I'm a senior manager of systems and networks at a tech services company.
We are evaluating both Cisco Firepower and Palo Alto Wildfire.
What is the main difference between the two?
Thank you for helping me. I appreciate it!
Palo Alto was the first company to tackle perimeter protection via applications instead of port blocking their install base is massive including the Fortune 50 Cisco is a household name but when it comes to App FW's Palo is the name and they have much more time within the market place to hone their product sets because they invented this architecture. Fortinet, Cisco CheckPoint, Sophos Barracuda , Cisco etc. they are followers not leaders. I like new technology and have been doing research for many years on great products and some real dogs. Years ago there used to be a saying no one ever got fired for buying IBM
Here are a couple of winners you should look at Critical Start, Secuerlink and Okta sorry got off topic typical Sales Guy... Ha Ha. If anyone wants to take a look at any of these new platforms please let me know - Thx
The biggest difference is that Cisco has many point solutions that are not fully orchestrated or can only forward certain data. Palo Alto Networks (No. 1 winner of Forrester Report Q04/18 for Eco Systems Provider) is different.
What is a Palo Alto ecosystem:
There are certainly more than enough top UEBA solutions for endpoint detection, response and network traffic analysis - EDR and NTA - but most force your analysts to manually merge information, slowing investigation and increasing complexity. The Palo Alto Networks ecosystem Cortex XDR™,
on the other hand, features a cloud-based detection and response app and blindly removes spots by merging network, endpoint and cloud data. The automatic exchange of security-relevant information between and within the integrated solutions is crucial, as is the automated resolution of incidents to relieve the SoC team.
You have Cisco Firepower integrated into the same web-based access GUI than all other Cisco products into one page. And Cisco is a well-known brand with excellent after-sales services worldwide.
About Palo Alto, it seems like a good product also but it does not connect to the same web-based access GUI for Cisco products. And maybe the after-sales services might not be worldwide or not as fast as Cisco.
Hello there. That is a valid question many would have when they evaluate a product. However comparison of Wildfire and Cisco NGFW would not be correct. It should be compared with what is known as Threatgrid from Cisco which does the same function of sand boxing as that of Palo Alto Wildfire. When you compare both they have their own intelligence unit, Cisco has Talos while Palo Alto has Unit 42 and both will give you a decent protection from zero day. However the product can be differentiated only on the support as both are big names and will deliver the best for their customer. However Cisco support for product is better. That’s where the difference is. Palo Alto being pure focused on security, does determine to application level while Cisco being a networking. Company has an integrated strategy. So overall both product are good. Just that level of support is something someone should definitely evaluate before getting their hands in it. Just my 2 cents.
I didn’t work with Cisco Firepower that much but the main difference is that Cisco Firepower is a combined source fire and firewall and they have different mechanisms than Palo Alto Wildfire. It has multiple virtual machines running the malware and gives you the results. If there is no signature it will generate one and upload it to the cloud.
Network Speed is stable in Cisco and security is better in Cisco.
I strongly recommended you proceed with Cisco.
1. The underlying difference is the threat engine both feed from, both are equally good as none of them comes from a small company.
2. Cisco has an edge on a few things such as it has a bigger fleet to natively collect threats, such as switching, routing, wireless, firewalls and so on. Palo Alto, on the other hand, doesn’t have that, however, these days all major security providers integrate their threat feeds.
3. Some basic comparisons of the platforms are below.
* Firepower is an awesome NGFW addition to the Cisco fleet, however, it has gone through a lot of integrations with and without ASA which has resulted in inconsistency, both in terms of its management and capabilities.
* PaloAlto, on the other hand, is another awesome NGFW which provides you not only brilliant security but also ease of management, it has been like this for a while and the platform is consistent and mature.
* Firepower natively lacked routing capabilities out of the box, unsure what is the latest however PaloAlto comes with feature-rich routing capabilities such as BGP, Route-based VPN etc.
* I have found Panorama to be far more simplistic than ASDM. The firepower FMC provides a good intuitive dashboard but I still prefer Panorama for its single pane of glass.
* Logging in PaloAltos/Panorama is simple as compared to typical ASDM logs, FMC has decent logging.
* You may find Palos to be expensive, I am not updated with the new pricing model of both but that is how it was for some time.
Compare Cisco Firepower NGFW vs. Palo Alto Networks WildFire
Cisco Firepower NGFW is ranked 9th in Firewalls with 19 reviews while Palo Alto Networks WildFire is ranked 1st in Advanced Threat Protection with 9 reviews. Cisco Firepower NGFW is rated 7.8, while Palo Alto Networks WildFire is rated 8.8. The top reviewer of Cisco Firepower NGFW writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Traffic is scanned in a single flow which improves the response times for the user". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas Palo Alto Networks WildFire is most compared with Fortinet FortiGate, Cisco Firepower NGFW and Cisco ASA NGFW.
The below link reveals the most significant areas (customer experience, integration, deployment, and configuration, service & support. Hopefully this helps.