When it comes to security on the edge of your network (downstream) Cisco's IOS security features provide pretty much everything you need when it comes to securing your network, network devices, and access. I would absolutely recommend Cisco switches due to many reasons, but a big reason is security.
It's very well suited for geographically dispersed organizations, where deploying and managing remote firewalls and other network security functions aren't practical. Once deployed, and the deployment isn't difficult after planning and understanding the data flows of the IoT devices, the system is easily managed and flexible. You're able to allow front line operations people to add devices into a role without sacrificing the integrity of the security model.
Cisco could provide an initial set up script for those are not used to the CLI (Command Line Interface). With that initial script, people could easily deploy the security features instead of having to learn how to use the commands.
The web interface that Cisco provides with the routers, although it’s useful to set up the security features, it could also have some sort of tutorials to help people understand the main concepts of iOS security.
You have to license iOS security separately from the main OS. For that reason, sometimes it tends to be a little expensive if you have a small business.
Cisco has the best Support team that gives us 24/7 support as we need. Cisco has huge detailed documentation for design, implementation, and troubleshooting all areas of the IOS security. There are many communities discussing all Cisco devices and solutions for studying groups and for customers to share their stories, technical problem and solutions.
It's pretty darned good for a new company. We had to hash through a couple of instances that no one had ever run into, but once we got to the right person on the engineering team, they were able to work through the solution pretty quickly. The nice thing is, unlike Cisco, once you fix something, you don't find three new things that have to be changed.
I also like HP Procurve. It is my choice when the customer cannot afford Cisco. Cisco is better all round but HP is the only other [product] I will use if I have a choice.
The cost and complexity vs. ISE is as different as Uber and Lift are from trying to take a taxi in Duluth, Minnesota. The complexity of Cisco's IoT security is a joke. It was going to take us over a year just to deploy all the Cisco equipment, and that was if we could have gotten it all working together. We got the entire project deployed in just under 3 months, and that includes working out all the bugs and logistics. Honestly, I don't think all the Cisco parts would have ever been running like Cisco promised it would. It's just way too complicated.
Cisco iOS security helped our business deploy a relatively safe solution for a small amount of money.
If you don’t have enough budget to invest in a robust and expensive firewall solution, you can safely use Cisco iOS security to protect your branch or remote office without compromise your network.
Because Cisco iOS security uses a simple command-line based interface, you can deploy standardized scripts and keep the operational costs low.
