The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
N/A
FireMon
Score 7.9 out of 10
Enterprise companies (1,001+ employees)
FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
Spot by NetApp
Score 7.0 out of 10
N/A
Spot by NetApp, now including CloudCheckr, helps companies to run their cloud investments. The Spot product suite uses machine learning and analytics to automate and optimize cloud infrastructure, to ensure that workloads and applications always have the best possible infrastructure that is available, scalable and available at the lowest possible cost. Spot’s technology provides insights into cloud costs, recommendations for how to optimize utilization and costs, and automation to implement…
Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
CloudCheckr is fantastic for those that are purely in the Cloud as it provides everything you need under one roof for a comprehensive configuration and usage monitoring tool. It has SysLog capabilities though so you can farm out the alerts into a SIEM or other log management system, so hybrid environments could also benefit from its use.
The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.
Detailed Best Practices. It's important to align your cloud to industry best practices for security and cost—it just performs better if it's used the way it's meant to be used. AWS is very flexible, and that's great when you have special requirements, but you've got to at least know when you're using something in a non-standard way so you can think through the implications.
Cost Reduction. Some recommendations are almost impossible to make at least for our setup, but many, many others are easy. We only have to log into CloudCheckr every few months and make a few changes for it to more than pay for itself.
Right-Sizing. This is related to the other points, but for some reason is separate from their cost module. The metrics it's able to pull only tell half the story, so it's good to verify it's sizing recommendations before making changes. But it does show you what instances to focus on first, and even if you choose a slightly different size to move it to, it does clearly indicate it's current size isn't appropriate. And this works both ways, if the size is too big, you can save some cash by making it smaller, but if it's too small, you want to be sure to scale up before you run into performance problems.
CloudCheckr features have a tendency to break without warning. Functionality in place for months could suddenly stop working.
CloudCheckr support often delays work on support tickets for fixing broken application functionality.
The CloudCheckr platform and documentation website often crash or experience performance degradation.
CloudCheckr cost reporting is often impacted by faulty code or broken report functionality. This can contribute to a low level of confidence in CloudCheckr's ability to deliver accurate cost reporting.
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
Overall, CloudCheckr covers all our AWS monitoring needs and great integration through SysLog into our SIEM to capture alerts for investigation. The reports are great and allow for an easy daily review. Small improvements could be made to the interface and better filtering in places would be good. Great product and the price is fair.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
I think our system integrators lacks some competencies and this has led to an implementation that is still perfectible. (i.e. dedicating an interface for intra-cluster communication)
I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
There are a few products out there that'll do an aspect or two of what CloudCheckr does, but I honestly couldn't find anything nearly as comprehensive as CloudCheckr.
It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.
