Cisco IOS Security Review

Increased endpoint security but is overall a very complicated product


What is our primary use case?

We use it for endpoint security, to control access to our edge level. Basically, Cisco IOS checks the identity of each endpoint (printers, etc.). There's a specific group allowing the printer to immediately connect to the network. Also, if there is a laptop, for example, then the IOS will tell you, okay this is a laptop, please add the user name and password to access the network. Once it gets authenticated with IOS, they will still do something like posturing, checking the compliance list. For example, if a laptop doesn't have an updated antivirus or updated patches - if it's non-compliant with any one of those things, the system will reject it and isolate it in a special network, so it cannot access our network. 

How has it helped my organization?

Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access. Because Cisco IOS will ask for the identity. So, you will now need to give your identity. If you are not part of the organization, you will not be given access.

What needs improvement?

I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there.

Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.

For how long have I used the solution?

I have been using the solution for 1 year.

What do I think about the stability of the solution?

Initially, we faced some stability problems with the wifi systems. And sometimes it authenticates, sometimes it doesn't. But, overall, it's 90% stable. It's not causing many problems, because, no one is touching that. No one is touching that box.

How are customer service and technical support?

Their support was very bad. We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues. They keep asking about a lot of things. And they know that we are not expert in the system. So, we are wasting our time. And it takes time to respond. Sometimes one single issue will stay on the stack for three weeks, just to resolve it. The last ticket for me reached six weeks, not three weeks even. They are not like that in all products. Just this product.

How was the initial setup?

The initial setup was very complicated. For the initial setup, you need to configure the TAC servers and assigning the password, user name and the group for authenticating, etc. The deployment took more than three months.

What about the implementation team?

We used a vendor. We are not doing anything ourselves except for the basic things. We are using the vendors to do this. Not everything is handled by vendors; only, again, for the complicated products. We try to approach the integrators to do it.

Which other solutions did I evaluate?

I did not evaluate other options. I was thinking maybe Aruba might be a good option, but I did not switch over to it actually because Cisco's a big company and known in the market.

What other advice do I have?

Even now, we are not fully utilizing the features because it'll add complicated things. I would rate this solution 7 out of 10 because of both support and interface. After this experience, next time in any project we are going to go more secure. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email