Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
N/A
Trellix Network Security
Score 8.6 out of 10
Enterprise companies (1,001+ employees)
Trellix Network Security (formerly FireEye Network Security and Forensics products) combines network traffic analysis and network forensics for attack analysis .
Cisco Secure Firewall are well suited for mass deployment rather than a single deployment. When making changes on fmc (the firewall management system) it is easy to deploy to multiple firewalls at once and you can do the same for multiple firewall upgrades at a time. However I find that it is easier to manage a small group or individual firewalls with some competitors. Specifically the NGFW requires capturing the firewall image for a backup rather than just a text configuration file which is used for ASAs.
It’s a dedicated Network Advanced Threat Detection and Prevention solution. Easy maintenance and low operating costs fit perfectly for SMEs. Variety of appliance selection makes NX the perfect choice for large enterprises. As it’s a dedicated solution with its own appliance, price is higher compared to NGTP add on solutions. FireEye is an ecosystem therefore when you’ve the EX or HX vice versa, you should be looking to NX. Otherwise, you’re missing the threat intel exchange on the network side reverse is the true. Sizing is important before the purchase, if you select a low end model for a busy network you lose your initial investment. For multiple NX deployments I highly recommend CMS. Without CMS you’ll lose the threat intel exchange and this will negatively reduce the risk scores.
I have one argument, failover scenario. It's not quite easy. Failover scenario of firewalls. It's sometimes not quite easy to know the issue. But if we open a tech case, a technical case to Cisco, Cisco will help us, it's a little bit con, but we are happy with this product.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Our experience with Cisco TAC support for Cisco Secure Firewall has been very good. The support engineers are knowledgeable about the product and have many tools available to them to work "under the hood" of the firewalls or management center. When we've had equipment failures, the RMA process has been simple and straightforward.
was a good training but questions was answered not so good. Training was "Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF)".
Our initial implementation was aided by Cisco's professional services and was excellent. The engineer was very knowledgeable and helped us work through issues while building out our new internet security edge Part of this involved tools to migrate the firewall configuration from old to new.
I think the Cisco product is probably pretty much equal now. I would love to say that Cisco is way more advanced or whatever, but Palo Alto, they just focus solely really on firewalls. And before Cisco came out with the FTD, the ASAs would only do layer four. So that's one of the reasons why that we purchased the Palo Alto is because they would do layer seven. And when we went to the FTDs, since they do layer seven as well, we just wanted to have different layers of security with our firewalls. So we just put the Palo Altos behind the Ciscos in case that there was anything that the Ciscos didn't catch, the Palo Altos would.
FireEye NX is a solid product. It gives you sustainable security throughout the organization. NX detection engines are more capable compared to others. Its catch rate is higher, FP rate is lower, [and] speed is awesome. NX can work for highly regulated environments with 1 way solution. Operation costs are much lower. Software quality is very good. It may have bugs, but these bugs do not compromise the security in general. SOC team loves the FireEye NX for its pinpoint detection capabilities. Local and partner support is exceptional.
Some patching for zero day exploits have resulted in bugs causing downtime, meaning decision between vuln patching or risk of downtime needs to be discussed.
Peace of mind that the device will receive continued upgrades and with a quick turnaround.
Ability to use TAC for issues.
Ease of hiring candidates with experience in product line.
As [a] financial company on the digital markets, we need to be safeguard for 0days and targeted attacks. FireEye NX provides the best updated protection with its enhanced capabilities.
Security score based on detection/prevention metrics [is] very high ensuring the highest level of security.
APTs in our region successfully detected and mitigated by the NX.
For the ROI, in a six month period FireEye is paying off its [investment].
One negative thing, especially with increasing network bandwidths, [is that] you need to make [the] investment every two or three years.
