Reviews (1-4 of 4)
October 30, 2019
Score 9 out of 10
Here at our organization, we have about 15 remote locations, from small sales offices to manufacturing plants, all connected to our HQ using VPN. 2 years ago, we started to deploy Firepower NGIPS in some of those locations. Our main goal was to offer a robust, secure and centralized option for each location. Having centralized administration in our HQ, we can have the same policies applied for all the locations, check status, audit logs, etc. Also, once you have the templates, it's just a matter of order the same p/n and the setup will be very easy. Also, as we already, use Cisco routers for other purposes, like voice gateway, wan optimization, having the Firepower as a virtual machine inside the router was also a key feature for our convergence strategy.
- The option to deploy it as a virtual machine in a UCS-E inside a Cisco Router is something to consider a lot. It simplifies a lot the deployment in places where you need to optimize resources and keep things simple. It also saves some money on unnecessary hardware.
- Having the most complete license, we can have in the same box IPS, inspection for malware and URL filtering. As Cisco uses Talos Intelligence network to mitigate and evaluate risks, having this complete set of security features turns the box into a powerful resource to protect our remote locations. Considering the hyper-connected business we have today, it's almost impossible to think that we can run a business without this kind of protection.
- The integration between Firepower NGIPS and other products, like Cisco ISE and Splunk, is also a key feature for this solution. In both cases, you can integrate the product to have the best of both. As a security appliance, it's very important for us to have all the logs centralized in Splunk and this is done simply connecting FMC (Firepower Management Console) to the Splunk collector.
- The initial setup of the box can be a little tricky, especially in deployments like ours, where you have it running on a UCSE server inside a router. I think Cisco could do it a little easier, like having a script to configure it.
- The interface of the FMC (Firepower Management Console) is a little outdated. Cisco could use the latest design language they already used for other platforms like Cisco Prime to make that interface more user-friendly.
Read Eduardo Viero's full review
For scenarios, I described before, like when you have centralized administration and several locations, and the majority of those locations have the same size/requirements, Firepower is well suited. Easy to maintain, relatively cheap to buy. For scenarios too small, like small sales offices like ours, I don't think Firepower could fit, basically because you'll need to invest a certain amount of money to buy, license and deploy.
August 27, 2019
Firepower NGIPS is our primary IPS/IDS solution. It provides a layer of defense against network intrusion that provides very meaningful feedback via the Firepower Management Center (FMC). We use it both internally and recommend it to our customers as the leading NGIPS/IDS solutions available on the market. We are using Firepower NGIPS to both detect and proactively prevent unauthorized network access.
- Stops unauthorized network access
- Provides meaningful event and incident reporting via the FMC
- Provides robust detection, prevention, and alerting of IPS/IDS events
- Fine tuning the Firepower policies is tedious and time consuming
Read Jonathan Pauley's full review
Any network that contains sensitive customer or user information that has to have any ports open to the internet for any reason needs to have some kind of IPS/IDS solution. Cisco Firepower NGIPS is a Gartner Industry Leader and is very effective for the purpose, especially when combined with other Cisco Security platform solutions.
February 05, 2019
Score 7 out of 10
We use Sourcefire Defense Center to manage and deploy the Firepower software on our Cisco ASA 5500-X firewalls.
This adds layer 4-7 visibility to our networks edge.
This adds layer 4-7 visibility to our networks edge.
- Rules are based on the SNORT engine which has a tremendous base of rules.
- Helps protect your network and users by leveraging Talos Intelligence resources, like the domain and IP reputation databases.
- Allows you to define a policy which can then be applied to all FirePower devices in your networks.
- The performance is not always as good as you'd want. Some operations take the better part of a minute (drilling down in traffics analysis).
- Deploying or upgrading the FirePower software to the ASA firewalls takes a long time and deployment might fail without a clear reason.
Read Wouter Hindriks's full review
The only way to get layer 4-7 security on your Cisco ASA devices. The solution has a lot of potential but I think that it still needs work to perform better.
June 03, 2016
Score 10 out of 10
We utilize Sourcefire 3D to monitor network traffic at our egress points as well as our critical subnets within the infrastructure. We also have it inline at our egress points to drop packets that match specific signature sets. It helps us add a layer of security to our infrastructure by blocking and alerting on malicious traffic that matches various signatures such as CnC and Exploit Kits. This also helps us achieve PCI compliance.
- Low false positive rate as long as it is properly managed/tuned.
- Easy to manage and configure with the GUI.
- Support is great if assistance is needed.
- Wish additional modules were included such as FireAmp.
- Wish it was easier to include customized signatures if needed. Required to know how to code with Snort in order to add real customization.
Read Marc Uydess's full review
This is great for large and small organizations as they have different models and modules that fit every scenario.
Cisco Firepower NGIPS (formerly Sourcefire 3D) Scorecard Summary
About Cisco Firepower NGIPS (formerly Sourcefire 3D)
Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS) is an intrusion detection response system that produces security data and enhances the analysis by InsightOps. The technology replaces the former Sourcefire 3D IPS. Cisco acquired Sourcefire in 2013.
Categories: Intrusion Detection
Cisco Firepower NGIPS (formerly Sourcefire 3D) Technical Details