Cisco Sourcefire Firewalls Review
It makes the discovery of applications and classification of user traffic simple but I'd like to see a roadmap for SSL decryption.


Valuable Features

I'm most impressed with the visibility and control SourceFire solutions provide in to the types of traffic flowing in and out of an environment. It makes the discovery of applications and classification of user traffic simple, which in turn allows an organization to more effectively develop security policies and enforce acceptable use for its enterprise users.

Improvements to My Organization

I've worked with customers that have dealt with malware issues in the past and preventing its spread laterally within the environment has always been a concern. With SourceFire, we've been able to detect malicious files and stop them at the network edge before internal systems are compromised. Leveraging AMP in addition to FireAMP, which is the endpoint malware solution, is incredibly effective at blocking malware at the host level.The other good news is FireAMP can be leveraged along side traditional endpoint anti-virus software. The Defense Center also provides visibility into how malware is moving within the environment so tracking down infected machines becomes much easier for IT staff.

Room for Improvement

The overall product line is sound, but I'd like to see a roadmap for SSL decryption as part of the ASA with FirePOWER solution.

Use of Solution

I've been working with SourceFire product offerings since Cisco's acquisition of the company in late 2014. Prior to the officially branded Cisco solution, I'd worked with open source Snort in various capacities for several years. I've been using Cisco ASA with FirePOWER services, Cisco SourceFire NGIPS/NGFW most recently.

Deployment Issues

Learning the advanced capabilities of the system can take time, but it's rather intuitive. I have not encountered issues deploying base functionality with the offerings at this point.

Stability Issues

Overall, the systems are stable and IT admins have control in to how the sensors operate within the network in the event of failure.

Scalability Issues

There are scalability limitations with FirePOWER on the ASA, so determining anticipated throughput requirements is critical. The standalone IPS sensors can be stacked for increased throughput, so depending on your organizations needs, this may be a better path for some organizations concerned about scalability.

Customer Service and Technical Support

Customer Service:

8/10.

Technical Support:

9/10.

Previous Solutions

I've used Palo Alto's FW/IPS offerings and Cisco's older IPS platform on the ASA. Usually, I don't decide what organizations purchase, but I am impressed with SourceFire's capabilities over the latter.

Initial Setup

Initial set up is straight forward, but there is not much documentation available if you have no experience with the offering. I'd recommend training for all network admins that administer SourceFire systems, especially if you want to leverage some of the advanced features.

Other Advice

Do research in to the types of offerings out there and make a determination of what may be the best fit for your organizations requirements and future security goals.

Disclosure: My company has a business relationship with this vendor other than being a customer: The company I work for is partners with many tech vendors
2 visitors found this review helpful

2 Comments

Chris GurleyReal UserTOP REVIEWERTOP 20

Hey Nick, regarding your room for improvement, as I understand it, the SSL Decryption feature seems to be a resource limitation within the integrated module deployment. The Series 3 hardware required for it likely provides the necessary compute power for the CPU-intensive decryption, inspection, and re-encryption.

It's actually for this exact reason that we are seeking to move our newly deployed FirePOWER Services out of the ASA and into a 7000-family appliance. You can see my soon-to-be-posted review for more info on the limitations I've discovered thus far. Thanks for sharing your take!

09 April 15
it_user383757User

Hey All,
I am using frotinet porduct for more than 10 years, I am studying to move to Cisco ASA5516 with source power, I would like to know how is it stable against fortigate FG300D

Fortigate firewall throughput numbers are totally different from the Cisco ASA5516,
any help?

07 February 16
Guest
Why do you like it?

Sign Up with Email