Likelihood to Recommend This is the best possible solution for enterprise-level organizations where server counts will be in the thousands. To manage these and understand the communication can be very cumbersome without this tool. Ease of creation map zone and application-wise can be relaxing to OS teams and support teams as well. There is no limit to labeling schema of servers and it gives the freedom to do so.
Read full review When it comes to security on the edge of your network (downstream) Cisco's IOS security features provide pretty much everything you need when it comes to securing your network, network devices, and access. I would absolutely recommend Cisco switches due to many reasons, but a big reason is security.
Read full review Pros Network traffic flow within environment of organization. Creating maps for visibility and drill down is a key feature. Labelling of servers can be done via running script. Alerts can be sensitized for the traffic not seen. Read full review Authentication. Access lists. Port security. Read full review Cons Limited support to legacy infrastructure. Integration with third party is a bit tedious. Awaiting support for Kubernetes in the next version. Read full review Cisco could provide an initial set up script for those are not used to the CLI (Command Line Interface). With that initial script, people could easily deploy the security features instead of having to learn how to use the commands. The web interface that Cisco provides with the routers, although it’s useful to set up the security features, it could also have some sort of tutorials to help people understand the main concepts of iOS security. You have to license iOS security separately from the main OS. For that reason, sometimes it tends to be a little expensive if you have a small business. Read full review Usability The solution is deployed throughout the organization. Teams are working and integrating it with the help desk tool wherever required. Helps in identifying the network traffic flows in lateral movement and east and west as well. Allows policies by default and later fine-tuning to be done to narrow it and enforce blocking action. Exporting reports from the tool is easy and can be observed for any issues.
Read full review Support Rating Support has been available 24*7. It also depends on criticality but support is available. Also, the right expertise from the team helps in identifying the issue quickly and this helps in less production downtime if required. The ticket is resolved with RCA.
Read full review Cisco has the best Support team that gives us 24/7 support as we need. Cisco has huge detailed documentation for design, implementation, and troubleshooting all areas of the IOS security. There are many communities discussing all Cisco devices and solutions for studying groups and for customers to share their stories, technical problem and solutions.
Read full review Alternatives Considered 1) No limit to labeling schema. 2) Ease of creating maps with respect to zone, environment, subnets, etc. 3) Ease of creating policies and publishing the same. 4) Deception 5) Integration with monitoring tool (grafana) 6) Changes in the agent can be considered if there are legacy systems, time-consuming but can be achieved with the right information.
Read full review I also like HP Procurve. It is my choice when the customer cannot afford Cisco. Cisco is better all round but HP is the only other [product] I will use if I have a choice.
Read full review Return on Investment Blocking unwarranted traffic can really boost security of organization. Alerts can be triggered to SIEM servers and help in timely action. Need to be very careful before configuring and publishing block policies in the production environment. Read full review Cisco iOS security helped our business deploy a relatively safe solution for a small amount of money. If you don’t have enough budget to invest in a robust and expensive firewall solution, you can safely use Cisco iOS security to protect your branch or remote office without compromise your network. Because Cisco iOS security uses a simple command-line based interface, you can deploy standardized scripts and keep the operational costs low. Read full review ScreenShots