Cisco NGIPS Reviews

We have a Cisco ASA firewall, which is like a standard firewall. We upgraded to Firepower Threat Defense, and it is like a next-generation capability, like NGIPS and NGAV, and has that kind of functionality. It also improves network security and threat defence.

It has helped to improve our cybersecurity and our network security posture.

The FTD has a GUI interface, which is very easy to work around with all the configurations. It is a client-based software based on Java. Now we have the GUI web interface, and it's very interactive and easy to navigate.

Cisco NGIPS runs the backend as a Snort engine, so it is like they customize it with Cisco. So they need to have an engine for threat defence.

We have been using this solution for two years and are using version 9.6. It is deployed on-premises.

It is a stable solution.

It is scalable. NGIPS is based on our user base, so we have around 2000 users. We require two network and security administrators for deployment and maintenance. We do not plan to increase usage because we have already upgraded.

I rate the technical support a ten out of ten.

Positive

We updated from Cisco ASA to NGIPS FTD.

The initial setup is a bit complex because it requires a lot of configuration, firewall and zoning. The deployment was done in-house. We just purchased a box and installed it on our own.

We have seen a return on investment in improving security and defending the threats in our network.

I do not have details about the licensing costs. It has a user-based license and a different model license because it is modular software.

I rate this solution an eight out of ten. From a recommendation perspective, before deploying the NGIPS solution, you need to work with your internal environment. It can minimize the load on the NGIPS, so you should do your IPS signature before moving to production.

It should have a network and content processor and a security process for additional features. Other OEMs have these capabilities to enhance the throughput and performance.

We use it at the end and the center as the core and apply a lot of policies to the firewall.

Using Cisco Firepower has helped us.

We like the Cisco product, the concept, and the tech intelligence. We are much more comfortable with Cisco products. It's a reputable organization, and we trust the products.

The next Cisco NGIPS release should include more features for production ideas and more intelligence for IDS and IPS features.

We have been using this solution for two years. 

We initially had some difficulty loading pages due to certain rules regarding performance and stability. On some websites, we had to click more than once. These issues were quite easy to fix.

Regarding scalability, the solution is not that good.

They're nice people. We don't have any issues with them. They are quick to respond, but sometimes it takes time to solve the issues.

Positive

We previously used Check Point and Cyberoam. We switched because the license expired.

We initially had some difficulties, but now we have no problems.

A Cisco vendor in Nepal helped us configure the product properly. We didn't have a strategy. The vendors supported us from the very beginning. After working with them, we had no problem using the product.

It took almost a month and a half to install the system.

I would rate our ROI as eight out of 10, with 10 being the highest ROI.

Cisco NGIPS licensing is yearly. 

I would rate the pricing four out of 10, one being very expensive and 10 very cheap. 

I would give Cisco NGIPS an overall rating of eight out of 10, 10 being the best.

We have a department of almost 50 people in our company using Cisco NGIPS. 

We have 10 people to maintain the product.

We want to cover all the systems and networks of our organization. 

The Cisco NGIPS and IGS are used as network firewalls for IPS and IGS protection. I have both the Cisco Firepower and Cisco Meraki solutions in different customers' locations. They have the capability of the NGIPS built into it. We have different customers that they are using it. For example, on Edge, data centers, and campus networks.

Among all the different solutions I have worked with, such as Palo Alto many other firewalls. Cisco has the support, documentation, and design. The documentation is widely available and it can help you a lot with implementation. It makes the implementation much easier.

What I don't like about Cisco recently is they keep changing the names, which makes it hard for customers and sometimes even us as engineers to know what is the solution they are speaking about. For example, with AMP, now they call it Secure Endpoint and I don't know if in the next couple of years they're going to change it to something else. They should keep the names the same.

I have been using Cisco NGIPS for approximately 10 years.

Cisco NGIPS is stable, however, it is nothing special.

The scalability of Cisco NGIPS I am not too familiar with. The solution can do clustering and other operations. With the Orchestrator, I haven't worked with it yet but I hope that will help to make standard policies all run better. The most important part about scalability is how do you want to apply the same policy all around and across the different locations that you have. This is something that is not easy with any firewall unless you have a Secure Orchestrator. I don't see any issues with the scalability at this time.

The support from Cisco NGIPS is very good.

I have used many other solutions, such as Palo Alto.

I would rate the price of Cisco NGIPS a three out of five.

They are very expensive in some places and not reasonable at times for many customers. I have had customers choose another solution because of the high price.

When speaking about the features of Cisco NGIPS, what makes the feature good is dependent on what the customer likes and the skillset that they have. I cannot say what is the best feature because it depends on the use case.

There are times I see customers spend a lot of money on something which they really don't use. Whether this solution is good or not depends on what exactly the customer wants to implement and protect. They should pick the right solution with the skillset that they have.

I rate Cisco NGIPS nine out of ten.

The thing about this solution that I like the most is that it's intuitive. The other features I like are the good support chain and ease of use.

My opinion is that this solution should improve the pricing.

I have been using this solution for about two years.

I would rate the technical support of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

I would rate the pricing of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.

I am currently working with Cisco NGIPS at home as an IPS device, so I can see what's hitting the firewall and look at the logs. I'm using it as a learning environment. 

The IPS functionality is useful if you have offices all over the place. It's nice to have centralized management instead of going to a separate ASA or FirePOWER device. 

The biggest problem with most Cisco products is that the interface is lagging behind the competition. The user interface could be updated and improved.

Cisco NGIPS is stable. 

Cisco NGIPS is highly scalable. We use it to cover 15 offices.

It requires some background in IPS and IT security to fully understand it, so it is somewhat complex to deploy.

I rate Cisco NGIPS eight out of 10. 

It detects attacks from malicious intrusions and malicious activity before they happen.

This solution has helped improve productivity and detect attacks before they happen.

Signature rules from the Snort community around the world.

• I would like to see better integration with SIEMs. 
• Better rule building using other tools, like LuaH and Python.
• Better performance.
• Better intelligence gathering in domains, the main URLs, and endpoint solutions.

It's very reliable. We really like the product and will be staying with the product a while.

At this point in time, it's making it a little bit difficult to scale due to the company, as the vendor is making some changes. We are waiting to see if the product is scalable or not. 

Rating the technical support from one to five (where five is high), I would rate them as a two. I find them to be very bad.

This was originally a Snort product, which was open source. So, there is a community for it worldwide.

We used ISS from IBM in the past, but it was causing many issues and was dropping packets. It was not an ideal solution, so we moved to Sourcefire FirePower NGIPS.

The initial setup is easy because I am very familiar with the product.

We buy the licensing on a yearly basis, when we renew our contract. It is around $14,000.

McAfee and Palo Alto were on our shortlist.

The product is a ten because it is the only product in the market like this.

Customers who are trying to replace their internal firewall with good visibility at the application-level content level use Cisco NGIPS. It has the ability to do packet inspection and the customer can check their users while they're searching the web and going to different websites. Cisco NGIPS has the ability to connect to your firewall with advanced intrusion prevention.  

The most valuable feature of Cisco NGIPS is the centralized user interface. You have the ability to quickly push out configurations across your environment using the Cisco UI. It's a powerful capability of that solution.

Cisco NGIPS could improve its ability to do SSL inspections. Sometimes the ability to do SSL inspection is not scalable and you might not be able to get the installment required if you don't size the right hardware.

I have been using Cisco NGIPS for approximately five years.

Cisco NGIPS is stable, but I there is more that can be done.

Cisco is particularly strong when it comes to firewalls and the IPS, IBS, or next-generation firewalls. When I was working as a system architect we went from Cisco to Palo Alto or Fortinet. I don't know if they've made some recent improvements or maybe it's in the roadmap, but I would say there's still room for improvement with Cisco security appliances.

Cisco NGIPS is scalable. However, the cost to the customer is always high, because it's still a hardware base. After the resource cycle of three or five years, you have to replace them. From that perspective, they are not the greatest solution out there.

Our networking team of approximately 50 people that are mostly using this solution in my organization.

The support from Cisco NGIPS is good.

The initial setup of Cisco NGIPS is of a medium difficulty level.

My advice to others is they should look into other vendors and cloud-based solutions. Solutions that don't require you to refresh and get hardware, because nowadays there are new problems for hardware. It's getting more difficult, try to get a more software-based, cloud-centric model solution.

I rate Cisco NGIPS a six out of ten.

In my company, the solution is used as a platform for cybersecurity. The product offers protection from malware. In general, the solution offers protection to our company's internal network.

The product's benefits experienced by the company stem from the fact that the solution provides keep abilities that help users see what is happening in their network. The solution also provides alerts.

My company does not use the URL filtering capabilities offered by Cisco NGIPS. My company prefers to use the URL filtering feature offered by a brand other than Cisco since other tools provide an easier way to use the functionality.

I wanted to look into the other products offered in the market because Cisco NGIPS is expensive. The product's high price is an area of concern where improvements are required.

I have been using Cisco NGIPS for eight years. My company has a partnership with Cisco. I am also a user of the product. My company operates as a reseller of Cisco products.

I don't remember seeing any crashes when using the solution. The product has been very stable in our company.

The scalability offered by the product is fine. My company has not faced any problems with the scalability feature. The solution is deployed in three of our company's data centers.

The first call that I had with the product's technical team was not good since it took time to provide an explanation to get the right engineer to help us with our problems. Once the user gets connected with the right engineer, the support offered is very good.

I rate the technical support a seven out of ten.

Neutral

I have experience with Fortinet. I don't remember the name of one of the solutions that I had used in the past.

The product's initial setup phase was easy.

I rate the product's initial setup phase a nine on a scale of one to ten, where one means a difficult process, and ten means that it is an easy process.

The solution is deployed on an on-premises model.

The solution can be deployed in a couple of weeks. We take care of the testing phase in our company before installing the solution only when the signatures are updated in our environment, which takes around a time frame of less than two weeks.

Around three or four engineers take care of the product's installation phase.

My company purchases professional services from Cisco's partner to take care of the installation phase.

Cisco NGIPS is an expensive product.

I have compared Fortinet FortiGate IPS against Cisco NGIPS.

With Cisco NGIPS, the rate of false positives is very low.

I would tell those who plan to use Cisco NGIPS that it is a good solution, but if they have budget constraints, they should explore the other brands in the market.

I rate the tool an eight out of ten.