What is our primary use case?
Basic IPS functionality for intrusion prevention. We have two kinds of deployment. The one that is Inline and the one that is not Inline, where it's just listening. We have like a tap to which its monitoring traffic. For the one that is kind of offline deployment but for the Inline deployment, all traffic goes through it, like for North-South traffic, towards internet to provide some real-time intrusion prevention.
What is most valuable?
Ir's signature-based. We are also using the anomaly baseline formation, where it links the network, then anything that goes away from the norm is also flagged. Those are the two most valuable features.
What needs improvement?
It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own. It learns patterns, learns what good traffic looks like then is able to stop bad traffic, not just based on behavior but based on every other thing. I think other next-generation IPS solutions are turning towards integration of ML and AI. I need machine learning and the ability to share intelligence.
For how long have I used the solution?
I have been using Cisco NGIPS for seven years.
What do I think about the stability of the solution?
It is pretty stable and has good throughput.
What do I think about the scalability of the solution?
It's scalable. You can add more to it as traffic requires, one cluster can do HA, so it's pretty scalable. In fact, you can cluster up to six chassis on the 4100.
If it's host-based IPS, we can count a number of users and say we have 45,0000 users but for network-based IPS, where it's just picking traffic from different connections when you're trying to go to the internet or when you're trying to come back to the internet it can support up to 10 million concurrent sessions. We have around 200,000 users but it can support 10 million concurrent sessions.
For maintenance, once you configure it, depending on what you call maintenance if it's software upgrade it doesn't take a lot to upgrade it. If it's active/standby you can upgrade the active. The standby becomes the active. Then when the active comes back on, you can upgrade the standby. So usually, at least you have an active/standby scenario, but if you have a cluster, you can take each out of production in codes. We start while others are in production.
If you're talking about maintenance in terms of log collections and shipping of the logs, it's also easy to deploy from that perspective.
How are customer service and technical support?
Cisco has very good support. We get good support from Cisco.
Which solution did I use previously and why did I switch?
We've been using Cisco for a while. Going from the IPS module on ASA or the IPS appliance, we've transitioned from different Cisco IPS solutions to this Cisco Next Generation IPS.
It's been Cisco all along, it's just that this one has more visibility and it's next-generation style compared to the older IPS.
How was the initial setup?
The initial setup was straightforward and easy to deploy. It was very quick.
Which other solutions did I evaluate?
We also looked at Sourcefire.
They bought this particular one from Sourcefire and Sourcefire was the world leader in next-generation IPS before Cisco bought it and I know it wasn't just in terms of visibility and how much it can do but in terms of cost too because it was an open-source project that was going on before Cisco bought it. Cisco bought the enterprise version so I feel it's not expensive, but I've not really checked the licensing cost.
What other advice do I have?
Sourcefire wasn't originally Cisco and it was already a world leader and if I'm not mistaken or quoting wrongly, I think it's from the Snort project. I know the open-source community is still contributing to what Cisco is presenting with FirePower or FireSIGHT IPS. It's an open-source project. You can trust it because of the originality score and with what we've used so far too, I see the difference in the old version and this new one. You get better security compared to these other next-generation IPS out there.
In the next release, I would like to see AI machine learning capabilities built into it.
I would rate it a nine out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?