We performed a comparison between Cisco Defense Orchestrator and Skybox Security Suite based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"With Cisco Defense Orchestrator, we can manage the complete Cisco Security solution. It provides a simple and centralized way to manage all products."
"We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"Cisco Defense Orchestrator has useful guides for the steps that need to follow by users."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"The solution's most valuable and unique assets are the vulnerability management and change management solutions because they identify mistakes in the network before implementation which reduces risks."
"It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given us a more secure way of backing up the configuration on these devices."
"Correlates logs and threats and prioritizes; provides network maps;p provides change result context and resulting vulnerability."
"Robust modules can be used for different parts of network security."
"The way that it's built with three-tier architecture, it makes it very horizontally scalable, so I can have multiple fallbacks. If one machine does fall offline, there are four other machines that are doing the exact same job to pick it up"
"It has a good policy management feature and can provide customers with good quality outputs."
"The solution's simplicity of use is its most valuable feature."
"Key features for us include the firewall change audit every week. Also, being able to track firewall ACL usage, so that we can produce semiannual reports on ACL usage and shadowed and redundant rules on the firewall."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"It should have more features to manage FirePOWER appliances."
"It would be a better product if it incorporated device control for third-party products easily."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"The dashboard needs to be more customizable to provide better reporting for our network."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"There is room for improvement in pricing. It would be better, especially if a customer bought all four modules."
"The Network Assurance, which helps to create the network model, is not so rich."
"Change Manager can be improved. If they can improve Change Manager so that whatever we want to do on a firewall, we are able to do it through Change Manager, it will be helpful for us. Whenever we are doing a change, it only does them at an L3 and L4 level, but all the firewalls are at the application layer. So, whatever needs to be done on the firewall, we aren't able to get it done through Change Manager. Currently, this functionality is not there because of which we are sometimes losing customers. I can create a role on Layer 3, Layer 4, but when it comes to the application layer, such as configuring and defining URLs or other things at the application level, it can't be done through Change Manager. Customers demand that they should be able to do everything through Change Manager. They don't want to do it through some other mechanism to accomplish their complete change management policy. They don't want to use a firewall manager because sometimes, they don't have any manager. They ask if they can use our solution so that a manager is not required. If Change Manager can do all the management automatically without involving any other manager, it will be great. They can also provide better integration with other managers so that everything can be done through a central point."
"The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out."
"The solution needs to move improve its interface to a full web browser version that is more accessible and doesn't require installation for use."
"The solution was quite technical. It would be easier to manage if the solution was more specific about aspects of the solution and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything."
"There are multiple dashboards but no custom dashboard. It would be good to include a custom dashboard so that we can actually choose which field and what kinds of things we want to look at."
"There is room for improvement in the technical support."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while Skybox Security Suite is ranked 6th in Firewall Security Management with 34 reviews. Cisco Defense Orchestrator is rated 8.2, while Skybox Security Suite is rated 7.8. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Skybox Security Suite writes "Efficient in vulnerability management, stable and easy to use ". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama, Tufin Orchestration Suite, Azure Firewall Manager and Cisco Secure Firewall Management Center, whereas Skybox Security Suite is most compared with AlgoSec, Tufin Orchestration Suite, FireMon Security Manager, Palo Alto Networks Panorama and RedSeal.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.