IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
June 2022
Get our free report covering Cisco, Darktrace, Check Point, and other competitors of Palo Alto Networks Threat Prevention. Updated: June 2022.
609,272 professionals have used our research since 2012.

Read reviews of Palo Alto Networks Threat Prevention alternatives and competitors

TonyMoore - PeerSpot reviewer
President at www.virtualtechsolutionsusa.com
Real User
Top 5Leaderboard
Prevent unauthorized use of network resources and integrate branch offices with reliability
Pros and Cons
  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

How has it helped my organization?

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

What is most valuable?

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

What needs improvement?

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

For how long have I used the solution?

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

What do I think about the stability of the solution?

Cisco IOS Security is stable, very stable.  

What do I think about the scalability of the solution?

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

How are customer service and technical support?

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

Which solution did I use previously and why did I switch?

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

How was the initial setup?

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Rudi Machilek - PeerSpot reviewer
CTO at Brightstar Communications, Inc
Reseller
Top 20
Integrated management is a great feature and the UI is user friendly
Pros and Cons
  • "Integrated management is a very valuable feature."
  • "IPs are not handled well and the process is unnecessarily complicated."

What is our primary use case?

Any time a firewall is deployed at a customer site, we'll use the intrusion detection, mostly on the input side, on VPN connections, as well as forward connections and established related environments. If you go to a website, you want to be sure it returns the content that it should, for instance. So we'll use IPS both for user traffic originating from behind the firewall, inbound NAT PAT, as well as for VPN connections. We are partners with Fortinet. 

What is most valuable?

Integrated management would probably be the most valuable feature. I can take a single FortiGate and manage switches and access points from a single login. I think it's on par with a Palo or a Check Point. I also like their sandbox. The solution covers what we need for most environments, whether small, midsize or enterprise. That aside, the user interface is pretty good and the packet capture works fairly well. The CLI is their own flavor of everything, but that's going to be true for just about anybody that's out there. IPS has widespread capabilities.

What needs improvement?

The biggest problem we have is the way they handle virtual IPs. It's not handled well at all and even pfSense handles that better. There are three different ways to configure it, depending on whether it is an internal or a through process, and it's just unnecessarily complicated. It would be nice if everybody got together and agreed on some language in their CLIs, but that's not going to happen. If you only dealt with one product on a regular basis, then the problem wouldn't be as evident.

For how long have I used the solution?

I've been using this solution for many years. 

What do I think about the scalability of the solution?

Scalability is relative because a given platform only has so much horsepower. It's not too bad to move from one platform to another, as long as they're on the same software rev. If they're not, then you run into the typical hassles where a backup from an earlier rev doesn't cleanly install on a newer rev. It would be nice if that was a little bit cleaner. 

How are customer service and support?

The customer support is excellent. The first-line tech support is pretty quick about establishing whether they're going to be able to address a given problem. They can often escalate it on the phone, but they're also pretty good and timely if you're going through email. Once you have somebody assigned, it's pretty good.
We also have great local engineering support here in North Carolina. 

How was the initial setup?

The initial setup isn't too complicated for a single WAN. You have to assign your name, your address, set up your aliases and then build rules. I think the VPN configuration could be a little simpler, but it's no harder than setting it up on a SonicWall, for instance. The setup can be done in less than an hour, including running updates and registration. A single person can deploy 10 switches, a pair of FortiGates in HA, and let's say 10 access points. One person will do the programming and then all installation is done by two specialists by code.

What was our ROI?

Fortigate is as cost-effective as its competitors. As the boxes get big, it gets pretty expensive but that's for large organizations that have a substantial IT budget.

What other advice do I have?

My advice is to go through some basic training before trying to take it out of the box because the language that's used to configure FortiGate is not the language used on the Cisco ASA or on WatchGuard, or Juniper. The language is a little different so what you think you're configuring and what you're able to configure are two different things. The way that the policies are applied is different than it is from other boxes. So just because you have a technician-level cert with Cisco, you will not be able to successfully configure a VPN on a FortiGate. 

I rate this solution eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
Greg Tate - PeerSpot reviewer
Information Technology Operations Manager at a tech services company with 51-200 employees
User
Top 20
Great for detection and access with the capabilities of defining specific rules
Pros and Cons
  • "We are able to define our own rules for detection."
  • "Support is the biggest area for improvement."

What is our primary use case?

We wanted a more robust solution for controlling access to our cloud environments (AWS and Azure). In addition, we wanted our control to be cloud-based. 

Our thought was to find a solution to aid us in being proactive as well as reactive. We have multiple environments in multiple clouds with some areas having delegated administration. The solution we needed was one to reduce the need for administrative headcount to continuously review any misconfiguration. Beyond that we were looking to find a solution for SASE.

How has it helped my organization?

The product has allowed us to proactively mitigate any network access misconfiguration resulting from delegation. 

We didn't have to hire an additional network administration resource to focus on detecting any misconfigurations. Dome 9 has assisted through the pre-canned compliance templates. 

We are able to define our own rules for detection. 

In addition to the Harmony Connect Endpoint bundled VPN, the Harmony Connect SASE is continuing to reduce reliance on traditional VPN to the point we will likely discontinue the use of the bundled VPN.

What is most valuable?

In terms of valuable features, it's hard to choose one. Dome9 and Harmony Connect have both been great in detecting and solving access issues.

As mentioned elsewhere in this review, the Harmony Connect SASE has been extremely valuable in improving our security posture and moving us to a zero-trust mindset (organizationally speaking).

Also, as mentioned, Dome9 has paid for itself through the cost savings of additional headcount. If we didn't have Dome 9, we would keep an additional headcount for the single purpose of detecting network changes within the environment. 

What needs improvement?

Support is the biggest area for improvement. Check Point is responsive, however, their support agents seem to be very siloed in their ability and/or product knowledge. It takes time and escalation to get through most tickets as they are passed from one group to another and then back again. We are able to navigate our support issues with the aid of our account team, so I want to underscore that support is indeed responsive. However, the processes support techs have to follow seem to be the root cause of the support response issues. 

For how long have I used the solution?

I've used the solution for two years.

What do I think about the stability of the solution?

This is where Check Point needs to get operations ironed out. Stable Check Point products are items that haven't been acquired recently. Recent acquisitions seem to lack cohesive functionality.

What do I think about the scalability of the solution?

From what we've encountered, scalability isn't an issue.

How are customer service and support?

Support seems siloed in knowledge, As a result, most support requests require additional management. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used a different solution, however, it was costly and didn't provide the same functionality.

How was the initial setup?

The setup was difficult given the number of products and the lack of a cohesive user experience.  

What about the implementation team?

We implemented the product in-house with the aid of support as part of a POC.

What was our ROI?

We noted ROI after one year.

What's my experience with pricing, setup cost, and licensing?

It seems, as with other services of this nature, opting-in on the bundled licensing is the best bet. I'd suggest looking at the Infinity Plan. 

Which other solutions did I evaluate?

We evaluated Cisco, Juniper, and Palo Alto.

What other advice do I have?

Make sure you have a good vibe from your sales team. They tend to support you in the long run. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ZhulienKeremedchiev - PeerSpot reviewer
Lead Network Security Engineer at TECHNOCORE LTD
Real User
Top 5
Flexible, scalable, and stable, but needs more intuitive interface
Pros and Cons
  • "In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected."
  • "Cisco can do better on their documentation because the product is really hard to understand."

What is our primary use case?

The solution works on a base set of rules to detect malicious traffic or certain exploits, which can be done from both the outside and inside network.

What is most valuable?

In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected. It is quite flexible because it can be deployed on the cloud as well. All the kinks which were in the previous versions were fixed.

What needs improvement?

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.

They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

For how long have I used the solution?

I have been using the solution for approximately five years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. The management center, which controls the sensors, you can deploy it. You have two different virtual appliances, one is for managing up to 25 sensors and the bigger one is up to 300 sensors. The hardware list of the products ranges from, I think, 20 sensors and up to 500. Depending on your needs, you can scale it.

We have three administrators working on the solution and the whole organization is being protected by it.

How are customer service and technical support?

Cisco support is really great. Especially when you have a priority case, when everything is down, you can get an engineer in 15 minutes.

How was the initial setup?

The setup is easy, you do not need hardware. You can just sign up for AWS or Azure and you can deploy it there.

What's my experience with pricing, setup cost, and licensing?

There are licensing fees depending on the features that you are using.

Which other solutions did I evaluate?

I have evaluated Palo Alto in the past.

What other advice do I have?

Before this version of the solution, it was like a normal IPS. The source for IPS was bought by Cisco, and now it is integrated into the Firepower Threat Defense. The Firepower Defense is a unified image of both the previous firewall which Cisco had, the ASA, and the source for IPS. Currently, the FTD is like a UTM device, a unified threat management device, because it has firewall capabilities and IPS capabilities.

I am going to continue using this solution even though I enjoyed using their main competitors product from Palo Alto. I would recommend this solution to others.

I rate Cisco NGIPS a seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
June 2022
Get our free report covering Cisco, Darktrace, Check Point, and other competitors of Palo Alto Networks Threat Prevention. Updated: June 2022.
609,272 professionals have used our research since 2012.