Please share with the community what you think needs improvement with Cisco NGIPS.
What are its weaknesses? What would you like to see changed in a future version?
The pricing is very expensive. They should make their equipment more affordable. Cisco should offer better integration capabilities and offer an easier integration process.
Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use. It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution. One feature that is lacking is full interoperability with CLI. You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.
I have had a lot of problems with false positives and it would be helpful if this were improved. I would like to see integration with monitoring tools such as Nagios or BMC. An improved dashboard would be great.
I would like to see the total performance for the users improved. We have a need for security, so we would like to see more protection against virus attacks and ransomware attacks. The inclusion of bandwidth management features would improve this product. I would like to have an API for application development.
We would like to see support for DDoS protection. The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost. The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.
The file trajectory could be improved. We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.
There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products. In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.
The main problem with Firepower is the time between deployment and configuration. Now, it's approximately six minutes, so If I configure something during deployment, I understand that maybe if I write up a small mistake, I need to wait twelve minutes before I can fix the configuration. So I think the main problem is the time of deployment. The solution could add DLT, but it's already full enough of features. The interface could be simpler and more user-friendly. More flexibility with the dashboards is needed because some of them are not fully developed. We could use more flexible base boards.
The aspect of private party integration solutions could be improved. I would like to see a sandboxing feature. And the options that people buy in modules, they need to packaged better as a baseline.
* I would like to see better integration with SIEMs. * Better rule building using other tools, like LuaH and Python. * Better performance. * Better intelligence gathering in domains, the main URLs, and endpoint solutions.
In the next release I would like to see better reporting. I also find it's hard to act on the data it gives you.