Cisco Secure Firewall Benefits
JT
JoshuaThums
Network Administration Lead at Forest County Potawatomi Community
We definitely feel that we're more secure now than we have been in the past. That goes back to those Zero-day vulnerabilities. An example would be some of the vulnerabilities with Adobe TIF files that were recognized. We run a document management system that wrote the extra, tailing zeros onto all the TIF files, and that was highly exploitable. The Cisco firewalls were able to catch that on the files traveling across our network and highlight it. Those are issues that, without the firewalls actually seeing the north-south traffic in our network, we just didn't have visibility into before. We were running blind and didn't even realize that we were vulnerable in those ways.
Cisco NGFW has excellent visibility through the constructs it has. New vulnerabilities come out and we have hit those multiple times thanks to their solution. We come in on a Monday and, all of a sudden, an application that was working on Friday isn't working. That's because a major vulnerability came out over the weekend. The firewalls, and being able to use the dashboards through FireSIGHT management, provide very good visibility into what's actually going on and why different items on the network are happening. Overall, I would say the visibility is very good.
In addition, among our multiple vendors for firewalls, etc., Cisco Talos really distinguishes Cisco from the Palo Altos and the Barracudas of the world. The work that they do to identify Zero-days and new threats out there, and then document all of that, is invaluable to our organization. I can't say enough about Cisco Talos.
View full review »It has improved the organization because we now have more flexibility with deployment, and we can deploy solutions quickly and more securely. As a result, we're improving the time to implement change.
View full review »We've seen a lot of improvements in terms of cybersecurity resilience and securing our infrastructure from end to end so that we can detect and remediate threats. The visibility with FMC is excellent. Being able to have, for instance, a data center core firewall, an internet edge firewall, and a VPN concentrator device managed by the same FMC and being able to take all of that information and see it in one place is very beneficial from the security posture standpoint. It's a time saver because it makes things easy. I can log in and very easily see what my detected threats are, what's been happening over the last 24 hours, or if there's anything I need to be concerned about. Being able to see who's logging into the VPN, but also what traffic are they sending, what are they bringing back, and being able to have all that in one place is really nice. The integration between the FMC and endpoints is a nice feature and a big time saver in terms of remediating threats and remediating malware and other malicious software.
Buyer's Guide
Cisco Secure Firewall
April 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
SB
Shashidhara B N
Director & CIO of IT services at Connectivity IT Services Private Limited
I don't have any metrics about how ASA has improved operations for my clients, but I can look at their market share relative to Check Point and other competitors. Cisco has a decent footprint today, and it reduced my customers' CapEx. I don't have the numbers. I'm just speaking relatively. Cisco can reduce operational expenditures by around 40 percent. I'm just giving a vague estimate, but I don't have any specific metrics.
Cisco offers two architectures. I can choose the Meraki track if I want an OpEx model or the traditional track, which is a CapEx model. Due to Cisco's tech acquisitions, I have various feature options within the same product. The DNA of Cisco combines the traditional Cisco architecture with the next-generation firewall.
Segmentation can be helpful for some clients. Let's use a financial organization as an example. We have traffic moving through the branch to the core banking. This is where we can employ segmentation. We can do security policy restrictions for branch employees to prevent them from accessing certain financial reporting systems. We can limit them to the branch level.
I can enforce certain policies to prevent all branch traffic from reaching one layer of a particular segment by minimizing the overall traffic on the network. I can always control the traffic when I segment it. This set of capabilities is beneficial when a lot of financial algorithms are done.
View full review »EV
Ed Vanderpool
IT Technical Manager at Adventist Health
Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.
We were able to stop hundreds of threats. For killing threats, we were able to get several hundred now in comparison to the one-off that we used to be able to do.
Dynamic policies are very important for us because we do not have the manpower to really look at everything all the time. So having a dynamic way of really registering, looking at, and having certain actions tied to that are incredibly effective for us in slowing any kind of threat.
We're getting there as far as using the application, using it to go to the application level, we're at the infancy of that. We're looking at definitely tying that into our critical applications so that we can see exactly what they're doing, when they're doing it, and being able to track that.
Firepower's Snort 3.0 IPS allows us to maintain performance while running more rules with the advent of 3.0 comparatively to 2X, we have seen at least a 10 to 15% increase in speed where it seems to be more effective. The updates seem to be more effective in finding malicious information. We've definitely seen at least a 10 to 15% increase on tying policy to 3.0.
View full review »I like the GUI base of Secure Firepower Management Center. Coming from an ASA where it was the ASDM, I like the FMC where you can see everything is managed through one pane of glass.
It's a single pane of glass, we have multiple firewalls. I can click and be on to the next firewall in a few seconds, really.
View full review »All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It is a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms.
PS
Paul Stadlbauer
System Engineer at Telekom Deutschland GmbH
Cisco has a huge variety of products and features. It's a benefit to have the knowledge of all those things and also put it in the firewalling products. The knowledge that comes from other products or solutions that Cisco is selling is finding a place in security as well, and that's one of the key benefits.
There are time savings when you have a good solution in place for stopping or preventing security risks. In general, it isn't saving me time on a daily basis, but there is peace of mind knowing that you are being protected.
JB
Jake Billingsley
Enterprise Architect at People Driven Technology Inc
It's allowed them (our clients) to feel or know that their network is secure, and to put those guidelines in place, or those controls in place, to prevent their users from going out and unintentionally doing something dumb by clicking on the wrong link. It's able to prevent malware. And the Umbrella integration prevents them from getting to those websites if they do happen to be too busy and click on a phishing link or something like that.
As far as metrics or examples, I don't have any that I can specifically say off the top of my head. I will say I definitely have lots of happy customers that are running it and they feel it's a stable solution and one that they can rely on.
View full review »JS
JoelStech
Senior Network Engineer at Orvis
The information coming from Talos does a good job. It marks that information and bumps it up to us. We have rules where we are getting alerts and it does a good job as far as giving us alerts goes. Talos is pretty well-respected. I like the fact that Cisco is working with them and getting the information from them and updating the firewall. We get the vulnerability database stuff updated, and the location stuff gets sent out. I like all that.
In terms of how the ASAs have affected our security posture as an organization, it's done well. We're growing with ASA, with the FirePOWER. When we first started there were a lot of bugs and a lot of issues. But now they're coming forward and acting on requests, things that we want.
We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.
I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.
View full review »It is easier to protect our internal network and identify unknown networks. We can put descriptions on what they are, thus we are able to see different traffic coming from different networks. So, there is better visibility.
View full review »Cisco SecureX is doing a good job for us in terms of securing our infrastructure from end to end so that we can detect and remediate threats. It's detecting what we want it to detect, and it's protecting us from what we want to be protected against. So, it does its job. That's our need at the moment.
It has saved us time. Attackers are constantly trying to get hold of our environment. We've had around 20 to 30 breach attempts to get ahold of our environment. It protects us from that. It also protects us when an attempt is underway. We can see them starting to get into our network, so we can prevent it in time. The time saved varies. It can be days of work.
View full review »It was a requirement from our security and compliance team that any traffic going to the data center needs to be checked and secured. We are almost at the final stage of this project to allow only secure access to the data center. We are almost there. We haven't yet completed the project, but it will definitely be a very critical service for us. Our data center is huge with more than 1,000 applications. It will protect and secure our services.
We are using Cisco firewalls not only in the data center but also on the internet edge. We also have it on the OT system or OT network. We are using most of the products from Cisco, and it was easy to integrate with other services. We have the Cisco ACI solution in the data center. We could integrate Cisco ACI with our firewall. We also have Cisco Stealthwatch and Cisco ISE. We can easily integrate different technologies.
Integration and troubleshooting are the main challenges of having multiple vendors. Having an end-to-end solution from one vendor makes life a lot easier because there is an ease of integration. We don't need a third party. It is also easy in terms of support. One engineer from the same vendor can help us with various technologies. We don't need engineers from different vendors, and we also avoid that common scenario where they start to blame the other one for the issue.
Having an end-to-end solution from the same vendor simplifies the implementation. We are able to have centralized management of different products. We were able to integrate and centrally manage even the older versions of Cisco firewalls.
View full review »Cisco Secure Firewall is a Layer 7 next-generation firewall, providing us with a significant amount of visibility into our traffic patterns and the traffic passing through the firewall. It informs us about the zones that facilitate a smooth data flow, where the data is being directed, and covers ingress and egress all the way up to layer seven. Therefore, I believe the visibility it offers is excellent.
Cisco Secure Firewall is effective in securing our infrastructure from end to end, enabling us to detect and remediate threats. However, the way we currently utilize it may not be the most optimal approach to fully leverage its end-to-end capabilities. Nonetheless, considering its purpose within our usage, it effectively fulfills its intended role.
The ability of Cisco Secure Firewall to enhance our organization's cybersecurity posture and resilience is commendable. Cisco Secure Firewall serves as our primary line of defense, deployed at the Internet edge of every site across the globe.
It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.
It's a great intelligent platform where we can pull all the security insights.
View full review »MR
MohammadRauf
Security Officer at a government
Our response time has improved considerably. Rather than getting an alert from an antivirus which could be instantaneous or missed, we can take a look at the console of the Sourcefire Defense Center and identify the device. We can peek into it and see the reason it was tagged, what kind of event it encountered. We can then determine if it was something legit — a false positive — or a positive.
It has improved the time it takes to do mediation on end-user devices. Instead of it being anywhere from ten to 15 to 30 minutes, we can potentially do it within about five minutes or under, at this point. In some cases, it can even be under a minute from when the event happens. By the time end-user gets a message popping up on their screen, a warning about a virus or something similar from one of the anti-malware solutions that we have, within under a minute or so they are isolated from the network and no longer able to access any resources.
View full review »BB
Bryan Broadhurst
Cybersecurity Designer at a financial services firm with 1,001-5,000 employees
The greatest benefit that this has provided to our organization is that we've been able to adjust the time that it takes to implement firewall changes. It's gone from a week to less than half a day to implement a change, which means that our DevOps team can be much more agile, and there is much less overhead on the firewall team.
I would say that the Cisco firewall has helped us to improve cyber resilience, particularly with node clustering. We're now much more confident that a firewall going offline or being subject to an attack won't impact a larger amount of the network anymore, it will be isolated to one particular element of the network.
We use Cisco Talos to a limited extent. We are keen to explore ways that we could use more of the services that they offer. At the moment, the services that we do consume are mostly signatures for our Firepower systems, and that's proven invaluable.
It sometimes gives us a heads-up of attacks that we might not have considered and would have written our own use cases for. But also the virtual patching function has been very helpful. When we look at Log4j, for example, it was very difficult to patch systems quickly, whereas having that intelligence built into our IDS and IPS meant that we could be confident that systems weren't being targeted.
View full review »The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.
In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.
View full review »FH
reviewer8276195
Product Owner at a manufacturing company with 10,001+ employees
Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.
In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.
In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.
I find it very useful when we're publishing some of our on-prem servers to the public. I am able to easily do the NATing so that they are published. It also comes in very handy for aspects of configuration. It has made things easy, especially for me, as at the time I first started to use it I was a novice.
I have also added new requirements that have come into our organization. For example, we integrated with a server that was sitting in an airport because we needed to display the flight schedule to our customers. We needed to create the access rules so that the server in our organization and the server in the other organization could communicate, almost like creating a VPN tunnel. That experience wasn't as painful as I thought it would be. It was quite dynamic. If we had not been able to do that, if the firewall didn't have that feature, linking the two would have been quite painful.
In addition, we have two devices configured in an Active-Active configuration. That way, it's able to load balance in case one firewall is overloaded. We've tested it where, if we turn off one, the other appliance is able to seamlessly pick up and handle the traffic. It depends on how you deploy the solution. Because we are responsible for very critical, national infrastructure, we had to ensure we have two appliances in high-availability mode.
View full review »Cybersecurity resilience is very much important for our organization. We are in the healthcare insurance industry, so we have a lot of customer data that goes through our data center for multiple government contracts. Making sure that data is secure is good for the company and beneficial to the customer.
It provides the overall management of my entire enterprise with an ease of transitioning. We have always been a Cisco environment. So, it was easy to transition from what we had to the latest version without a lot of new training.
View full review »Cisco Secure Firewall has improved usability in our environment.
The application visibility and control are great. Cisco Secure Firewall provides us with visibility into the users and the applications that are being used.
We are capable of securing our infrastructure from end to end, enabling us to detect and address threats. We have excellent visibility into the traffic flows, including those within the DMZs.
Cisco Secure Firewall has helped save our IT staff a couple of hours per month of their time because it is much easier to use the GUI instead of attempting to manage things through the CLI, which we have to access from the CRM.
We have several clients who had larger security stacks that they were able to consolidate because they were using separate products for IPS or URL filtering. With Firepower, we were able to consolidate all of those into a single solution.
The ability of Cisco Secure Firewalls to consolidate tools or applications has had a significant impact on our security infrastructure by enabling us to eliminate all the additional tools and utilize a single product.
Cisco Talos helps us keep on top of our security operations.
Cisco Secure Firewall has helped our organization enhance its cybersecurity resilience. We can generate periodic reports that are shared with the security teams to keep them informed.
View full review »NH
reviewer2212515
Network Engineer at a healthcare company with 10,001+ employees
We can automate the VPN. The build process and how we've standardized it makes it very easy for us to focus on other tasks. We know that an end user can push a button, and the VPN will get built. They only bring us in for troubleshooting or higher-level issues with the other vendor. Because of that program, the ability to use Cisco ASA every time, in the same way, makes our job easy.
Once we started standardizing and using the same solution, we've been able to correlate that so we know what we are doing. We can train even less experienced and newer guys to do the tasks that in turn frees up the higher-level engineers. It has cut out the VPN work for higher-level engineers. They may have been spending ten hours a week previously, and now they may spend ten hours in the quarter.
It has improved our cybersecurity resilience. It has allowed us to see some differences with partners using weaker ciphers, which allows us to validate what we're using and reevaluate it. We put exceptions in cases where we have to. The security risk team is as well aware of those, and they can essentially go back on a buy-in or see if the vendor has upgraded to plug in a security hole. It has given us that visibility to see where we are weak with our vendors.
These days, it's normal to require that networks be more open because of the recent changes brought about by the COVID pandemic. The need for hybrid work environments and more collaborations has made securing the network more challenging. However, Cisco offers us monitoring and configuration, and with one platform, we are able to be more flexible and be able to control our security and our network.
The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.
Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.
Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that come into your network. You can see anyone who is compromised from within your network.
If customers already have Cisco solutions such as Cisco ISE, Duo, Umbrella, and Endpoint, Cisco Secure Firewall will integrate well with all of them. Our clients will be able to get more data and automate tasks. They can have Secure Firewall automatically shut things down if a threat is detected.
FC
reviewer1667103
Global Network Architect at a agriculture with 10,001+ employees
It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.
It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.
It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.
CN
Christian Boe Nielsen
Infrastructure Architect - Network at a manufacturing company with 1,001-5,000 employees
Cisco Secure Firewall has made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs.
We have the same basic policies everywhere now, which makes it more flexible for us to manage.
In general, the management of our infrastructure is now easy. I can manage remotely. I can manage on-prem. I can always log in. I have a couple of users who work remotely via VPN because of the license. Not everybody works remotely in my organization. For people who work remotely, we have licenses for them to log in remotely from where they are and use the service. So, managing people, resources, and devices is easy. It has been a good experience. I don't intend to change it because it's giving me the service I need.
In terms of money, it has saved a lot of money. A lot of other organizations that don't have this kind of easy-to-manage layer of security are going through different kinds of attacks. We have a culture of being careful, even though you cannot be a hundred percent careful. When I hear that people have some security issues, I come and check my devices, and I notice that my firewall has actually blocked a lot of things. It gives me rest and peace. So, it saves a lot when you consider the cost of the organization's operations going down, even for one, two, or three hours. We would lose a lot if that happens. It probably saves us over a million dollars a year. The investment is totally worth it.
Our network is a little bit flat. We have a load balancer before getting into our network. We have configured the load balancer on the device itself. We have two major service providers. We have a core business application, and there are some people who use the core business application. We also have some light users. We have set up criteria to give priority to the people who use the core business application. I have a provider that gives me 300 MB to 500 MB, and I have another provider that gives me 20 MB to 25 MB as a backup. I have set priority based on the usage. If you're using the core business application, it pushes you to the fast network. Otherwise, it sends you to the other network. All that has been done on the firewall. It has been very good for this. I have no complaints.
It enables us to implement dynamic policies for dynamic environments, which is important for us. We can control the network based on different kinds of users. We can quickly and easily define the policies. We can set priorities based on different applications, systems, and users on our network.
FM
Francesco-Molino
Practice Lead at IPConsul
We are implementing Cisco Firepower at the Inter-VRF level so we can have some segmentation. For example, between ACI and all the Inter-VRF being done through Firepower, we are able to inspect local east-west traffic. It is great to use Cisco Firepower for segmentation, because on the Firepower, we now have a feature called VRF. So, you can also expand the VRF that you have locally on your network back to the firewall and do some more tweaking and segmentation. Whereas, everything was coming into a single bucket previously and you had to play around with some features to make sure that the leaking of the prefixes was not advertised. Now, we are really working towards segmentation in terms of routing in Firepower.
The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.
Since SecureX was released, this has been a big advantage for Cisco Firepower. You can give a tool to a customer to do some analysis, where before they were doing it manually. So, this is a very big advantage.
WN
reviewer2211633
CTO at a government with 10,001+ employees
We need reliable communication to do what we do, and that's very important. The solution does what we need to do and when we need to do it. It has a great reputation for the support that we need because if things don't work within the Department of Defense, people don't survive. Communication and keeping the adversary out are key components of our work. So we need a robust, reliable, and secure product, and that's what Cisco provides us.
View full review »ZK
Zhanerke Kozhabergenova
Sr. NetOps Engineer at Smart Cities
We have several integrations. One of them is between Cisco ISE and FMC, which allows us to monitor and control our users. Additionally, we integrated Cisco ISE with FTDs to function as a remote VPN server and control the traffic and behavior in our VPN network. We also use ISE as a TACAC server and integrated it with Cisco ACI and all of our devices. Furthermore, we use NetBox as a source of truth for our ISE, which helps us track all of our devices from the network and ISE.
FC
reviewer1667103
Global Network Architect at a agriculture with 10,001+ employees
Cisco Secure Firewall has not necessarily improved our organization as much as it has protected it against the impact of cyber threats. Our organization runs manufacturing plants that have hazardous material and we don't want that manufacturing process to be impacted by break-in exposure and cyber threats.
Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us.
View full review »SV
Shawn Vessels
Critical Infrastructure at Wintek Corporation
It has simplified the internal network, so we don't have to worry about one device failing and losing connectivity. High availability is always there.
KB
Kamal Benmekki
CTO at Intelcom
Cisco adds value by providing various solutions such as Umbrella and Duo. It's a combination. An existing firewall system only protects or controls flow on a daily basis in a normal production environment, but when it comes to security threats, we need to add more components. This is why Cisco is offering a wide range of products. Cisco is completely handling all the aspects from end to end with micro-segmentation, for instance. Identity Service Engine can handle the end-users' protection, and in the end, for the data center, we have different tools, and this is how we can cover end-to-end solutions.
We are using Firepower to protect a number of services.
We are using it in a dynamic environment. This is important for our company's policies. The dynamic policy capabilities enable tight integration with Secure Workload at the application workload level.
View full review »DC
reviewer1657845
Senior Network Security Engineer at a tech services company with 11-50 employees
The integration of network and workload micro-segmentation help us provide unified segmentation policies across east-west and north-south traffic. It is important to have that visibility. If you can't detect it, then you can't protect it. That is the bottom line.
The solution has enabled us to implement dynamic policies for dynamic environments. These are important because they give us flexibility and more granular control of access.
View full review »MB
Matt Back
Cyber Security Practice Lead at Eazi Security
One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.
Cisco implemented a role-based access control for Firepower, so you can have very granular accounts. For example, a service desk analyst could have read-only access. If we have a security operations team, then they could have access to update IPS vulnerability databases. A network engineer could have access to update ACLs, not rules, which is quite useful. Also, you can selectively push out parts of the policy package based on your role-based access control. So, if you have one job role and work on one part of the configuration, and I work on another job role working on a different part of the configuration, then I could just deploy the changes that I have made without affecting what you are doing (or without pushing out your changes). It is quite nice to be able to do that in that way.
View full review »MK
reviewer1512729
IT Administrator / Security Analyst at a healthcare company with 11-50 employees
This product enriches all of the threat data, which I am able to see in one place.
There's nothing I personally have needed to do that I haven't been able to do with the firewall. It integrates so tightly into how I spend the majority of my day, which is threat response.
Much of this depends on any given organization's use case, but because I was an early adapter of Cisco Threat Response and was able to start pulling that data into it, and aggregate that with all of my other data. As I'm doing threat hunting, rather than jump into the firewall and look in the firewall at events, I'm able to pull that directly into Threat Response.
The ability to see the correlation of different event types in one place, these firewalls have definitely enriched that. You have Umbrella, but there are so many different attack types that it's good to have the DNS inspection at the firewall on the edge level too. So, the ability to take all of that firewall data and ingest it directly via SecureX and into our SIEM, where I have other threat feeds, including third-party thread feeds, gives our SIEM the ability to look at the firewall data as well. It lends to the whole concept of layering, where you don't have to have all of your eggs in one basket.
With our Rapid7 solution, I'm able to take the firewall data and dump it into our SIEM. The SIEM is using its threat feeds, as well as the threat feeds that are coming from Cisco Talos. In fact, I have other ones coming into the SIEM as well. So, I'm able to also make sure that something's not missed on the Talos side because it's getting dumped into our SIEM at the same time. All of this is easy to set up and in fact, I can automate it because I can get the threat data from the firewall.
In terms of its ability to future-proof our security strategy, every update they've done makes sense. We've been using one flavor or another of Cisco firewall products for a long time. Although I have friends that live and die by Fortinet or Palo Alto, I've never personally felt that I'm wanting for features.
AI
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
I have a two-part business. First, we provide solution services as a vendor for multiple customers working as a consulting firm. I'm providing multiple customers with support on-premises for Cisco products right now.
We are not able to use these products internally in our company. The second part of the business is my status or core business which is basically operating as a software solution provider.
I have personally engineered these Cisco firewall solutions for clients. When we implemented it, it was easy. We have to maintain high-end abilities in order to ensure the availability of high-end support for the clients. I generally have to look at everything. Later on, we were able to upgrade the Cisco Firepower NGFW easily. We were able to connect from the beginning to implement the complete number of files in the system.
We deploy for other organizations. I don't work on our own corporate firewalls, but I do believe we have some. But it definitely improved things. It enabled my clients to have remote users, thousands of them, and they're able to connect seamlessly. They don't have to come into the office. They can go home, connect to the VPN, log on, and do what they need to do.
With what is going on in the world, e.g., hybrid work and work from home, and everything that happened, VPN was everything to us. Without it, we wouldn't have been able to operate.
Typically, before COVID hit, we were a very much work-in-the-office type of environment with five to 10 people on our VPN solution. We quickly ramped up to 500 people when COVID happened, which is the majority of our full-time users. Onboarding our entire company onto this solution was pretty cool.
View full review »We have faced multiple issues regarding bugs with Cisco Firepower products. A running product is hit with bugs most of the time, and we had a lot of challenges in using the Cisco Firepower product, actually. In the future, we are planning to replace it, or at least use it instead as a secondary firewall.
It helped us with the transition to working from home and hybrid working. Because of its VPN capabilities, it enabled us to keep working while everyone had to stay home because of COVID.
It integrates well with other systems within our environment.
View full review »JP
JayPatel1
Network Engineer at Ulta Beauty
Cisco ASA is pretty good. We use it for Layer 3 and as our main firewall, protecting the entire organization. All our Internet traffic goes through it.
View full review »PC
PaulChauchis
Security Architect
When you put FTD between your internet and network units, you can get valuable insights about your encrypted traffic on the web, DNS traffic, and the like. It gives us statistics up to Layer 7.
Although I can't go into the details, the way the solution has helped our organization is more on the root-cause side when there is an incident, because we get very detailed information.
FTD's ability to provide visibility into threats is very good, if the traffic is clear. Like most companies, we have the issue that there is more and more encrypted traffic. That's why we use Stealthwatch instead, because we can get more information about encrypted traffic. But FTD is pretty good. It gives us a lot of details.
We put them in in-line and in blocking mode and they have stopped some weird things automatically. They help save time every day. We have 150,000 people all over the world, and there are times when computers get infected. It helps save time because those infections don't propagate over the network.
The fact that we can centrally manage clients for our IPS, and that we can reuse what we type for one IPS or one firewall, makes it easy to expand that to multiple sites and multiple devices. Overall, it has been a great improvement.
View full review »FS
reviewer1895589
Security engineer at a energy/utilities company with 10,001+ employees
We definitely feel more secure. We have more control over things going in and out of our network.
Cybersecurity has been our top priority because of the last few attacks on our peers in the oil and gas industry.
View full review »So far, there hasn't been any breach, so we are very happy.
It has also helped to reduce the operational costs of our firewall. There is a report that is automatically generated. You don't have to search for and prepare everything by yourself. You don't need staff to prepare the information because it is automated. We only go through this report once a week and if there are some special events, we can take care of them.
View full review »SM
Syed Mohsin Ali
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
Remote access through the VPN wasn't available in the old firewall that we used, so that was a value-add. That's one way Cisco ASA has impacted our company. Also, from an administrator's perspective, newcomers have a shorter learning curve working with the ASA firewalls.
Also, when we deployed it on the data center firewalls, we did some microsegmentation using different subnets for the whole environment, including UAT and production. We didn't have segmentation before, but with the growing security needs, we segmented the servers. For each of the subnets we made different gateways on the firewall. That helped us achieve the requirements of the latest standards.
Thanks to the IPS, the malicious traffic has dropped. Initially, when we deployed the IPS, it gave us some problems. But after a week or two, it worked very well. I used a balanced security policy when I integrated it with the FMC server. On the FMC, the GUI gives me a very good, extensive view of what traffic is getting dropped and at what time. It gives me all the visibility that I need.
View full review »Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco, although sometimes considered to be "behind the times" with firewall technology, continues to prove it has momentum in the industry through acquisitions such as Sourcefire and OpenDNS, with rapid integration into their systems. Additionally, ASA is synergistic with other security offerings from Cisco, such as ISE, remote tele-office workers, etc.
View full review »TO
TomOneill
Solutions Architect at Acacia Group Company
Using Cisco Secure Firewall has helped grow our familiarity with people that know Cisco.
View full review »MW
reviewer2146893
Executive Vice President, Head of Global Internet Network (GIN) at a tech services company with 10,001+ employees
I'm working with security. It improves the security posture of our customers and protects them from threats. We recently saw a bunch of hacks in Germany and our customers are concerned. We help to protect our customers from that, and that's very important.
The analysis tools and encrypted traffic analysis save time. They help detect security threats and incidents that can cause outages for customers. It's a great improvement.
MK
reviewer1288518
Security admin at a wholesaler/distributor with 10,001+ employees
This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.
It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.
MB
reviewer1376670
Director IT Security at a wellness & fitness company with 5,001-10,000 employees
In terms of logging, that has been a big benefit because it is a fairly straightforward and easy process to log results. We stream through a folder and that information goes out to Splunk. It delivers immediate value. While Firepower reporting is generally pretty good, there is some delay, as far as when information shows up and updates the internal Firepower reporting mechanism. What we found is if this information is streamed into a SIEM, then it can immediately apply additional enrichment on top of it and build slightly more relevant, near real-time reporting, in comparison to doing it directly from Firepower. In terms of value for Firepower data, the ability to stream that out as a log, then characterize and enrich it within the SIEM that is where we gain the most value from a security perspective.
The solution’s ability to provide visibility into threats is good. Combined with Cisco's own trend intelligence characterization as well as the creation and application of that sort of tag into the stream of data that Firepower detects, that immediately tells us which threat type it is:
- Does it belong to a threat group?
- Is it an IP block list?
- Is it a URL block list?
- Is it a known threat?
- Which threat list does it belong to?
All this additional information is definitely useful. We treat it personally as set and forget because we are in the block mode - intrusion prevention mode. We don't let threats in. We err on the side of being overly protective. This is opposed to letting in threats, then detecting, identifying, and taking action on stuff that got through. Instead, we just block it. In our day-to-day operations, normally what was blocked is generally useful, but it's not operationally important.
It is set up to automatically apply the blocks and use the threat intelligence delivered by Talos as well as the intrusion prevention rules. All of that is entirely automated.
It has improved our organization's security posture dramatically. It has definitely given us modern protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats, so we can be protected against them.
View full review »MS
Maharajan S
VSO at Navitas Life Sciences
Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.
KB
reviewer1884756
Data center design at a comms service provider with 10,001+ employees
Cisco ASA provides great security for our applications.
View full review »CT
reviewer1885305
Analytical Engineer at a pharma/biotech company with 10,001+ employees
It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that.
The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.
With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.
View full review »The usability, with the GUI front end, certainly helps and it means you don't have to be a command-line person. We have to get away from that now because if you put the typical IT admin in front of a CLI they might struggle. Having something graphical, where they can click in logs to see what's going through the firewall— what's been denied, what's being allowed—very quickly, helps to get to a diagnosis or know something has been blocked. And when it comes to making changes within the environment, that can be done very quickly as well. I've seen something be blocked within a couple of minutes, and any IT admin can make a change through the GUI.
View full review »BG
Beka Gurushidze
System Administrator at ISET
Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization.
We have an opportunity to grow now. The Cisco ASA NGFW firewall can be upgraded to another version, so it's better for us long term. It is much better because we can control the traffic that students are accessing and downloading. There are still a lot of improvements that can be done.
TI
reviewer2109165
Senior Network Consultant at a healthcare company with 1,001-5,000 employees
It saves time because it's easy to operate and it's easy to add new zones or firewall rules. It's also easy to troubleshoot. It's a neat platform.
RW
Roger Waelen
System Administrator at a healthcare company with 501-1,000 employees
It certainly saves time. You can detect anything if you have nothing. This is why, in the end, it saves time.
View full review »PC
Paul Crist
Senior Engineer at Teracai Corporation
If we have a power failure at one building, traffic can be routed to our other building. We also have backup data stores. I live in the Northeast, so in the event of ice storms that cause power outages, it really enables us to keep functioning as a company rather than going dark for the amount of time it takes to get the power back.
View full review »IK
reviewer2212692
Network Engineer at a tech services company with 5,001-10,000 employees
Being able to create and apply new policies to the firewall has been helpful. It is an object-oriented way of doing things that helps a lot because we can build and apply new policies. We can also test it and revert to the old one if it doesn't work.
View full review »CM
reviewer2147430
System Engineer at a computer software company with 201-500 employees
They address services that belong together. For example, the Secure Client provides remote access. Authentication and multiple-factor authentication are two different products that belong together. There should be a link between both products and between both management interfaces to see, for example, troubleshooting or reporting so that you have both sources together.
It would be great to have all the data correlated to have an overview and one point of administration.
The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview.
IronPort stuff looks at first a little bit outdated. It's not a fancy-colored view, but it does its job and is extremely helpful. Debugging on this platform is very easy.
Cyber security resilience is really important for our organization. It is necessary for all the points for interconnections between LAN networks and WAN networks as we receive daily attacks.
Security-wise, it's given us the protection that we were looking for. Obviously, we're using an in-depth type of design, but the Cisco ASA has been critical in that stack for security.
View full review »RG
Raufuddin Gauri
Network & Security Engineer at Oman LNG L.L.C.
It integrates with other Cisco products. We use Cisco ASA and Cisco FTD, and we also use Cisco FMC for monitoring and creating policies. For internal network monitoring purposes, we use Cisco Prime. We also use Cisco ISE. For troubleshooting and monitoring, we can do a deep inspection in Cisco FMC. We can reach the host and website. We can also do web filtering and check at what time an activity happened or browsing was done. We can get information about the host, subnet, timing, source, and destination. We can easily identify these things about a threat and do reporting. We can also troubleshoot site-to-site VPN and client VPN. So, we can easily manage and troubleshoot these things.
Cisco FMC is the management tool that we use to manage our firewalls. It makes it easy to deploy the policies, identify issues, and troubleshoot them. We create policies in Cisco FMC and then deploy them to the firewall. If anything is wrong with the primary FMC, the control is switched to a secondary FMC. It is also disconnected from the firewall, and we can manage the firewall individually for the time being. There is no effect on the firewall and network traffic.
Cisco FMC saves our time in terms of management and troubleshooting. Instead of individually deploying a policy on each firewall, we can easily push a policy to as many firewalls as we want by using Cisco FMC. We just create a policy and then select the firewalls to which we want to push it. Similarly, if we want to upgrade our firewalls, instead of individually logging in to each firewall and taking a backup, we can use Cisco FMC to take a backup of all firewalls. After that, we can do the upgrade. If Cisco FMC or the firewall goes down, we can just upload the backup, and everything in the configuration will just come back.
We can also see the health status of our network by using Cisco FMC. On one screen, we can see the whole firewall activity. We can see policies, backups, and reports. If our management asks for information about how many rules are there, how many ports are open, how many matching policies are there, and which public IP is there, we can log in to Cisco FMC to see the complete configuration. We can also generate reports.
With Cisco FMC, we can create reports on a daily, weekly, or monthly basis. We can also get information about the high utilization of our internet bandwidth by email. In Cisco FMC, we can configure the option to alert us through email or SMS. It is very easy.
View full review »MB
Manuel Briones
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
The ASA firewalls have undoubtedly helped us to improve our infrastructure throughout the corporation and currently we have just over 50 firewalls - all of them in different parts of Mexico.
This infrastructure has been improved since, in our corporation, we handle the dynamic EIGRP protocol, which Cisco owns, and this solution has given us a geo-redundancy in our company. In case of presenting a problem with a firewall or a link, it performs an immediate convergence where end-users do not detect a failure, helping us to maintain a 99.99% operational level at all times.
View full review »MB
Mitku Bitew
Head of Network Administration Section at Zemen Bank S.C.
It is a security device, and it is useful for securing our environment. It provides role-based access and other features and helps us in easily securing our environment.
It provides visibility. It has been helpful for packet inspection and logging activities for all kinds of packets, such as routing packets, denied packets, and permitted packets. All these activities are visible on Cisco ASA. There are different commands for logging and visibility.
We use Cisco ASA for the integration of the network. Our company is a financial company, and we are integrating different organizations and banks by using Cisco ASA. We are using role-based access. Any integration, any access, or any configuration is role-based.
View full review »CM
In432TchMn89
IT Manager at Citizens Bank
The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.
View full review »MC
reviewer1895580
System programmer 2 at a government with 10,001+ employees
Cisco Firepower NGFW Firewall was introduced as a migration of many firewalls into one. Just having one firewall with one place of security and one place to look for your packets has really helped.
View full review »RS
reviewer1895514
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees
It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.
View full review »AS
reviewer1895487
Senior Network Architect at a tech services company with 10,001+ employees
It is stable. We saw benefit from this in just a few days.
View full review »CE
reviewer1885329
Network engineer at a government with 10,001+ employees
It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.
View full review »ZK
Zhulien Keremedchiev
Lead Network Security Engineer at TechnoCore LTD
Cisco Firepower NGFW has improved our organization by giving us the opportunity to protect both our network and our customer's environments. Being able to work with the device in a lab environment and utilizing the whole feature set is really easy with the Evaluation licenses of 90 days on the FMC. The only thing that you need is an environment with enough resources to virtualize both the FMC and FTD sensors.
I would like to emphasize the easy-to-use evaluation period of the Cisco Firepower NGFW because many other firewall vendors lack this and it is a real pain having to test everything in production environments because you cannot build a good lab environment without paying for licenses.
View full review »We feel secure using Cisco firewalls. That's why we're using them. Cisco has never disappointed us, from a business point of view.
View full review »NM
Neil McFadyen
Supervisor of Computer Operations at Neil McFadyen
It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.
View full review »BL
reviewer2212524
Network Engineer at a construction company with 1,001-5,000 employees
Cisco Secure Firewall played a crucial role in enabling all our users to establish remote connections from their homes.
Cisco Secure Firewalls' application visibility and control are beneficial because they provide a management console that allows us to view logging and sessions.
It enhances our organization's cybersecurity resilience by enabling us to deploy multiple instances of it both in Azure and on-premises. This redundancy ensures that in the event of an outage or any other issues, we can seamlessly switch to alternative locations.
View full review »HG
reviewer2109006
Daglig leder at a tech services company with 1-10 employees
It saves time. It protects us from experiencing big or small attacks. If we are vulnerable to attacks, it would take us a lot of time to fix that and put out all the fires. Hopefully, we won't need that when we have several layers of security.
View full review »HN
Hoang Hanh Nguyen
Network Lead at a tech company with 10,001+ employees
Cisco Secure Firewall improved our organization. We have it in every one of our French offices.
View full review »AM
Alexander Mumladze
Network Engineer at LEPL Smart Logic
Our clients were completely satisfied with this firewall in terms of protection from attacks, filtering of the traffic that they wanted, being able to see inside the zip files, etc.
View full review »EH
EricHart
CEO at NPI Technology Management
In terms of our clients, security is one of those things that, ideally, nobody notices. It improves the functioning in the sense that you don't get hacked. However, from a noticeable, management point of view, the URL filtering is a pretty significant enhancement. People are able to block access to various websites by category. It isn't revolutionary. Lots of products do this. However, it's a nice sort of add-on to a firewall product.
At the end of the day, the solution offers good productivity enhancement to a company.
View full review »EV
EduardoViero
IT Infrastructure Specialist at RANDON S.A
Overall, I would summarize Firepower NGFW's effect on our company's security position by saying that, until now, we haven't had any major security incidents. The investment we made, and the investment we are still making in that platform, have worked because they are protecting us from any risks we are exposed to, having all these remote sites and using the internet as the way to connect those sites. They are doing what they promised and they are doing what we paid for.
View full review »LF
ipmplspr538920
Security Governance at a comms service provider with 1,001-5,000 employees
So far, we are not satisfied by the move. The precedent solution is much more adapted to the Telco environment, although Cisco recommended this platform. Cisco ASA also brought our network down several times due to a memory leakage bug, which is still not resolved.
View full review »I'm not sure the firewall has improved our organization because a firewall is a must. It's something that you pick up and then trust. It just works for us.
View full review »VW
reviewer1885482
Network Engineer at a computer software company with 201-500 employees
It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches.
View full review »MC
Reviewer43898
Engineering Services Manager at a tech services company with 201-500 employees
In some cases that I'm aware of, when moving from specific platforms like Check Point, Firepower has offered a much easier way of working with the platform and deploying changes. For the customer, it's a lot easier in the newer platform than it was in the previous one.
I've done network assessments, where we wanted to get visibility into all flows. I used Firepower boxes for some of those, where we tapped a line and let Firepower see all the traffic. It was incredibly helpful in picking up all of the flows of data. As a result, I was able to give information to the customer, saying, "This is what it's doing and this is what it's seeing in your network." I find it very helpful to get all that type of data. It's got a lot more information than NetFlow-type systems.
There have also been use cases where I'm doing east-west and north-south in the same firewall box. That is possible with SGTs and SD-Access and Firepower. That ability has been critical in some of the designs we've done. A scenario would be that we have an underlay, a corporate network, and a guest network VRF-routed zone; big macro security zones. We are doing micro-segmentation at the edge with SD-Access, but the macro-segmentation between the zones is handled by the firewall. Because we didn't want to split up our east-west and north-south, because there really wasn't a budget for it, they're on the same box. That box is able to do both flows that go towards the internet and flows that go between the different interfaces on the firewall. We're using SGTs in those policies and we're able to extend the logic from the SD-Access environment into the firewall environment, which creates a very unified approach to security.
We're also able to implement dynamic policies for dynamic environments with 7.0. That's becoming more and more important every day. IPs are becoming less important; names and locations and where things live in the cloud mean things are becoming a lot more fluid in the world of security. It's very helpful to have objects and groups that can follow that fluidity along, as opposed to me trying to do it old school and static everything up. No one has time for that. Dynamic policy capabilities enable tight integration with Secure Workload at the application workload level. The IP is less relevant and the application or the VMware tag can be tied to a specific ruleset. It's very helpful to be able to have it be so dynamic now. We're using more and more of those dynamic group concepts.
When it comes to the solution’s tags for dynamic policy implementation in cloud environments, VMware is the primary one I'm seeing these days, but I expect Azure to pick up significantly. The use of these tags for dynamic policy implementation in cloud environments simplifies things. We don't have to have so much static stuff pinned up. We can just have a single rule that says, "If it's this tag, then do this," as opposed to, "If it's this IP and this IP and this other IP, then you're allowed to do this thing." By disconnecting it from the IP address, we've made it very flexible.
AM
Alexander Mumladze
Network Engineer at LEPL Smart Logic
Dynamic policies were useful in the data centers for our clients. They were making some changes to the networks and moving virtual machines from one site to another. With dynamic policies, we could do that easily.
View full review »AA
Ahasan Ahmed
Deputy Manager at Star Tech Engineering Ltd
The automated policy application and enforcement have freed up time for us, on the order of 30 percent.
Also if one Cisco antivirus implementation is the subject of an attack, all other Cisco implementations get that information rapidly, in real time. All the other firewalls are in sync when it comes to malware attacks, through the update of the database. That is good.
The visibility it provides into threats is good. Every day we find lots of malware attacks targeting our network, but they don't get through to the network.
View full review »VG
Vipin Garg
Co-Founder at Multitechservers
After implementing tools, including Cisco ASA, unauthorized access comes down a lot. We are not facing asset issues as of now. We are not facing an issue related to malicious traffic or any bad activity in our network.
View full review »FL
FranciscoLopez
Team leader at J.B. Hunt Transport Services, Inc.
This product has increased the visibility in our network.
View full review »MD
NSA0898776
Network & Security Administrator at Diamond Bank Plc
The biggest improvement has been in the internet features. We have been asked to prohibit internet access for all users except the bank services division and that is improved.
For AMP features, we use Cisco ASA to track traffic in inbound and outbound patterns, so we can set expectations for network traffic. I also used the exception for encrypted traffic.
One problem: Before installing encrypted traffic, I had to decrypt it first. Before setting it back, I encrypt it again. That's just the way Cisco ASA functions.
View full review »MF
reviewer2109264
Network Engineer at a financial services firm with 10,001+ employees
It has helped in securing our infrastructure from end to end so that we can detect and remediate threats. There is another office in my company that does threat detection, but it has been helpful.
It hasn't freed up any time. We still have to manage the firewall. It's something we have to do.
View full review »BB
reviewer1895535
Network Engineer at a university with 1,001-5,000 employees
The solution has really enabled us to ensure our university is secure.
Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.
View full review »AS
Ashraf-Sadek
CSD Manager at BTC
The solution enhances the performance of the network. It blocks most of the threats and it updates attack signatures so it protects customer data better. The loss of data would be a crisis for any customer. With the deep inspection and analysis and the threat updates, it gives you more protection and safety.
Our clients use automated policy application and enforcement. For example, when you have a very big deployment or a bank needs to deploy more branches, this saves a lot of time when doing the implementation. Similarly, when you add more users or you add more devices, when you create a profile of the policies, they will be available in a matter of minutes, regardless of the number of branches or users or applications. It reduces the time involved in that by 75 percent.
JM
Jonathan Muwanga
Head of Information Communication Technology at National Building Society
The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The VPN is also helpful.
YP
YoungHoon Park
Principal Network Security Manager at a tech vendor with 10,001+ employees
Firepower has reduced our firewall operational costs by about 25 percent.
View full review »DC
Dave Cooper
Network Engineer at CoVantage Credit Union
It's hard to judge how much time it saves our organization because it's doing things you don't realize. For example, when it's blocking web advertisements, when it's blocking phishing, when it's blocking geolocation, the time it saves is because of the things you might have had to deal with that, now, you don't. Any time we have some kind of internet-related event, it's definitely going to take us hours worth of time. We have to do an investigation, we have to report on it, we have to write something up. By protecting our environment it probably saves our security analysts a fair number of hours during the week.
View full review »Since the 5512-x is software license based, there is no need to purchase additional hardware to enable much needed features.
View full review »JC
reviewer2146902
Engineer at a tech services company with 501-1,000 employees
We only work with Cisco products. We have been working with Cisco products for many years. In that way, we save time and we don't want to change to other vendors.
SV
Sivakumar Vamadeva
Network Support Engineer at a manufacturing company with 51-200 employees
We are using the Firepower Management Center (FMS) and the management capabilities are okay. I would not say that they are good. The current version is okay but the earlier versions had many issues. The deployment also takes a long time. It takes us hours and in some cases, it took us days. The latest version 6.6.1, is okay and the deployment was quick.
I have tried to compare application visibility and control against Fortinet FortiGate, but so far, I don't see much difference. As I try to determine what is good and what is bad, I am seeking third-party opinions.
View full review »GD
reviewer1884966
Cybersecurity Architect at a financial services firm with 5,001-10,000 employees
Cybersecurity resilience has helped us be able to react and respond in a quick fashion to anything that may be happening or any anomalies within the environment.
The solution has provided us a sense of security, reliability, and trustworthiness.
View full review »BL
Bryan Litaker
Enterprise Architect at a tech services company with 51-200 employees
We don't have to worry about when something goes down. Instead of saying, "Oh my gosh, this went down and now we have a gap here," it has automatic failovers and built-in redundancy. So, it says, "I don't have a gap anymore." This is one less thing to worry about, which was a big benefit for me. If our security group comes back, and says, "Hey, this is down." Then, it is like, "Yeah, we got it covered."
Our security groups are always very adamant that things stay up. If something went down, they say, "Why did it go down? How do we prevent it?" Since resiliency is already built-in on its initial design, we don't have to go back in every time, and say, "Here, this is what we did. This is why it was done like this." Instead, it is just, "Yes, they blessed it, and it's approved," and we don't have to go back and keep reinventing the wheel every time.
View full review »It helps protect my servers from hackers.
View full review »It provides visibility and information to the organization about what is being accessed on the Internet as well as the applications that it is protecting.
It is part of our security strategy.
View full review »WS
Win Sein
IT Consultant at Hostlink IT Solutions
It made our customer's network more secure. They also have customers outside the office, and they are able to use the remote VPN feature to log in securely.
View full review »Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.
MG
Seniorntwrk56
Senior Network Administrator at a construction company with 1,001-5,000 employees
The solution allows you to be more agile and react faster.
View full review »ME
reviewer1895547
Director of network engineering
Cisco ASA Firewall has improved our organization by allowing connectivity to the outside world and into different places.
Cybersecurity resilience is very important to our organization. There are always threats from the outside, and the firewall is the first line of defense in protecting the network.
View full review »DJ
reviewer1895523
Network Systems Manager at a computer software company with 5,001-10,000 employees
It has
- allowed people to work from home when they otherwise couldn't
- improved response times when there are fires that need to be put out when people are not onsite.
MS
reviewer1627155
Senior Systems Engineer at a tech services company with 201-500 employees
It helps in protecting against threats from outside and within our data center. With the enhancement in the newest version 7.0, visibility is where we always wanted it to be. The introduction of the Unified Events feature really helps us out daily.
It enables us to implement dynamic policies for dynamic environments. With the recently added Dynamic Attributes feature, we are able to create more dynamic and fast-changing policies. In our data center, workloads tend to go up and down very quickly, and that's why dynamic policies are important. Because the workloads in our data center are fast-moving, we need to be able to change our firewall policy accordingly and quickly. That's what makes it a very important feature for us.
Snort 3 IPS allows us to maintain performance while running more rules. Our performance has
definitely increased after migrating to Snort 3. Rules are easier to implement. We also like the underlying antivirus advancements that they made with the new architecture, which increases its benefit for us.
HP
Henry Pan
Technical Consulting Manager at a consultancy with 10,001+ employees
Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.
View full review »MM
reviewer2099559
Founder CCIE
Cisco Secure Firewall helped add to my organization's value. It is a selling product for us here. They have great support and documentation, which makes the solution easy to sell to customers. The Cisco name has a lot of value and high brand awareness.
We are selected partners now but are looking to grow to become a primary partner for Egypt.
Cisco Secure Firewall definitely saved us time. However, security is never 100% with any product, even Cisco. So, you will have to spend some time securing your IT regardless of which solution you use.
I would say that it helped my company cut time by 50%.
The solution cautions us against threats via email notifications and internally in the web interface of the product itself on the dashboard.
View full review »MH
reviewer1895598
Security architect at a computer software company with 51-200 employees
This solution is very flexible and offers different functionality including firewalls and VPN connectivity. It checks a lot of boxes. It is an easy solution to learn how to use and the positive impact on our organization was apparent as soon as we implemented it.
PS
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees
We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.
View full review »TG
reviewer1217634
Lead Network Administrator at a financial services firm with 201-500 employees
Today I was able to quickly identify that SSH was being blocked from one server to another, and that was impacting our ability to back up that particular server, because it uses SFTP to back up. I saw that it was blocking rule 22, and one of the things I was able to do very quickly was to take an existing application rule that says 22, or SSH, is allowed. I copied that rule, pasted it into the ruleset and edited it so that it applied to the new IPs — the new to and from. I was able to analyze, diagnose, and deploy the fix in about five minutes.
That illustrates the ability to utilize the product as a single pane of glass. I did the troubleshooting, the figuring out why it was a problem, and the fix, all from the same console. In the past, that would have been a combination of changes that I would have had to make both on the ASDM side of things, using ASDM to manage the ASA rules, as well as having to allow them in the FMC and to the FirePOWER.
Overall, as a result of the solution, our company's security posture is a lot better now.
View full review »NC
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though.
View full review »Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
View full review »FV
Fredy Velazquez
Admin Network Engineer at Grupo xcaret
It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.
View full review »BW
reviewer1882773
Network analysis at a government with 1,001-5,000 employees
Cisco Firepower NGFW Firewall made our firewall response much faster when trying to respond to any services or networks that stand out. It makes us very responsive when any of the visualized logs are blocked in real-time.
View full review »SA
reviewer1208142
Senior Network Engineer at a consultancy with 1,001-5,000 employees
It has helped us to solve some problems regarding auditor recommendations. We used to have some audit recommendations that we were not able to comply with. With FTD deployed we have been able to be in compliance around our 36 remote sites.
Before deploying them we had a lot of incidents of internet slowness and issues with site access, as well as computers that had vulnerabilities. But as soon as we deployed them we were able to track these things. It has helped the user-experience regarding connectivity and security.
In addition, it is giving us a better view regarding the traffic profile and traffic path. And we can categorize applications by utilization, by users, etc.
The solution has, overall, made us twice as productive and, in terms of response time for resolving issues or to identify root causes, we are three times more effective and efficient.
View full review »Cisco ASA NGFW has improved our organization by providing more internet protection. Also, for the end user, it provides easy access from outside for users accessing the site.
View full review »NH
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.
View full review »RM
Rauf Mahmudlu
Network Engineer at a tech services company with 51-200 employees
Initially, it was good. At the time we bought it, usually, IPS was in a different solution, and the firewall was in a different solution. You had to kind of correlate between the events to find the attacks or unwanted behavior in the network, but it had everything in a kind of single platform. So, the integration was great.
Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. Cisco ASA was able to handle a lot of traffic or concurrent connections at that time. We had almost 5 million per week. We didn't have to worry about it not having enough memory and stuff like that. It was a powerful machine.
PW
reviewer1500255
Senior Network And Security Engineer at a pharma/biotech company with 201-500 employees
We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.
For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.
WB
reviewer1084986
Network Engineer at a comms service provider with 1,001-5,000 employees
Cisco ASA serves a purpose more than it improves us. It is good at what it does. We are using other vendors and splitting the traffic to different devices based on what they do best. Even though we use other products the trend at our company is that we will increase the traffic through Cisco ASA.
MT
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.
View full review »HJ
Hassan Javaid
Senior Executive Technical Support at AITSL
We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area, where they cannot directly connect onto the Internet.
NP
Nadika Perera
CEO at Synergy IT
We can create a profile and we can give them access depending on the access level they need to be on. All the way from level one to level 16. I just create the user and from the dropdown, I select what access level they need to be on and that's it. I don't need to go individually to each and every account and do the configuration.
View full review »I can tell that when we have started using the Cisco AnyConnect for remote access to business apps it makes the work for remote staff much simpler. It's also easier to provide remote IT support. Aside from this, the security officers can sleep better now.
View full review »GS
Germain Safari
Information Security and Compliance Manager at RSwitch
It's easy now because we have many Cisco devices in a central point. We don't need to log in to each device and apply rules to them. We can do it from the management control and apply them to the specific firewalls that we want to apply them to.
In addition, compared to our previous firewall solution, the security is much better. Through our monitoring, we now see all the information that we require on security, in terms of PCI. We can see exactly what is happening in our environment. We know what is going, what is going in and out. If an incident happens, it provides a notification so that we can do an analysis.
View full review »DS
NGFW677
IT Specialist at a government with 1,001-5,000 employees
Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.
View full review »AA
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem.
Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.
It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.
View full review »MG
Munish Gupta
Partner - Consulting & Advisory at Wipro Technologies
From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.
View full review »HC
Hector Carmenates
Information Technologies Consultant at a tech services company
It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).
View full review »JM
JuanMartinez1
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.
Do not do cluster to add more bandwidth.
FT
Frank Theilen
IT Adviser/Manager with 51-200 employees
The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.
If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.
But if you want to know what the ASA5520 can do to secure our network:
Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.
It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these features, we now only need the ASAs with the additional licensing. So now, it is more a matter of license management over hardware and licensing management.
View full review »LA
reviewer1895511
Lead Network Engineer
They secure the network and ensure our network is always available.
View full review »JJ
reviewer1662657
Network Engineer at a computer software company with 51-200 employees
I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.
Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.
View full review »CB
Cesar Beut
Networking Specialist at a healthcare company with 1,001-5,000 employees
We have border security with Firepower. We try to curb security issues by using this Firepower firewall.
View full review »SA
Sikander Ali
IT Infrastructure Engineer at Atlas Group
It meets my requirements regarding VPN, perimeter protection, and applications. I'm comfortable with what Firepower does for me. Firepower is the only security product deployed in my organization.
The Talos team is very expert and does a good job. It is a great achievement by Cisco for Firepower. It analyzes all the websites and viruses that could create vulnerabilities. Talos helps us by providing major protection. They maintain everything and we don't need any other security appliances. In the future, we may go for an email security appliance, but right now Firepower is enough for us. Without the Talos team, the Firepower might not fulfill our requirements.
For example, if I receive an email and it has a potentially malicious link, I can enter the link in the Talos website and it will provide me with all the details about the website link in the email, including which country and IP it is from. I always try to cross-check any potentially malicious links with Talos. It tells me whether I am vulnerable or not.
View full review »DC
reviewer1135638
Senior Network Administrator at a financial services firm with 1,001-5,000 employees
Our organization has been improved by the solution because we can be assured that the firewall is secure. It gives us more flexibility to monitor other things. Because we have safe firewalls, we don't have to worry about that and can direct resources elsewhere. If our internet goes down in one location we can bring it back up pretty easily.
View full review »FF
Farhad Foladi
Cloud Services Operation Engineer at Informatic Services Company (ISC)
Cisco ASAv is part of our central solution. You can use the ASA family or go on the portal for normal ASAv. We use FirePower at the edge of the network.
If you are working with cloud services, it's better to use the ASAv family or other Cisco solutions.
View full review »PR
PATRIK ROSENDAHL
Information Systems Manager at a non-profit with 1-10 employees
Because of the deeper inspection it provides we have better security and sections that allow users broader access.
View full review »PD
ITmgr302604
IT Manager at a construction company with 11-50 employees
I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.
View full review »This product has made visible some areas that were previously hidden.
View full review »SA
Syed Khalid Ali
Senior Solution Architect at a tech services company with 51-200 employees
I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product.
I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution.
RO
reviewer1007166
CEO at a security firm with 1-10 employees
We had a situation where our network was down and the telecom providers at Cisco support helped us to resolve those issues. The downtime was brought down to a minimum.
View full review »CS
Cristian Serban
Network Engineer at a financial services firm with 5,001-10,000 employees
It's a reliable solution and a stable firewall. It helps us to manage the security policies in different areas of our network.
View full review »RM
ramesh1923
Technical Specialist with 5,001-10,000 employees
The throughput and reliability of the product improve the network stability of our organization.
View full review »The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.
View full review »It gave us more organized DMZs and logical segments.
View full review »It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.
View full review »KB
Kiarash Barzoodeh
Senior Network Designer at ODI
You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication:
- Users login just one time
- You can control all user access to the internet, data center resources, and across the network.
Cisco Context gave us the feature of creating a virtual firewall, which is good. It provides us with maximum network isolation. Also impressive is the ISP redundancy.
View full review »MA
Mustafa Ahmed
Network Security Engineer at qicard
The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.
View full review »CS
reviewer818484
Information Security Manager at a financial services firm with 501-1,000 employees
Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.
View full review »IY
Iz
Assistant Manager (Infrastructure) at SISTIC
It has improved the security posture and visibility of our traffic. It has been proven very reliable on the hardware finishing and network portion. Since Cisco have been very experience in networking.
View full review »SC
Simon Chaba
ICT Manager at a aerospace/defense firm
It's pretty easy to connect between different branches using site to site VPN.
View full review »I have customers that have migrated from Cisco ASA to Cisco Firepower. They have benefited from the change because they have much more visibility into the network. An ASA is often used as a Layer 3 to 4 firewall. We allow networks and ports. But a Firepower firewall has the default intrusion prevention engine, so you can allow it to https on port 443, but it can also look into the packet, with deep packet inspection, and see if there is malicious code that is trying to be pushed into your system. It's a much more secure product than just having a Layer 3 to 4 firewall. It is a Layer 3 to 7 firewall.
We also use Cisco Talos, and when we configure a Firepower, we set the automatic update to get the latest vulnerabilities and databases, Snort rules, geolocation database, and security intelligence from Talos. Our customers aren't benefiting directly from Cisco Talos, but they are benefiting from having a product like Firepower that has connections to Talos.
The dynamic access policy functionality, and the fact that in Firepower 7.0 the feature has one-to-backward compatibility with the Cisco ASA Firewall, is a game-changer. Our customers have begun to transition from Cisco ASA to Cisco Firepower and because they get this capability, there are more and more VPN features. And when they shift from ASA to Firepower, they go from Layer 3 to Layer 7 visibility, instead of only going from Layer 3 to 4. They gain through the visibility they get from a next-generation firewall. They get more visibility and a more secure solution.
IA
Imad Awwad
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Cisco NGFW had the needs that were required by us but unfortunately, was very primitive.
There was no added value and every feature requires license thus extra HIDDEN cost despite a large number of renewals. Paying that much compared to what other vendors can give is out of the negotiation. For this reason we dropped it.
View full review »MA
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
Data protection is a big benefit we see from this solution. It protects our customers, our customer's accounts, and money, as we are one of the biggest banks in Egypt and the Middle East.
View full review »GZ
Gerald Zauner
Data Center Architect at Fronius International
We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago.
View full review »EE
Seniodascie9887
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions.
We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack.
View full review »BY
BURAK YESILDERYA
IT System Administrator at PFW HAVACILIK
Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.
View full review »SC
Sergei Chernooki
IT SecOps Manager at a computer software company with 1,001-5,000 employees
With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.
View full review »AK
Alexander Kostov
Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
It gave us a more secure environment and a lot of flexibility to the business.
View full review »GS
Georges Samaha
Security Consultant at a tech services company with 501-1,000 employees
The application and user-visibility and control, along with very powerful IPS and malware protection, enables our clients to secure their data centers and internet perimeter in a much better way. It provides them with traffic visibility and reporting as well.
The main advantage is when you put it between users and servers internally or between different VLANs in the network. You have full visibility over the traffic, over all the internal applications. Usually, there's a lot of traffic that is not very clear and no one knows what is on their network. So, once deploy it internally, you have full visibility over the internal traffic, who's accessing what, which protocol. It can directly detect all kinds of malicious traffic, traffic that abuses bandwidth.
It makes different kinds of internal behavior that is useful to a network admin. And for security of course: Any kind of file infection, any kind of internal scanning, internal attacks; it gives you full visibility.
Finally, you have communication of VLANs, internally, in the network, of course. So you have a granular access control based on user and application, instead of IP and port as you would have with a traditional firewall.
View full review »It makes it very easy to have delineated roles and responsibilities between network engineering and network security.
I've worked with customers that have dealt with malware issues in the past and preventing its spread laterally within the environment has always been a concern. With SourceFire, we've been able to detect malicious files and stop them at the network edge before internal systems are compromised. Leveraging AMP in addition to FireAMP, which is the endpoint malware solution, is incredibly effective at blocking malware at the host level.The other good news is FireAMP can be leveraged along side traditional endpoint anti-virus software. The Defense Center also provides visibility into how malware is moving within the environment so tracking down infected machines becomes much easier for IT staff.
View full review »OB
reviewer1323300
Principal Network Engineer at a manufacturing company with 501-1,000 employees
At this point, my client is looking for their next solution so something may not be working.
View full review »TR
reviewer1010625
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.
View full review »LX
reviewer1348176
Network Specialist at a financial services firm with 501-1,000 employees
Automated policies definitely save us time. I would estimate on the order of two hours per day.
View full review »GV
Girish Vyas
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
My client company is Cisco Oriented. They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. That is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.
View full review »SO
Reviewer83902
Network Administrator at Modern Woodmen of America
Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had.
View full review »Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.
View full review »AM
Azar Mammadli
IT Operation Manager
It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.
View full review »AL
Alberto E. Luna Rodriguez
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.
View full review »SI
NwkSysAdmin564
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.
View full review »YS
sentwrkpres56
Senior Network Support & Presales Engineer at a computer software company with 51-200 employees
A lot of companies have a lot of vulnerabilities and lots of exploitations that are going inside their network that the IT staff are not aware of. You actually need a security device like a next-generation firewall to protect your network.
Once we installed the Firepower system, we started looking at the evidence, and we found a lot of exploitations and a lot of bad things that are in the network. These things were invisible to IT, they were unaware of any of them.
View full review »DA
Danut Agache
Computer Networking Consultant and Contractor with 51-200 employees
I have 15 years’ experience with Cisco products and I've had very, very little problems with them. Also, for resolving appeared issues Cisco was a good partner.
Crescendo (www.crescendo.ro) is an IT&C integrator and this product (based on Cisco Partnership) helped us to grow our business, and Cisco ASA was one of most sold product in our solutions portfolio.
SS
NetworkE721d
Network Engineer with 201-500 employees
The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.
View full review »RS
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.
View full review »The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.
View full review »PC
Ntwrksec457
Network Security/Network Management at a educational organization with 201-500 employees
Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.
View full review »VA
Vikram Arsid
Cyber Security Software Engineer at FireEye
Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.
View full review »PP
PetrPetrov
Works at IDF technology
It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.
DH
David Hartt
Senior Vice President at a transportation company with 51-200 employees
It allows the securing of various network segments, based on use.
View full review »We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.
View full review »DS
davidstrom
Owner at David Strom Inc.
Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.
View full review »These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.
View full review »MS
reviewer1905519
Network Architect at a tech vendor with 10,001+ employees
This solution made our organization more secure and gave us better control.
View full review »WS
Wahid Selman
ICT Department Manager at ACC
The Cisco NGFW is an excellent fit for purpose for our network security.
BD
Solution7499
Solutions Architect at a manufacturing company with 10,001+ employees
Firewalls are difficult, and this solution gives us outside access to connect with the customer's network and service them better. It makes us more efficient.
View full review »AA
NetworkO9ae4
Network Operations Center Team Leader at a financial services firm with 10,001+ employees
It just works like an internal firewall. It's an ordinary role of this platform, nothing special.
View full review »JM
JohnMorris
Manager at BSB Cadmin Ltd
Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.
View full review »MK
asstmana149958
Asst.Manager IT at a manufacturing company with 501-1,000 employees
Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.
View full review »It has enhanced the security in every network over time.
View full review »It provides detection of zero day infections through FirePOWER AMP.
View full review »MZ
Marcelo Zamorano
Middle-Tier Admin Integrator at a tech services company with 51-200 employees
Reliability
View full review »With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.
View full review »PS
Phosika Sithisane
Executive Director at ict training and development center
My company is very small just built last year, i now am using cisco asa 5510 for NAT and Port Forward and limit users access directly from internet only via Remote-VPN.
View full review »It has improved my client's trust.
View full review »It works like a firewall for security reasons.
View full review »RS
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
It blocked all kinds of internet attacks from outside like DOS or DDOS and avoided any down time. We created a remote tunnel from head office to data center network for easy access of servers that make working fast and they are easily manageable.
View full review »For many of my customers, the SourceFIRE solution has been an eye opener of exactly what their users are generating of traffic. Some customers, after reviewing the traffic application usage reports are astounded by the amount of traffic used, for example by Facebook and YouTube. My customers like the visibility into their network usage, and not necessarily wanting to block it, but just to know that they can control the network traffic and utilization if needed.
View full review »Context modes as this means there is no need to buy additional firewall for different customers.
View full review »Users can VPN into the network from remote locations. It has given us a very robust and well firewalled LAN, that we use for authentication as well for our core network infrastructure.
View full review »TJ
Tracey Jackson
Senior Network Engineer at Johnson & Wales University
The firepower sensors have been great; they do a good job of dropping unwanted traffic.
View full review »Visibility in the network traffic.
View full review »AM
Azar Mammadli
IT Operation Manager
It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.
View full review »My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.
View full review »- Easy and fast to deploy.
- User-friendly GUI
- REST API offering with rich capabilities which makes the product very robust.
It has improved our access control.
View full review »So far it has proven to be rock solid and relatively easy to maintain.
View full review »Through the use of VPNs, we were able to connect our branches together through the internet without the any additional cost.
View full review »SH
Seang Haing
Team Leader Network Egnieer at deam
Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.
View full review »SA
Sikander Ali
IT Infrastructure Engineer at Atlas Group
My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others.
View full review »It is much better than most of the other firewalls that I have worked with.
View full review »YA
Yasir Al-Musawi
Network Security Specialist at a financial services firm with 501-1,000 employees
Since we have used Firepower firewall, we are facing issues of getting real-time logs, as they are not available with the latest version.
View full review »The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.
View full review »ED
Ed Dallal
Founder, CEO, & President at Krystal Sekurity
Simplified the complexity of our security architecture.
View full review »The packet tracer function, which I use the most, have provided me a packet flow through the firewall and see which rule or policy can cause a drop. Also, I can see if my NAT statement is working properly. This has allowed me to quickly troubleshoot potential firewall related issues for my organization.
View full review »VG
reviewer1395702
Network Security Engineer at a tech services company with 51-200 employees
We always use ASA for integration another companies and branches easily.
View full review »PT
Pablo Torrejon
Support Engineer at a tech services company with 51-200 employees
It gives us all the features that we need.
View full review »TP
Tony Petcou
Business Development Executive at CBI
The firewall and policy side are easy to use.
As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own devices too. For example, we have our firewall, we have a Web security appliance, things like OpenDNS with Umbrella. I think Cisco can cover with all the platforms.
View full review »Connectivity with client Telcos works perfectly way and administration is simple.
View full review »- Easy to setup VPNs
- Firewall ACL
- Easy to modify
- Easy to perform maintenance
In fact there is no relevant improvement, but this is the kind of device that every company must have.
View full review »FK
Fadil Kadrat
Network Engineer at Banque des Mascareignes
Cisco ASA is best suited for our external firewall protection.
View full review »Malicious URLs are being blocked.
It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.
View full review »We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.
View full review »Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.
View full review »It helps us to identify key, persistent threats so we can set policies accordingly.
View full review »We are an educational institute, and we are required to block many websites that are not suitable for students and teachers. Most of the sites, like YouTube uses an https version, thus blocking with IP address was becoming problematic. Moreover, certificate domains for Gmail and YouTube are the same. But the IPS feature in this product helps us to overcome this limitation.
View full review »Remote Access and SSO Authentication.
View full review »Gives flexibility and several deployment options.
It has secured our DMZ.
View full review »We're able to implement best security practices to secure our company data.
View full review »It has increased the security and works best for VPN users.
View full review »The ASA gives us a secure appliance at the perimeter and allows us to provide VPN connectivity to our users. We have the ability to control our VPN users as well as use two-factor authentication if needed (using an outside Radius source).
View full review »Being able to use the multi-context on the firewall to keep costs down.
View full review »
The features are quite powerful, easy to set-up and for ease of use end user too is excellent. Moreover, this has been quite stable since the day we installed them.
View full review »
It’s hard to say because our equipment was EoS.
View full review »We were using Cisco Security Manager (CSM) to control and configure all of our Cisco products. ASA worked very well on the CSM.
View full review »No improvement. My clients have been using this product and moving to other products.
It’s too early to say anything about this, as it’s still under implementation.
View full review »In the early days, before UTM and NGFW, this product was awesome. Cisco tried to add Firepower, but it requires a different management interface and is still too expensive.
View full review »It has taken the pressure off of the IS engineer.
View full review »- Intrusion protection
- We were able to determine when we are being attacked.
- We determine that our inspections were causing latency.
We needed a way to monitor threat protection and not cause latency.
View full review »OC
OscarCastillo
Network Engineer at IT Security
I am a security business of consultant. I deploy this solution for our customers.
View full review »Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.
View full review »It provided more secure access to the resources of my organization and created a more stable environment for the business activities between us and our partners.
View full review »It is reliable, and does the job that it is supposed to be doing.
View full review »- Deployed between users and servers transparently.
- Easy to deploy in a working environment between servers and users.
- Improved security and visibility.
It solved an IPSec issue we had with a customer. We have moved from Linux IPSec to Cisco.
View full review »Secured our network from outside and inside intruders.
View full review »Three years ago we encountered malicious attacks from the internet, most of which were Chinese attackers, so we deployed Cisco ASA to strengthen our network. Since the deployment, we haven't seen the risk we encountered before.
View full review »We could connect data securely from outside the company.
View full review »Not really, as we are a subcontractor we install and configure it for other companies.
View full review »Buyer's Guide
Cisco Secure Firewall
April 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.