Please share with the community what you think needs improvement with Cisco NGIPS.
What are its weaknesses? What would you like to see changed in a future version?
Multi-internet line load balancing should be supported. It is available from other vendors and should be included with this product.
I think the GUI user interface could be improved and the login is not very user friendly. They could maybe improve on that.
We don't like its licensing model. It has separate licensing for all the features. For instance, to get URL filtering, you need to buy another license. Every feature set seems to require another license. Unless you purchase them all upfront, you find some surprises and realize that you can't do that because you need another license. Its logging isn't quite as good as it used to be in our previous solution. We used to have Cisco ASA, and we could view the logs a lot easier than NGIPS (also known as Firepower). We saw real-time logging, but we don't see that as much in Firepower.
The SSL decrypt could be improved, but it's normal. All the devices in our platform need a lot of memory or CPU to do the SSL decrypt. This is an issue to improve in all platforms, not only in Cisco. They have SecureX which can be integrated with other platforms. But I think the improvement of SecureX in the platforms is needed. SecureX is really new but I think that needs a little improvement.
The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up. The newer version tends to use a lot of system resources. For example, your processor and RAM.
The onboarding process could be made a little bit better.
I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers. They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.
The only thing I think they may need to improve on a little bit is identifying software more correctly when you do network discovery. You need that to really handle finding anomalies properly. In the past, I've noticed that some applications are not identified correctly, based on the OS and the fingerprints that they're pulling from the host. In the future, we would like to see more involvement with the on-premises hybrid cloud. We want to see Cisco do more in the cloud space, and basically improving the connection between on-premises and the cloud. This including things such as automation.
Because of cybersecurity threats, other security features should be available in Cisco devices. Sangfor IAM is good because this provides the logging IAM feature which you can retain for up to 12 months. But Cisco does not provide this type of logging because no third-party logging server is supported with the Cisco firewall.
I would like to see better support for preventing cross-scripting and brute-force attacks that may originate from our homegrown applications. This is needed because the applications that we are developing for internal use do not go through the heavy security check that we have in place. If there is some flaw in an application, which happens every now and then, then there will be a huge cost that I may have to pay. I would like to know that if I have a security solution in place then I am at least 99% confident that problems will be prevented. As it is now, I cannot say that I am 80% secure against my applications being attacked. Better integration with other products, such as a SIEM tool, would provide better peer visibility about your security posture. Adding this type of functionality would make this product unbeatable.
The configuration of this product can be simplified. I am an expert in this area because few people can do it. It requires a lot of training and documentation. I think that some initiation scripts might be helpful because they would make the configuration easier and more user-friendly for customers.
Currently, this product is difficult to manage. It needs to be more user-friendly. A lot of improvements can be made into the overall architecture of the firewall. It's lacking right now. It's something they need to work hard to improve. The reason for the lack of cohesion in the architecture is due to the fact that Cisco acquired this company and then they merged two products, the Cisco ASA and the Firepower product, into a single product. As a result, the product is not as mature as some of the other comparable products out in the industry. The price is in the high end of the spectrum, again, comparing to other players in the industry. The solution requires better management. When it comes to central management capabilities, improvements can be made. Better reporting in terms of analytics and dashboards would be very useful in future versions.
It has room for improvement when it comes to integrating machine learning and AI into it where even if you don't have a baseline that is of length for anomaly detection, it could do more like an AI style machine learning. It learns on its own. It learns patterns, learns what good traffic looks like then is able to stop bad traffic, not just based on behavior but based on every other thing. I think other next-generation IPS solutions are turning towards integration of ML and AI. I need machine learning and the ability to share intelligence.
The pricing is very expensive. They should make their equipment more affordable. Cisco should offer better integration capabilities and offer an easier integration process.
Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use. It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution. One feature that is lacking is full interoperability with CLI. You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.
I have had a lot of problems with false positives and it would be helpful if this were improved. I would like to see integration with monitoring tools such as Nagios or BMC. An improved dashboard would be great.
I would like to see the total performance for the users improved. We have a need for security, so we would like to see more protection against virus attacks and ransomware attacks. The inclusion of bandwidth management features would improve this product. I would like to have an API for application development.
We would like to see support for DDoS protection. The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost. The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.
There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products. In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.
The file trajectory could be improved. We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.
The main problem with Firepower is the time between deployment and configuration. Now, it's approximately six minutes, so If I configure something during deployment, I understand that maybe if I write up a small mistake, I need to wait twelve minutes before I can fix the configuration. So I think the main problem is the time of deployment. The solution could add DLT, but it's already full enough of features. The interface could be simpler and more user-friendly. More flexibility with the dashboards is needed because some of them are not fully developed. We could use more flexible base boards.
The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.
* I would like to see better integration with SIEMs. * Better rule building using other tools, like LuaH and Python. * Better performance. * Better intelligence gathering in domains, the main URLs, and endpoint solutions.
In the next release I would like to see better reporting. I also find it's hard to act on the data it gives you.
What do you like most about Cisco NGIPS?
Thanks for sharing your thoughts with the community!