We performed a comparison between Cisco NGIPS and KerioControl based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its ease of use and its ability to block and allow ports in and out of our organization are the most valuable features. It works very well. It gives us all the information that we need."
"The thing about this solution that I like the most is that it's intuitive."
"It has good intelligence. It does a great job at stopping threats."
"The Malware Detection, threat defense, sandboxing, VPN and mail security have all been valuable features of Cisco NGIPS."
"NGIPS' best feature is the separate IPSec tunnels, which makes the user's data more secure if they want to access it privately."
"The most valuable feature would be the IPS is very important in Cisco Firepower because I can configure deep configuration in IPS and tuning."
"We use the solution for cybersecurity purposes. The tool helps us to identify anomalies that come from internal or external networks."
"It is more or less stable. Sometimes I have some issues normally when we need to upgrade it to newer versions. I think it does the job."
"The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
"The product is affordable."
"The solution provides feasibility regarding cyber privacy."
"The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing."
"The statistic feature enables us to better use bandwidth management. We monitored the use by mobile, type of application, department, and by users. The bandwidth was solid. Our internet speed is optimized for our research."
"The most valuable feature is to provide users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management."
"The reporting needs to be improved. It is hard to get a domain."
"One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system."
"We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license. Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower."
"The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery."
"There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory which was introduced on other products."
"The pricing is very expensive. They should make their equipment more affordable."
"Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use."
"I would like to see a more user-friendly interface."
"It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own."
"The onboarding process could be made a little bit better."
"KerioControl should add more options in VPN features, such as IPsec VPNs, SSL VPNs, and L2TP VPNs, because KerioControl uses a special VPN for their products."
"I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is."
"The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."
"After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening."
"One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to the area of upload and download is extremely slow. There's too much content filtering at that point."
"If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces."
"The one thing that did put me off of the solution was that, after they were taken over by GFI, the licensing and a few other items have gotten very complicated."
"I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology."
Cisco NGIPS is ranked 5th in Intrusion Detection and Prevention Software (IDPS) with 63 reviews while KerioControl is ranked 17th in Intrusion Detection and Prevention Software (IDPS) with 54 reviews. Cisco NGIPS is rated 8.2, while KerioControl is rated 8.0. The top reviewer of Cisco NGIPS writes "Very effective for malware and signature-based anomalies but stability needs improvement". On the other hand, the top reviewer of KerioControl writes "With VPN, any of our guys can log in to the system and effectively be on board; helps with our customers all over the world". Cisco NGIPS is most compared with Check Point IPS, Fortinet FortiGate IPS, Trend Micro TippingPoint Threat Protection System, Cisco Sourcefire SNORT and Palo Alto Networks Advanced Threat Prevention, whereas KerioControl is most compared with Netgate pfSense, Fortinet FortiGate, OPNsense, Sophos UTM and Sophos XG. See our Cisco NGIPS vs. KerioControl report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.