Location: Buy Product > Comparison Tool > Compare Cisco

Compare Cisco 



WatchGuard vs Cisco

XTM Firewall Comparison
Cisco logo
The old adage, “No one ever gets fired for buying Cisco” is showing its age. Cisco is not a true UTM: the ASA devices run either IPS or content security but not both. WatchGuard offers far more complete and in-depth security while still easily out-performing the ASA.

Price/Performance Comparison Graph for WatchGuard XTM vs. Cisco ASA:

WatchGuard Cisco Comparison

WatchGuard XCS Comparison

Please see below for details on WatchGuards XCS Products versus Cisco appliances. For more details on this comparison please contact us.

WatchGuard Cisco


• WatchGuard XCS 170, 370 and 570 appliances have been specifically designed for small to medium businesses to protect from email threats and prevent outbound data loss at an affordable price.

• These set‐and‐forget appliance models are built on the same enterprise‐class bi‐directional email security and data loss prevention capabilities of the XCS enterprise models and include the WatchGuard XCS defense‐in‐depth protection built on its proprietary 15+ year proven technology.

 • Cisco Spam & Virus Blocker’s SenderBase is a poor reputation system, blocking only 80% of inbound threats, and hence the appliance has to process more traffic than WatchGuard XCS.

• In comparison, because of the 98% block rate of ReputationAuthority, XCS is required to filter only 2% of traffic, freeing up the network to process significantly higher volumes of safe traffic only.

PERFORMANCE

• XCS delivers the highest performance in the industry, a fact that is constantly being demonstrated in head‐to‐head competitive situations where real‐world messages are being processed and delivered.

• XCS has been specifically architected to eliminate the processing bottlenecks that plague our competitors.

• Performance is enhanced by including ReputationAuthority, WatchGuard’s next‐generation reputation service, which eliminates more than 98% of all inbound threats at the connection level, resulting in better performance because it frees the system to process only legitimate, clean traffic.

• The on‐demand and zero‐admin clustering capabilities of XCS is designed to scale to meet the needs of any sized organization.

• XCS is the only product that protects every message against loss using its patented queue replication technology.

While Cisco is well touted for its high performance, its products rely on most of the messages being dropped by SenderBase. SenderBase relies on IP history and volume to assign a reputation score, resulting in an 80% (at best) block rate. This would mean that in a scenario where 1M messages are attempting to establish an SMTP connection, 200,000 messages would be cleared by SenderBase to enter the network. In comparison, WatchGuard's reputation service (ReputationAuthority) uses next‐generation technology that extends its filtering beyond DNSBL and volume to inspect the behavior of an IP and the content of the message before it assigns a reputation score. As a result, it is able to block more than 95% of unwanted traffic at the perimeter. As in the example above, where 1M messages are attempting to establish an SMTP connection, only 50,000 messages would be pushed through the XCS appliance for further examination and threat prevention.

SPAM DETECTION
• WatchGuard XCS uses a multi layered approach to spam detection.

• First layer of spam prevention is the WatchGuard ReputationAuthority, the only next‐generation reputation system. ReputationAuthority works in real time and makes its decisions based on content (including attachments), volumes, and IP behaviour analysis. ReputationAuthority rejects more than 98% of unwanted traffic and threats at the connection‐level, with only 1 in 1,000,000 false positives. This eliminates the need for the WatchGuard XCS to scan this traffic, improving performance and reducing bottlenecks.

• Second layer of spam prevention is the Intercept™ engine, the industry's most effective and mature anti‐spam technology (almost a decade of proven anti‐spam experience). XCS Intercept™ Engine is capable of learning and adapting to new spam campaigns, including blended threats, and uses a broad range of techniques to classify good mail from spam, including blocklists, sender reputation and behavior, content, contextual analysis, and a multitude of other heuristics in addition to those that Cisco uses to assign a spam score.

• Intercept Engine anti spam provides a solutions‐based approach where each anti spam component provides input to the final spam score of a message. Intercept can combine the results of several anti spam components to provide a better informed decision on whether a message is spam or legitimate mail while minimizing false positives. Information retrieved by all of the enabled anti spam components results in a more informed decision on whether the message is in fact spam or legitimate mail. Intercept is able to detect spam in any language and is the only product on the market with a patented approach for detecting image spam.

• Cisco claims that the key to their solution’s efficacy is data captured by its SenderBase® reputation service, dropping about 80% of the unwanted email. However, SenderBase is a 2nd generation reputation service that measures DNSBL and message volumes and performs no behavioral analysis. In fact, Cisco itself likens the SenderBase service to that of a “credit reporting service”, which we all know simply provides limited historical reputation rather than a detailed, content and contextual approach to assigning a behaviour score. The remaining messages are scanned using CASE (Context Adaptive Scanning Engine), their relatively new anti‐spam technology that was introduced in 2007. Cisco claims that CASE detects threats by analyzing four aspects of a message that together provide a spam score:

o Who sent the message and what do we know about this sender?
o Where does the call to action in the message take you?
o What is the nature of the message content?
o How was the message technically constructed?

• In reality, CASE is signature‐based, similar to AV, and accuracy depends on having the latest spam definitions; if the signatures are not up to date, the spam is not blocked.

FALSE POSITIVES
• WatchGuard XCS provides the lowest false‐positive rate on the market, as demonstrated in our head‐to‐head competitive opportunities.

• Since ReputationAuthority, the only next‐generation reputation system, makes decisions based on content, volume, and behavior, it produces a more accurate reputation score and results in an extremely low false positive rate.

• XCS's Intercept engine uses knowledge‐based intelligence to learn from messages being passed through the system to make decisions regardless of language and to recognize new spam threats and legitimate email, hence reducing false positives even further.

• As a result, XCS provides a 99.999% spam capture rate with 1 in 1,000,000 false positives.

• Cisco Spam & Virus Blocker also has a low false positive rate, although SenderBase (a 2nd‐generation reputation system), is subject to higher false positives because it relies simply on measuring IP history and message volumes ‐ not content ‐ to determine reputation.

• In comparison, because WatchGuard ReputationAuthority uses next generation technology, it provides a more accurate reputation score and results in significantly less false positives.

VIRUS PROTECTION
• WatchGuard XCS provides a multi‐layered approach to virus protection.

• First layer of defense is ReputationAuthority which drops all connections from known virus senders. Only ReputationAuthority tracks the IP address, domain and email address of virus, malformed message, and suspect attachment senders.

• Second layer of defense is the WatchGuard Threat Outbreak Control, the only automated system that pulls threat information in real‐time from ReputationAuthority to provide zero‐hour protection by quarantining suspicious payloads. Potential threats are quarantined and then rescanned when new AV signatures are available.

• Third layer of virus defense include the two most effective antivirus solutions on the market, powered by Kaspersky and McAfee, both of which have consistently rated 1st and 2nd in response time for providing AV signatures for new and emerging threats.

• Cisco Spam & Virus Blocker relies on Sophos technology for their AV signatures. Sophos is a mid‐range technology, as evidenced by 3rd party stats. In comparison, WatchGuard uses Kaspersky, which typically does better in 3rd party independent studies. In the short term, WatchGuard will be introducing a new Kaspersky technology (SafeStream), which will provide even faster anti‐virus protection to further increase our leadership in this area.

• In competitive situations where Cisco is positioning XCS’s reliance on KAV for anti‐virus as a disadvantage (for example, in US accounts where they do not want Russian technology deployed), as an alternative, WatchGuard offers McAfee AV as an add‐on subscription (additional cost).


Trade Up Offer!
New and existing customers can trade in earlier generation WatchGuard Firebox appliances or their current appliance-based solution manufactured by a competitor, and trade up to a new model at 25% off standard purchase price! For WatchGuard appliances that are going end of life, companies can utilise this offer for their migrated product.

Both current WatchGuard customers and users of other brands of security appliances alike earn 25% off the purchase of the latest technology available. The WatchGuard Trade Up Program allows you to replace your aging technology with the best WatchGuard has to offer, keeping you a step ahead of all the evolving threats against your business. For more details click here.

For a more detailed breakdown of each feature for WatchGuard firewalls against Cisco, please contact us via our enquiry form or call us on 0333 101 6000.