We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"This product provides excellent centralized device controls and reporting."
"The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"The solution's simplicity of use is its most valuable feature."
"The port division management was the solution's most valuable aspect for our organization."
"The most valuable features are Firewall Assurance and Vulnerability Control."
"The most valuable feature is firewall management."
"The solution offers very nice dashboards and they've recently added a very good Java-based web interface."
"The features that I have found most valuable with Skybox Security Suite, and this is because I work on the security side, are the firewall assurance, the change manager and the vulnerability control. These three features are the most impressive from Skybox Security."
"It shows me a client's or an organization's entire network. I can see everything."
"It has a good policy management feature and can provide customers with good quality outputs."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"It would be a better product if it incorporated device control for third-party products easily."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"It should have more features to manage FirePOWER appliances."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."
"The solution was quite technical. It would be easier to manage if the solution was more specific about aspects of the solution and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything."
"The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving."
"The Network Assurance, which helps to create the network model, is not so rich."
"The support could be improved."
"The initial setup with Skybox Security is hard. You need one or two strong security engineers on your team."
"The price is costly, and I hope they can reduce the cost."
"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"It's around £500 per unit for a three-year license."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"If you compare to what is available on the market, they are in the same range with respect to pricing."
"The price is not expensive."
"Currently, the licensing costs me about $300 USD for the year. This is a huge amount for my environment."
Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.
The Skybox Security Suite platform combines firewall and network device data with vulnerability and threat intelligence, prioritizing security issues in the context of your unique environment. Powerful attack vector analytics reduce response times and risks, bringing firewall, vulnerability and threat management processes for complex networks under control.
Firewall Assurance brings all firewalls into one normalized view, continuously monitoring policy compliance, optimizing firewall rulesets and finding attack vectors that others miss. Skybox covers the most comprehensive list of firewall vendors, complex rulesets, even virtual and cloud-based firewalls. With proven scalability in 1,500+ firewall deployments, Firewall Assurance keeps rules optimized and ensures changes don’t introduce new risk.
Gain total visibility of the vulnerabilities in your attack surface without waiting for a scan. Leverage Skybox Research Lab's vulnerability and threat intelligence, and automatically correlate it to your unique environment. With network modeling and advanced simulations, pinpoint exposed vulnerabilities and other attack vectors. And use context to prioritize vulnerabilities in terms of actual risk and respond to threats with accuracy and efficiency.
For more information or to view a demo, visit www.skyboxsecurity.com.
Cisco Defense Orchestrator is ranked 4th in Firewall Security Management with 13 reviews while Skybox Security Suite is ranked 6th in Firewall Security Management with 8 reviews. Cisco Defense Orchestrator is rated 8.2, while Skybox Security Suite is rated 7.6. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Skybox Security Suite writes "Rich vulnerability management that is controlled from a single pane of glass, but the network modeling capability needs improvement". Cisco Defense Orchestrator is most compared with Tufin, FireMon, AlgoSec and Palo Alto Networks Panorama, whereas Skybox Security Suite is most compared with AlgoSec, Tufin, FireMon, RedSeal and Tenable Nessus. See our Cisco Defense Orchestrator vs. Skybox Security Suite report.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.