AlgoSec, from the company of the same name in Ridgefield Park, New Jersey, is a firewall security management option. The service now includes the CMDB capabilities of Prevasio, which was acquired by AlgoSec.
N/A
Cisco Identity Services Engine (ISE)
Score 9.0 out of 10
N/A
The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
N/A
Cisco Secure Firewall Management Center
Score 9.0 out of 10
N/A
Cisco Secure Firewall Management Center (formerly Firepower Management Center) are a firewall policy and intrusion detection appliance management system, providing an administrative nerve center for managing critical Cisco network security solutions. It provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Easily go from managing a firewall to controlling applications to investigating and remediating…
We chose Cisco FMC because all our network is Cisco, so it is more native the use of Cisco Security Tools and the integrations are friendlier and easier.
Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure
FMC is feature-rich and user-friendly. Cisco firewalls can run on standalone mode (FDM) but fewer features are supported on FDM. FMC is a must when working with Cisco Firewall. Migration from Cisco ASA to Cisco FTD is easy. There is a tool (FMT) that converts and imports the cisco IOS configuration file to FMC. FMC runs in VM or can be purchased as a physical appliance. The downside is that FMC is not quite fast and has bugs, especially when running in the older version 5x. and 6x.
The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.
Stability when managing firewalls, we're having issues with Firewall 01 and Firewall 02 remaining in sync
Reporting when it comes to access control policy rules - there is no way to export a report of the rules easily. Using a custom Python script on the Cisco forums is the only way to easily export a CSV.
Support for policy and route-based site-to-site VPN was not available until 6.6.0 and later. This forced us to purchase ASAs to bridge that gap.
Dashboard reporting - when clicking a link for more information, nothing displays. Currently working with Cisco on the support case, which has been escalated.
We are very satisfied with SecureX and it's adaptive, active nature in protecting or data and systems. It's easy to administer, update, review notifications and update when necessary. Cisco's security practice fits into our needs and continues to evolve as global cyber events change. SecureX is easy to migrate to new cisco gear as we upgrade to newer models when supports ends on older gear. Enabling fast ROI during these capital expenditure projects.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
Overall usability is an eight for me because it is easy to manage the firewall policies and monitor the devices' health. The configurations are all done in the GUI which makes it more convenient and hassle free. You can also see the devices' health and the progress of the task thru its taskbar.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
Since moving to Cisco secure management center from firepower management center we've had no application issues, outages or any other problems. It's always been there for us and always provides us the necessary protection and notification when we need it. Been very happy with all of our Cisco systems over our tenure to date.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
We have the direct support of the manufacturer through its service channels, the attention is 24/7, and the response time is acceptable. The support for this tool is almost nil. It all depends on the level of implementation is carried out so that it can fail and request collaboration. Anyway, the manufacturer backs the entire Cisco Firepower Management Center (FMC series appliances) solution.
I think our system integrators lacks some competencies and this has led to an implementation that is still perfectible. (i.e. dedicating an interface for intra-cluster communication)
Cisco secure firewall management center is easy to install, moderate to setup in conjunction with firewall hardware, and administration of policy changes afterwards is pretty straight forward. And flexible to add more advanced security configurations as needed. Cisco support website is pretty good for researching how to documentation too. Cisco secure firewall management center enables integration to SecureX - the cloud security protection service. And AMP which protects packet flow with real time analysis. Cisco secure fmc is the evolved name for cisco firepower management center so for those customers who have firepower this is a simple migration.
I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.
We are managing multiple customers having a large number of Cisco devices that need to be managed by a single platform. For that reason, we have selected the Cisco Firewall Management Center than checkpoint firewall management. It simplifies and automates newly bought cisco firewalls at remote branch offices to manage, configure and troubleshoot them.
It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .
I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.
It's a very straightforward and user-friendly tool that has enhanced the total detection of malware and other threats t from intrusion into our network.
Provides stable deep network scanning, security visibility, and protection from unauthorized access.
The platform modular allows us to deploy across multiple budget cycles.
