Cisco Sourcefire SNORT Reviews

Name: Cisco Sourcefire SNORT
Brand: Cisco
Rating: 3.8 (19 reviews)

Vendor: Cisco

3.8 out of 5

19 reviews
95% willing to recommend

1,369 followers

What is Cisco Sourcefire SNORT?

Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

Get the Cisco Sourcefire SNORT Buyer's Guide and find out what your peers are saying about Cisco Sourcefire SNORT, Darktrace, Vectra AI and more!

Cisco Sourcefire SNORT is the #10 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Cisco Sourcefire SNORT an average rating of 7.6 out of 10. Based on the analysis of the 19 most recent Cisco Sourcefire SNORT reviews, the overall sentiment is positive, with a sentiment score of 7.4. Cisco Sourcefire SNORT is most commonly compared to Darktrace: Cisco Sourcefire SNORT vs Darktrace. Cisco Sourcefire SNORT is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.

Buyer's Guide

Cisco Sourcefire SNORT

November 2024

Get the report

Helped 816,636 peers since 2012

Featured reviews

Jack Poon

Treasury Specialist at Dah Sing Bank

When it comes to the product's deployment phase, we have a lot of vendor support. We have a lot of skills here in Hong Kong. Our company doesn't find any problem deploying Cisco solutions. The solution is deployed on an on-premises version. Speaking about the time required to deploy the solution, I would say that we have quite a lot of previous experience with deploying Cisco products. We have our company's standard design document, which we need to follow. We have a standard testing procedure for all those features. We just take out some appropriate parts and then compile them into one document for an individual project. It is actually quite easy for us to do the documentation, so it just takes one or two hours, and we can do the implementation because all the materials and testing procedures are already in our company standard documents, so it is not that difficult for us.

Read full review

Syed Shahnawaz Hussain

Sr. Executive Design Engineering Team at a comms service provider with 1,001-5,000 employees

We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.

Read full review

Carlos Reis

Network Security Engineer at New Era Technology

It provides a centralized platform using Cisco. SNORT is integral to the database. The primary function is expanding the database. As nodes transition, adjustments are made to SNORT, further enhancing its capabilities. It plays a crucial role in managing various protocols. Cisco Sourcefire SNORT is expected to offer improved management capabilities within the ACP. However, navigating the ACP settings can be challenging, particularly when dealing with default configurations. Additionally, upgrading devices may receive unfamiliar database updates from the FMC, such as ETB. This can lead to confusion and necessitate careful handling to ensure proper integration and functionality. Changes in Cisco Sourcefire SNORT, particularly in application settings, can have significant impacts. For instance, transitioning from one application setting to another, such as from a large-scale deployment to a maximum setting, can disrupt operations. This disruption is particularly challenging because it affects various rules and configurations for different applications. It's essential for Cisco to streamline the process of managing these changes, possibly by providing more user-friendly interfaces or tools, as relying solely on technical support can be cumbersome. Specifically, when discussing SmartOps, the complexity of managing configurations and settings becomes apparent, highlighting the need for simpler, more intuitive solutions. When working with Cisco Sourcefire SNORT, creating your profile files and meticulously tracking your activities is essential. When starting out with SNORT and adjusting migration rules, it's crucial to exercise caution and understand the potential impact on the business. Sometimes, you need to put your network into 'inline mode' to observe the traffic and understand what's happening on your network. Enabling this mode allows you to see what's passing through your network. There are some tools we use to analyze specialized traffic. We recently encountered a situation in which Cisco SQL traffic was blocked because of SNORT. It provides good analysis and outputs. You can see everything if you're attached to intrusion testing in the FMC; its database is good. The strength of SNORT, coupled with its integration with the firewall, works well. The database from SNORT contains a lot of data, and it's not just a single tool requirement. Dealing with all this data can be challenging. Firepower had some options like that that couldn't be blocked. Then, you can start to see improvement. We encountered an issue where certain features were blocked after migrating from SNORT version two to three. Despite our efforts to ensure progress, some problems arose, particularly related to the network analysis policy. This occurred even before transitioning to Sourcefire; within the engine, some traffic passing through SNORT faced issues. When migrating to version three, Cisco had to release a patch to address this problem and give you an idea. Overall, I rate this solution an eight out of ten.

Read full review

Cisco Sourcefire SNORT mindshare

As of November 2024, the mindshare of Cisco Sourcefire SNORT in the Intrusion Detection and Prevention Software (IDPS) category stands at 3.2%, down from 4.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Intrusion Detection and Prevention Software (IDPS)

Key learnings from peers

Last updated Nov 21, 2024

Valuable Features

"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."

Room for Improvement

"I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced."
"The solution's approach to managing traffic blocking is confusing and impractical."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."

Pricing

"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"The cost is per port and can be expensive but it does include training and support for three years."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Cisco Sourcefire SNORT Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

22%

Financial Services Firm

10%

University

Government

Manufacturing Company

Healthcare Company

Comms Service Provider

Retailer

Educational Organization

Real Estate/Law Firm

Construction Company

Energy/Utilities Company

Wholesaler/Distributor

Transportation Company

Insurance Company

Non Profit

Aerospace/Defense Firm

Media Company

Legal Firm

Recreational Facilities/Services Company

Outsourcing Company

Printing Company

Non Tech Company

Hospitality Company

Recruiting/Hr Firm

Compare Cisco Sourcefire SNORT with alternative products

Learn more about Cisco Sourcefire SNORT

Cisco Sourcefire SNORT was previously known as Sourcefire SNORT.

Product Video

Cisco Sourcefire SNORT customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia