Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
N/A
CrowdSec
Score 7.9 out of 10
N/A
CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time worldwide. It is an open-source & collaborative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks. It also enables users to protect each other. Each time an IP is blocked, all community members are informed so they can also block it. That way, they are generating a real-time crowdsourced CTI database.
N/A
Pricing
Cisco Adaptive Security Appliance (ASA) Software
CrowdSec
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Adaptive Security Appliance (ASA) Software
CrowdSec
Free Trial
No
No
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Cisco Adaptive Security Appliance (ASA) Software
CrowdSec
Features
Cisco Adaptive Security Appliance (ASA) Software
CrowdSec
Firewall
Comparison of Firewall features of Product A and Product B
Cisco Adaptive Security Appliance (ASA) Software
7.8
Ratings
10% below category average
CrowdSec
8.2
Ratings
5% below category average
Identification Technologies
6.50 Ratings
8.00 Ratings
Visualization Tools
6.50 Ratings
8.00 Ratings
Content Inspection
8.00 Ratings
8.00 Ratings
Policy-based Controls
9.00 Ratings
00 Ratings
Active Directory and LDAP
7.50 Ratings
00 Ratings
Firewall Management Console
7.50 Ratings
00 Ratings
Reporting and Logging
5.90 Ratings
8.00 Ratings
VPN
9.00 Ratings
00 Ratings
High Availability
9.00 Ratings
00 Ratings
Stateful Inspection
9.00 Ratings
8.00 Ratings
Proxy Server
8.00 Ratings
9.00 Ratings
Best Alternatives
Cisco Adaptive Security Appliance (ASA) Software
CrowdSec
Small Businesses
pfSense
Score 9.9 out of 10
pfSense
Score 9.9 out of 10
Medium-sized Companies
Quantum Firewalls and Security Gateways
Score 9.6 out of 10
Quantum Firewalls and Security Gateways
Score 9.6 out of 10
Enterprises
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Score 10.0 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
We moved our operations entirely to the cloud a few years ago. We loved the stability and scalability of the ASA and wanted to, somehow, keep using it. We discovered that ASA was available in the cloud as well and it was branded ASAv. We tested it and noticed that it was equally robust and a perfect fit for us. During the entire migration period, we used ASAv for cloud operations and put a lot of load on it. ASAv performed very well and gave us an easy transition from on-prem to the cloud.
Since I've only used CrowdSec in a homelab/small-medium sized business setup, that's really the only market I can safely recommend it and say it's well suited for, because I don't know how much it would cost to run it in an enterprise environment. I've heard some pricing and how they plan on rolling out a subscription model, but it's still in talks. Either way, if you have publicly exposed web applications hosted locally or on a virtual private server, then CrowdSec should be part of every virtual machine and/or network. Even with the lmited number of filter you get out of the free subscription, it provides a nice layer of constantly updated data,
Provides great integrations with tools you already use, such as fail2ban, Cloudflare, WordPress, NGINX, Linux Firewalls, etc.
Lightweight agents can run on individual servers and report to a main security engine so that if there's an attack on one server and a block is implemented, the entire network can be protected
There are a lot of ways to receive alerts and store logs
CrowdSec Central API is a nice way to manage everything externally
The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
Getting CrowdSec to run on OPNsense can be a challenge, but that's also a limitation of the OS
You can only subscribe to a couple of feeds before paying an unknown amount of money that's part of their "Enterprise" package. So, there could be better transparency.
To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products
I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency.
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment
Cisco has made it easy to buy, set up, and manage all of our firewalls with the central FirePower Management Center. All licensing is done via one license portal too. Tech support is standardized for all ASA devices and like support engineers who know the different models to provide timely help for any issues. Cisco Talos is a premier could platform which scours the internet looking for threats and develops protections for the ASA's and as such provides zero second coverage when it best can detect global issues.
The 5510 is still being used in one of our setups, and still doing its job this is a lot of Return on Investment.
We have managed to turn around projects quickly because most of our engineers understand this firewall very well. We deploy them in a matter of minutes[.]