewall Security Management with 52 reviews. Cisco Defense Orchestrator is rated 8.2, while FireMon Security Manager is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". Cisco Defense Orchestrator is most compared with Tufin Orchestration Suite, AlgoSec, Palo Alto Networks Panorama and Azure Firewall Manager, whereas FireMon Security Manager is most compared with Tufin Orchestration Suite, AlgoSec, Skybox Security Suite and Palo Alto Networks Panorama.

    See our list of best Firewall Security Management vendors.

    We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.