Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security? Due to key acquisitions over the years, both Cisco and FireEye possess a comprehensive suite of enterprise security solutions. In this article, we'll find out how they stack up against each other when it comes to continuous enterprise cyber threat protection.
Both vendors have been actively swallowing up smaller players to round out their cybersecurity offerings. In January of this year, FireEye picked up iSight Partners to augment its threat intelligence capabilities. This follows several other key purchases including the 2014 acquisition of Mandiant, a move that yielded FireEye an endpoint security platform and additional security intelligence for its existing product line. Cisco is of course perpetually in M&A mode, having picked up SourceFire for its next-generation intrusion protection system (IPS), firewall, and malware protection solutions in 2013. In light of these activities, how do the two vendors' solutions compare when it comes to protecting enterprises against cyber threats?
How much does a network equipment manufacturer know about security? A lot or a little, depending on who you ask. On the one hand, Cisco obviously deals intimately with issues on the data and network levels. At the end of day, however, the company is not a security vendor, per se. Cisco's acquisition of SourceFire clearly fills out a large missing security piece in its networking equipment line, enhancing its existing next-generation firewall products with SourceFire's Advanced Malware Protection (AMP) and Snort-based Next-Generation Intrusion Prevention System (NGIPS).
Milpitas, CA-based security vendor FireEye builds solutions that focus on network, email, endpoint, mobile, and content security. Additionally, it provides analytics and forensics through its consulting arm Mandiant (acquired in 2014). Its NX network security devices and HX series endpoint security solutions are widely considered best-in-class but have taken a hit recently following the discovery of several critical product vulnerabilities.
Side-by-Side Scoring: Cisco vs. FireEye
1. Capability Set
Both are leaders in their respective categories but FireEye focuses exclusively on providing cyber security solutions. In contrast, Cisco plays in the vast space of networking and digital communications and approaches security as an integral component of all its offerings. Its principle strategem for improving product line security has been strategic acquisitions, as opposed to engineering in-house; for example, its ASA-series NGFWs are heavily fortified by its advanced malware protection (AMP), FirePOWER Services, and Next Generation Intrusion Prevention System (NGIPS)—all former SourceFire products now integrated with Cisco's products.
FireEye has also expanded its security capability set with recent acquisitions, the biggest of which was Mandiant in 2014, followed by nPulse Technologies, iSIGHT Partners, and Invotas. Collectively, the capabilites gained through these acquisitions give FireEye an end-to-end platform for threat detection to activity (as it's happening) to a historical review of what happened, as well as a security incident response platform for handling intrusions.
2. Ease of Use
FireEye's NX-series devices are reportedly straightforward and easy to set up by operators, sysadmins, and network administrators. Cisco solutions require more expertise to deploy and manage. For example, proficiency with the CLI is advised for those configuring and deploying its Adaptive Security Appliance (ASA) line of products. And while Cisco does offer a simplified GUI-based firewall appliance manager—the Adaptive Security Device Manager (ASDM)—it is primarily recommended for small or simple deployments. Also keep in mind that ASDM is written in Java and could ultimately impact the security posture of the device.
Ease of Use
3. Community Support
Both Cisco and FireEye's security products are mature offerings with sizable customer bases across the globe. Community support and resources are therefore plentiful: FireEye maintains its own community portal while Cisco's Communities and Support Forums hold a wealth of support and experiential knowledge. Additionally, a plethora of 3rd party-maintained community websites exist to find solutions for more unique issues.
4. Release Rate
Both vendors' solutions are continually updated and patched—this is not surprising given the sheer number of installations across the globe. That said, Cisco is arguably at the mercy of larger market forces than FireEye when it comes to releases and product viability. For example, customers using the popular Cisco PIX Security Appliances were advised to migrate to the Cisco ASA 5500 Series, as the former is no longer supported.
5. Pricing and Support
Both Cisco and FireEye's products are priced appropriately as enterprise-grade solutions but can vary quite a bit on the low-end. For example, FireEye’s entry-level NX 900 appliance has a list price of $9,600, while the entry level Cisco ASA 5505 appliance goes for $1,500.00.
In terms of support, both vendors offer competent enterprise and paid support options.
Pricing and Support
6. API and Extensibility
Cisco provides a well-documented REST API for creating custom applications for configuring and managing individual Cisco ASA firewalls. Using standard HTTP methods, admins can access current configuration information and issue additional configuration parameters. Similary, FireEye provides APIs across most of its offerings, as well as integrations via API to third-party threat intelligence sources.
API and Extensibility
7. 3rd Party Integrations
Both Cisco and FireEye products are commonly integrated with 3rd party solutions to scaffold an organization's layered, continuous security framework. This includes integrating with popular SIEM solutions like Splunk, security incident response platforms, and application delivery controllers like Citrix's NetScaler ADC.
3rd Party Integrations
8. Companies that Use It
Cisco's products are ubiquitous. When it comes to the ASA line, there are more than one million appliances deployed globally. Some customers include Hertz, First American Financial Corp., Genzyme, and the Frankfurt Airport, among others. Similarly, FireEye products are in use by Fortune 500s across the world. Customers include Finansbank, Japan Advanced Institute of Science and Technology, Investis, and D-Wave Systems, among others.
Companies that Use It
9. Learning Curve
Cisco and FireEye security device configuration and management is not for the faint of heart. However, to get the most out of Cisco devices (e.g., Cisco ASA), it's recommended to forego the GUI for the CLI—which of course, presents a steep learning itself. Learning how deploy a rudimentary FireEye installation is trivial but can be difficult when dealing with more expansive infrastructures.
10. CSTAR Score
Per our external website scanner, Cisco scores an 884 while FireEye scores 836. Both companies have competent perimeter security measures in place and score strong in areas such as communications security and legal/industry landscape.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|CSTAR Score||884 (Good)||836 (Good)|
|Total||4 out of 5||4.2 out of 5|
Despite years of competition between the two, FireEye has long been a rumored acquisition target for Cisco—in fact, speculation around the latter's plans for buying the security vendor have resurfaced earlier this year. Indeed, missed earnings and steadily tumbling stock prices—brought on at least in part by recent critical vulnerabilities discovered in FireEye's security products—making it a prime buyout candidate.
When it comes to continuous security, firewalls and network devices only form one part of the equation. A strong security posture requires that all IT assets in your environment—including Cisco and FireEye appliances—are regularly scanned and monitored for misconfigurations and vulnerabilities. Regardless of how expansive or disparate your firm's infrastructure is, UpGuard's platform for cyber resilience can provide this integrity validation across all systems—security devices, switches, IoT devices, web apps, and more.
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Article >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Article >