Most Helpful Review
Provides us with application visibility and control and has improved our clients' end to end firewall functionality
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Unfortunately in Cisco, only the hardware was good.
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.
The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.
The firepower sensors have been great; they do a good job of dropping unwanted traffic.
The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.
The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.
I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.
The technical team is always available when we have problems.
Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.
They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.
With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.
We can easily track unauthorized users and see where traffic is going.
The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites
The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.
Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.
Using WildFire has reduced the number of viruses and the amount of malware that comes into our system, which means that I don't have to rely on the end-users to identify it.
The way that the solution quickly updates to adjust to threats is the solution's most valuable aspect. When there's a security attack, within five minutes, all Wildfire subscribers have access to updates so that all systems will be safe. Its threat prevention is way better than other vendor products.
The most valuable feature is the Automatic Verdict, to recognize whether something is a threat, or not.
They have many different options with Palo Alto WildFire and the set-up is quick. If you have all the details in hand, it does not take more than 15 minutes to deploy a firewall.
It helps us when segmenting and securing the network and all sort of technologies, all sort of next generation needs. It's next generation phases of firewall like anti-virus, sandboxing, wifi, and VPN.
Being an application-based firewall, this is one of the critical focus factors along with the threat prevention services it provides.
It is stable and pretty much scalable.
The cloud-based services are a nice feature.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.
The software was very buggy, to the point it had to be removed.
Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.
I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.
The Sandbox and the Web Censoring in this solution need to be improved.
It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.
The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.
I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.
We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it.
We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.
The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.
For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.
The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.
In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.
It would be nice if there was an easier way to install and deploy it, such as through the inclusion of wizards.
The size of Palo Alto's cloud is big but it could be easier to use from a product management perspective.
I would like to see them continue on their developmental roadmap for the product.
There are certain changes that I was expecting in the previous version, and I hope that they are soon fixed. All of the problems that I have faced so far have been resolved.
Other vendors have some sort of bandwidth management built into the firewall itself and Palo Alto is missing that.
As a firewall and 360 degrees of security, there needs to be more maturity.
The initial setup was complex.
I think it would be nice for Palo Alto to work without the connection to the cloud. It is 100% powerful when connected to the cloud. But, if you disconnect from the cloud, you only get 40-50% power.
Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months.
The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology.
The program is very expensive.
The cost of this solution is high.
Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.
We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.
The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high.
Cisco's pricing is high, at times, for what they provide.
Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.
The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...
The price of this solution is not good or bad.
The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.
It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.
We pay between $3,000 and $4,000 CAD ($2,200 - $3,000 USD) per year to maintain this solution.
The licensing fees are on an annual basis, and there are no costs in addition to the standard fees.
It's pretty expensive but with respect to value for money, it's okay.
It is a reasonable price compared to other solutions on the market.
The pricing is OK, it is not too expensive.
Answers from the Community
Compared 38% of the time.
Compared 10% of the time.
Compared 10% of the time.
Compared 24% of the time.
Compared 20% of the time.
Compared 16% of the time.
Compared 18% of the time.
Compared 11% of the time.
Compared 9% of the time.
Also Known As
|Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls||Cisco Firepower Next-Generation Firewall, FirePOWER|
|Cisco||Cisco||Palo Alto Networks|
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.
Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.
Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.
The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.
|WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.|
Learn more about Cisco ASA NGFW
Learn more about Cisco Firepower NGFW
Learn more about Palo Alto Networks WildFire
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield||Novamedia, Nexon Asia Pacific, Lenovo, Samsonite, IOOF, Sinogrid, SanDisk Corporation|
Financial Services Firm19%
Comms Service Provider9%
Software R&D Company6%
Software R&D Company28%
Comms Service Provider19%
Financial Services Firm42%
Comms Service Provider17%
Software R&D Company26%
Comms Service Provider24%
Financial Services Firm10%
Venture Capital & Private Equity Firm10%
Software R&D Company31%
Comms Service Provider16%