Cisco NGIPS Room for Improvement
Manager IT Security at UnitedHealth Group
It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own. It learns patterns, learns what good traffic looks like then is able to stop bad traffic, not just based on behavior but based on every other thing. I think other next-generation IPS solutions are turning towards integration of ML and AI. I need machine learning and the ability to share intelligence.View full review »
Associate Consultant at a computer software company with 201-500 employees
Currently, this product is difficult to manage. It needs to be more user-friendly.
A lot of improvements can be made into the overall architecture of the firewall. It's lacking right now. It's something they need to work hard to improve.
The reason for the lack of cohesion in the architecture is due to the fact that Cisco acquired this company and then they merged two products, the Cisco ASA and the Firepower product, into a single product. As a result, the product is not as mature as some of the other comparable products out in the industry.
The price is in the high end of the spectrum, again, comparing to other players in the industry.
The solution requires better management. When it comes to central management capabilities, improvements can be made.
Better reporting in terms of analytics and dashboards would be very useful in future versions.View full review »
The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation.
I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.View full review »
Systems & Network Manager at Rocky View School Division
We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license.
Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower.View full review »
Senior Network Security Engineer at a wellness & fitness company with 10,001+ employees
The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery. You need that to really handle finding anomalies properly. In the past, I've noticed that some applications are not identified correctly, based on the OS and the fingerprints that they're pulling from the host.
In the future, we would like to see more involvement with the on-premises hybrid cloud. We want to see Cisco do more in the cloud space, and basically improving the connection between on-premises and the cloud. This including things such as automation.View full review »
CASO at a tech services company with 11-50 employees
The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.View full review »
I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.
They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.View full review »
DGM IT Infra & Facility at a tech services company with 1-10 employees
I would like to see better support for preventing cross-scripting and brute-force attacks that may originate from our homegrown applications. This is needed because the applications that we are developing for internal use do not go through the heavy security check that we have in place. If there is some flaw in an application, which happens every now and then, then there will be a huge cost that I may have to pay. I would like to know that if I have a security solution in place then I am at least 99% confident that problems will be prevented. As it is now, I cannot say that I am 80% secure against my applications being attacked.
Better integration with other products, such as a SIEM tool, would provide better peer visibility about your security posture. Adding this type of functionality would make this product unbeatable.View full review »
IT Manager at a financial services firm with 51-200 employees
The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up.
The newer version tends to use a lot of system resources. For example, your processor and RAM.View full review »
Because of cybersecurity threats, other security features should be available in Cisco devices. Sangfor IAM is good because this provides the logging IAM feature which you can retain for up to 12 months. But Cisco does not provide this type of logging because no third-party logging server is supported with the Cisco firewall.View full review »
Cyber Security Engineer at a tech company
The solution would be better if it offered customers more integrations and more signatures.View full review »
Networking Security Consultant at a tech services company with 51-200 employees
Multi-internet line load balancing should be supported. It is available from other vendors and should be included with this product.View full review »
I think the GUI user interface could be improved and the login is not very user friendly. They could maybe improve on that.View full review »
Network Support Engineer at a government with 201-500 employees
It's coming to its end of life. We will be considering another solution because it is no longer scalable.
While it is stable, I would like it to be even more stable.View full review »
The price could be improved.View full review »
Manager - Automation, Electrical, IT and Networking at a mining and metals company with 1-10 employees
The onboarding process could be made a little bit better.View full review »
System Administrator at a tech services company with 201-500 employees
The solution should contain the sandbox features which we find in Check Point.View full review »
Information Security Manager at a financial services firm with 501-1,000 employees
Some Next-Generation Firewall solutions come with Intrusion Prevention. It would be nice if Cisco NGIPS included that.View full review »