Cisco Firepower NGFW Benefits

Lead Network Administrator at a financial services firm with 201-500 employees
Today I was able to quickly identify that SSH was being blocked from one server to another, and that was impacting our ability to back up that particular server, because it uses SFTP to back up. I saw that it was blocking rule 22, and one of the things I was able to do very quickly was to take an existing application rule that says 22, or SSH, is allowed. I copied that rule, pasted it into the ruleset and edited it so that it applied to the new IPs — the new to and from. I was able to analyze, diagnose, and deploy the fix in about five minutes. That illustrates the ability to utilize the product as a single pane of glass. I did the troubleshooting, the figuring out why it was a problem, and the fix, all from the same console. In the past, that would have been a combination of changes that I would have had to make both on the ASDM side of things, using ASDM to manage the ASA rules, as well as having to allow them in the FMC and to the FirePOWER. Overall, as a result of the solution, our company's security posture is a lot better now. View full review »
Network Administration Lead at Forest County Potawatomi Community
We definitely feel that we're more secure now than we have been in the past. That goes back to those Zero-day vulnerabilities. An example would be some of the vulnerabilities with Adobe TIF files that were recognized. We run a document management system that wrote the extra, tailing zeros onto all the TIF files, and that was highly exploitable. The Cisco firewalls were able to catch that on the files traveling across our network and highlight it. Those are issues that, without the firewalls actually seeing the north-south traffic in our network, we just didn't have visibility into before. We were running blind and didn't even realize that we were vulnerable in those ways. Cisco NGFW has excellent visibility through the constructs it has. New vulnerabilities come out and we have hit those multiple times thanks to their solution. We come in on a Monday and, all of a sudden, an application that was working on Friday isn't working. That's because a major vulnerability came out over the weekend. The firewalls, and being able to use the dashboards through FireSIGHT management, provide very good visibility into what's actually going on and why different items on the network are happening. Overall, I would say the visibility is very good. In addition, among our multiple vendors for firewalls, etc., Cisco Talos really distinguishes Cisco from the Palo Altos and the Barracudas of the world. The work that they do to identify Zero-days and new threats out there, and then document all of that, is invaluable to our organization. I can't say enough about Cisco Talos. View full review »
IT Infrastructure Specialist at RANDON S.A
Overall, I would summarize Firepower NGFW's effect on our company's security position by saying that, until now, we haven't had any major security incidents. The investment we made, and the investment we are still making in that platform, have worked because they are protecting us from any risks we are exposed to, having all these remote sites and using the internet as the way to connect those sites. They are doing what they promised and they are doing what we paid for. View full review »
Learn what your peers think about Cisco Firepower NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
419,794 professionals have used our research since 2012.
Dave Cooper
Network Engineer at CoVantage Credit Union
It's hard to judge how much time it saves our organization because it's doing things you don't realize. For example, when it's blocking web advertisements, when it's blocking phishing, when it's blocking geolocation, the time it saves is because of the things you might have had to deal with that, now, you don't. Any time we have some kind of internet-related event, it's definitely going to take us hours worth of time. We have to do an investigation, we have to report on it, we have to write something up. By protecting our environment it probably saves our security analysts a fair number of hours during the week. View full review »
Security Architect
When you put FTD between your internet and network units, you can get valuable insights about your encrypted traffic on the web, DNS traffic, and the like. It gives us statistics up to Layer 7. Although I can't go into the details, the way the solution has helped our organization is more on the root-cause side when there is an incident, because we get very detailed information. FTD's ability to provide visibility into threats is very good, if the traffic is clear. Like most companies, we have the issue that there is more and more encrypted traffic. That's why we use Stealthwatch instead, because we can get more information about encrypted traffic. But FTD is pretty good. It gives us a lot of details. We put them in in-line and in blocking mode and they have stopped some weird things automatically. They help save time every day. We have 150,000 people all over the world, and there are times when computers get infected. It helps save time because those infections don't propagate over the network. The fact that we can centrally manage clients for our IPS, and that we can reuse what we type for one IPS or one firewall, makes it easy to expand that to multiple sites and multiple devices. Overall, it has been a great improvement. View full review »
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
I have a two-part business. First, we provide solution services as a vendor for multiple customers working as a consulting firm. I'm providing multiple customers with support on-premises for Cisco products right now. We are not able to use these products internally in our company. The second part of the business is my status or core business which is basically operating as a software solution provider. I have personally engineered these Cisco firewall solutions for clients. When we implemented it, it was easy. We have to maintain high-end abilities in order to ensure the availability of high-end support for the clients. I generally have to look at everything. Later on, we were able to upgrade the Cisco Firepower NGFW easily. We were able to connect from the beginning to implement the complete number of files in the system. View full review »
Girish Vyas
Architect - Cloud Serviced at NTT Global Networks
My client company is Cisco Oriented. They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. That is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities. View full review »
Henry Pan
Technical Consulting Manager at a consultancy with 10,001+ employees
Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality. View full review »
Senior Network Support & Presales Engineer at a tech services company with 51-200 employees
A lot of companies have a lot of vulnerabilities and lots of exploitations that are going inside their network that the IT staff are not aware of. You actually need a security device like a next-generation firewall to protect your network. Once we installed the Firepower system, we started looking at the evidence, and we found a lot of exploitations and a lot of bad things that are in the network. These things were invisible to IT, they were unaware of any of them. View full review »
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions. We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack. View full review »
IT Specialist at a consultancy with 1,001-5,000 employees
It has helped us to solve some problems regarding auditor recommendations. We used to have some audit recommendations that we were not able to comply with. With FTD deployed we have been able to be in compliance around our 36 remote sites. Before deploying them we had a lot of incidents of internet slowness and issues with site access, as well as computers that had vulnerabilities. But as soon as we deployed them we were able to track these things. It has helped the user-experience regarding connectivity and security. In addition, it is giving us a better view regarding the traffic profile and traffic path. And we can categorize applications by utilization, by users, etc. The solution has, overall, made us twice as productive and, in terms of response time for resolving issues or to identify root causes, we are three times more effective and efficient. View full review »
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though. View full review »
Syed Khalid Ali
Senior Solution Architect at a tech services company with 51-200 employees
I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product. I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution. View full review »
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem. View full review »
Information Systems Manager at a non-profit with 1-10 employees
Because of the deeper inspection it provides we have better security and sections that allow users broader access. View full review »
Assistant Manager (Infrastructure) at SISTIC
It has improved the security posture and visibility of our traffic. It has been proven very reliable on the hardware finishing and network portion. Since Cisco have been very experience in networking. View full review »
Asst.Manager IT at a manufacturing company with 501-1,000 employees
Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure. View full review »
Gerald Zauner
Data Center Architect at Fronius International
We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago. View full review »
Pablo Torrejon
Support Engineer at a tech services company with 51-200 employees
It gives us all the features that we need. View full review »
Network Engineer at IT Security
I am a security business of consultant. I deploy this solution for our customers. View full review »
Learn what your peers think about Cisco Firepower NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
419,794 professionals have used our research since 2012.