• Home
  • Cisco Defense Orchestrator vs. FireMon Security Manager

Cisco Defense Orchestrator vs FireMon Security Manager comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo

Cisco Defense Orchestrator

Read 14 Cisco Defense Orchestrator reviews
1,093 views|325 comparisons
100% willing to recommend
FireMon Logo

FireMon Security Manager

Read 53 FireMon Security Manager reviews
7,041 views|5,286 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Firewall Security Management
April 2024
Executive Summary

We performed a comparison between Cisco Defense Orchestrator and FireMon Security Manager based on real PeerSpot user reviews.

Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management.
To learn more, read our detailed Firewall Security Management Report (Updated: April 2024).
Download the complete report
768,857 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched FireMon Security Manager but chose Cisco Defense Orchestrator: The rule usage is a nice feature, but we have problems with it staying in sync when logging into the device
It hasn't really improved our organization. It has been more like a PoC which was spun up and played with for a little while, and we haven't gotten... Read more →
Ramon Garza
We're able to push policy changes on a daily basis, and cleanup of policies keeps us current
We're able to push policy changes on a daily basis. Before, we had to schedule certain timeframes, but now we can push them throughout the day... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.""This product provides excellent centralized device controls and reporting.""If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.""The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.""The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets.""The most valuable feature is the Intrusion prevention.""The most valuable feature is that you can push one policy or one rule out to several devices at a time.""When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."

More Cisco Defense Orchestrator Pros →

"FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.""It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance.""It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It save us time and creates efficiencies by looking at the general picture.""The ease of use is the most valuable feature. There are a lot of products out there, but the ability to navigate through and use Firemon is very good.""FireMon is nice and provides 360-degree user views.""Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.""The most valuable feature is the Firewall reviews for our company compliance.""In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level."

More FireMon Security Manager Pros →

Cons
"It would be a better product if it incorporated device control for third-party products easily.""We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue.""If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO.""There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.""They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud.""The dashboard needs to be more customizable to provide better reporting for our network.""When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.""CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."

More Cisco Defense Orchestrator Cons →

"I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did.""The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing.""When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box.""We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.""The current health and monitoring of the devices is atrocious... Imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined... Out of all those categories, I only find one or two of them that are, perhaps, pertinent.""We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us.""FireMon could be easier to use and flexibility regarding reporting could be improved.""FireMon could be made more user-friendly when it comes to creating filters or conducting traffic analysis."

More FireMon Security Manager Cons →

Pricing and Cost Advice
  • "It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
  • "It's around £500 per unit for a three-year license."
  • "After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
  • "It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
  • "If you compare to what is available on the market, they are in the same range with respect to pricing."
  • "I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."

    • More Cisco Defense Orchestrator Pricing and Cost Advice →

  • "Pricing model seems fair."
  • "Relative to what it offers, the price is fair."
  • "The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin."
  • "Regarding additional costs, if you want things like Policy Optimizer, extra features, that's extra."
  • "We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time."
  • "We pay for it yearly."
  • "FireMon is cheaper than AlgoSec."
  • "Pricing is reasonable."

    • More FireMon Security Manager Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
    See Recommendations
    768,857 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    What do you like most about FireMon?
    Top Answer:I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for FireMon?
    Top Answer:It's a good value. From a licensing standpoint, our only limitation is the number of devices that we manage. Our environment is small. We have fewer than 20 enterprise firewalls, meaning it's hard to… more »
    Read all 12 answers   →
    What needs improvement with FireMon?
    Top Answer:We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain… more »
    Read all 20 answers   →
    Ranking
    14th
    out of 17 in Firewall Security Management
    Views
    1,093
    Comparisons
    325
    Reviews
    0
    Average Words per Review
    0
    Rating
    N/A
    4th
    out of 17 in Firewall Security Management
    Views
    7,041
    Comparisons
    5,286
    Reviews
    7
    Average Words per Review
    1,117
    Rating
    8.6
    Comparisons
    Also Known As
    CDO
    Learn More
    Cisco
    Video Not Available
    FireMon
    Interactive Demo
    Cisco
    Watch a demo
    FireMon
    Demo Not Available
    Overview

    Cisco Defense Orchestrator (CDO) is a cloud-based management solution designed to ensure streamlined and consistent security policies across the Cisco security portfolio. Specifically tailored to manage all Cisco Secure Firewall form factors (running either ASA or Firepower Threat Defense (FTD) software), CDO offers real-time visibility and troubleshooting capabilities, effectively enhancing overall network security.

    CDO addresses the challenges of migration, supporting transitions from on-premises to cloud environments and facilitating the shift from ASA to FTD configurations. As organizations embark on their cloud adoption journey, CDO simplifies provisioning workflows for remote branches, reduces operational expenditures related to inventory management, and offers scalability for multi-cloud deployments.

    The increasing complexity of networks, driven by the constant influx of new devices, applications, and cloud services, presents a daunting challenge for managing firewall policies and rules. A typical enterprise environment has millions of rules, and just one simple misconfiguration can lead to devastating consequences like compliance violations, outages, and data breaches. 

    FireMon’s Security Manager is a purpose-built network security policy management (NSPM) platform that automates the management of firewall and cloud security policies to eliminate policy-related risk, accurately and quickly change rules, and meet internal and external compliance requirements.

    • Reduce Risk Manage risk with real-time visibility and control
    • Manage Change Avoid misconfigurations, accelerate business, and improve security
    • Enforce and Maintain Compliance Avoid violations, avoid risk, and avoid fines
    Sample Customers
    Insurance Company of British Columbia, Shawmut
    Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Verizon, Wells Fargo
    Top Industries
    REVIEWERS
    Manufacturing Company43%
    University14%
    Consumer Goods Company14%
    Healthcare Company14%
    VISITORS READING REVIEWS
    Computer Software Company44%
    Manufacturing Company7%
    Financial Services Firm5%
    Government5%
    REVIEWERS
    Financial Services Firm29%
    Insurance Company9%
    Government9%
    Computer Software Company7%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Manufacturing Company6%
    Comms Service Provider6%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise21%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business11%
    Midsize Enterprise5%
    Large Enterprise84%
    REVIEWERS
    Small Business14%
    Midsize Enterprise15%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    Buyer's Guide
    Firewall Security Management
    April 2024
    Download Free Report
    Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management. Updated: April 2024.
    DOWNLOAD NOW
    768,857 professionals have used our research since 2012.

    Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while FireMon Security Manager is ranked 4th in Firewall Security Management with 53 reviews. Cisco Defense Orchestrator is rated 8.2, while FireMon Security Manager is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama, Tufin Orchestration Suite, Azure Firewall Manager and Cisco Secure Firewall Management Center, whereas FireMon Security Manager is most compared with Tufin Orchestration Suite, AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama and ManageEngine Firewall Analyzer.

    See our list of best Firewall Security Management vendors.

    We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.