Hello fellow Networkadmins, I have a simple question and would like some oppinions from you all.
I see a lot of heat on Cisco Firepower (and from what I have seen/experienced it is deserved) and most of the time someone will suggest going to PA. I wonder why?
For example, do you all realise that PA is not really a 0-day protection? PA does not do Store-And-Forward (afaik their architecture is incapable of this). All files/malware without a signature will pass the firewall for the first time. Their Sandbox will evaluate the file and generate a signature within a certain time (PA claims 5 Minutes) and will only protect against subsequent files of this type. In the meantime the original malware is already doing its thing in your network. ( Wilfire Signatures).
On top of that, they are not really cheaper than their competition... ;)
So, why?
No comments:
Post a Comment