Cisco Secure Firewall vs Cisco Vulnerability Management (formerly Kenna.VM) comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Cisco Secure Firewall
Ranking in Cisco Security Portfolio
Average Rating
Number of Reviews
Ranking in other categories
Firewalls (4th)
Cisco Vulnerability Managem...
Ranking in Cisco Security Portfolio
Average Rating
Number of Reviews
Ranking in other categories
Risk-Based Vulnerability Management (12th)

Featured Reviews

Josh Schmookler - PeerSpot reviewer
Jun 15, 2023
Provides excellent visibility, helps to respond to threats faster, and their support is also fantastic
The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice. For scalability, they could support a little bit more diverse deployments around clustering and high availability. Currently, it's very active standby, and being able to do a three firewall cluster or four or five firewall cluster would suit some of my deployments a little bit better. It would also help to keep the cost down for the customer because you're buying smaller devices and clustering them versus larger devices.
AshishPaliwal - PeerSpot reviewer
May 19, 2022
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"Firewall help with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it."
"The technical team is always available when we have problems."
"One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI."
"Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
"In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."
"The most important feature is its categorization because on the site and social media you are unified in the way they are there."
"The risk context of any vulnerability is a valuable feature."


"We are looking for software taxi capabilities."
"Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility."
"Implementations require the use of a console. It would help if the console was embedded."
"The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."
"The price can be better."
"You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."
"The content filtering on an application level is not as good as other solutions such as Palo Alto."
"The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics."
"An improvement would be some sort of an integration with any GRC suite."

Pricing and Cost Advice

"It has a great performance-to-price value, compared to competitive solutions."
"The pricing could always be cheaper."
"The pricing is fair compared to competitors."
"Its price is moderate. It is not too expensive."
"Be sure of what features you are ​going to utilize to add/remove some from new bundles."
"The program is very expensive."
"We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier."
"The pricing seems fair. It is above average."
"I think the pricing is based on the number of endpoints, so it's more subscription-based."
Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.
789,442 professionals have used our research since 2012.

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…

Top Industries

By visitors reading reviews
Educational Organization
Computer Software Company
Comms Service Provider
Computer Software Company
Financial Services Firm
Insurance Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use Fortinet too...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the e...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection ...
What do you like most about Kenna.VM?
The risk context of any vulnerability is a valuable feature.
What is your experience regarding pricing and costs for Kenna.VM?
I think the pricing is based on the number of endpoints, so it's more subscription-based. If you have 10 computers versus a million computers, obviously the pricing will change.
What needs improvement with Kenna.VM?
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution lik...

Also Known As

Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
Kenna.VM, Kenna Security, Kenna, Kenna Security Platform

Learn More




Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Find out what your peers are saying about Cisco and others in Cisco Security Portfolio. Updated: June 2024.
789,442 professionals have used our research since 2012.