Cisco's modernization of one of their staples is as good as ever
Overall Satisfaction with Cisco Secure Firewall
Our organization uses Cisco Secure Firewall to protect our enterprise network. It has a ton of features that are very straightforward to use. It allows us to easily setup Access Lists determining what few services we let in. We also use Malware filtering, file inspection, and URL filtering to protect our public. Cisco Secure Firewall allows us to NAT our devices and servers that need an external connection, and even allows for different virtual interfaces to be setup as gateways for internal subnets.
Pros
- Easy to update configurations
- Automated backup and failover
- Intuitive Access Control
Cons
- Interface can be slow.
- Current version is buggy in regards to tracking connection events.
- File inspection isn't always intuitive to set up.
- An external logging system is required for true insight into activity.
- This product is great for inspection and normal firewall controls.
- If there's a bug in it, it can take a lot of resource time to chase it and work around it.
- Deciphering which data is useful has taken a bit of time and trimming.
- Updates are regular and easy to perform.
We have had great results with our Cisco Secure Firewall. Like all businesses, we are constantly having to ask it to do more, and it always seems up to the task. We have inspection turned on, and it doesn’t seem to bog anything down. Basically, the only bottlenecks created by our Cisco Secure Firewall come from physical throughput capacity as opposed to performance issues.
We try to use some of the analytics, but I would say analytics and logs are probably the Cisco Secure Firewall’s greatest weakness. We had to stand up an Elastic stack primarily to get us insight into firewall activity because the built-in tools are too unreliable. We don’t use the VPN feature.
- Cisco ASA and Cisco ASA 5500-X with FirePOWER Services
The single pane of glass and straightforward interface make[s] Cisco Secure Firewall an upgrade in regards to usability over the ASA in my book. Configuring, auditing and upgrading are all easily doable and learnable, and the systems seem are very reliable. The inspection features and policy GUIs alone make it worth the switch in my opinion.
Do you think Cisco Secure Firewall delivers good value for the price?
Yes
Are you happy with Cisco Secure Firewall's feature set?
Yes
Did Cisco Secure Firewall live up to sales and marketing promises?
Yes
Did implementation of Cisco Secure Firewall go as expected?
Yes
Would you buy Cisco Secure Firewall again?
Yes
Cisco Secure Firewall Feature Ratings
Cisco Security
Security is part of all of our processes, not an add on. We make it part of our daily work to improve our posture whenever possible. Cybersecurity goes hand and hand with availability and providing services to our customers, so cybersecurity is intertwined with and a part of any investment we make, and quality, manageable firewalls are part of that.
Cisco is a proven name in the IT industry, particularly when it comes to switching and firewalls. We had successfully used Cisco’s ASA Firewall for years, so they had a definite lead when it came time to upgrade. Cisco’s NGFW offering in Firepower, with it’s ease of management and versatility made it a fairly easy decision.
Cisco’s proven track record in our organization and the ease of management were huge factors, but the versatility really won us over. The options for licensing inspection, security intelligence feeds, content filtering and possible VPN made it a pretty easy decision at the time. I’m sure other vendors have caught up, but it’s hard to beat what you know, especially when it works so well.
It will definitely be the proverbial two edged sword. AI should drastically assist and improve automation and defenses, helping the defenders…but threat agents also have AI to assist with end arounds and attempts to breach. Basically I think the game just got faster, and it’s up to the good guys to focus on tuning and turning out quality software to help with the defense.
We are not using this as of yet.
Resilience and Reliability
I believe resilience is one of the key factors in cyber security. It’s not about ‘whether’ you’ll have an incident, it’s about how you recover and how bad you let it be when it happens. Resilience is going to determine whether you have to shut your doors after an event or not.
Leaders can build more cyber resilience by utilizing multiple and multi-faceted layers. Following the standard cyber model and utilizing layers such as edge, end point protection, physical layers, etc are all definitely part of it. But layers of firewalls, network detection and inspection are also huge pieces, with training your people being the biggest investment you should make.
- We use it to filter adult content for our public networks.
- We are able to block some applications and use exceptions for certain users.
Comments
Please log in to join the conversation