Try our new research platform with insights from 80,000+ expert users
Art Astafiev - PeerSpot reviewer
Information Systems, Manager - Network at a government with 1,001-5,000 employees
Real User
Top 10
Protects your network against various threats
Pros and Cons
  • "Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
  • "I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."

What is our primary use case?

We use Cisco Sourcefire SNORT for intrusion prevention cases.

Within our organization, there are roughly 1,000 people using this solution.

What is most valuable?

Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly.

What needs improvement?

I did not experience any pain points that required improvement. Maybe a couple of false positives, but that's about it.

For how long have I used the solution?

I have been using this solution for roughly four years.

Buyer's Guide
Cisco Sourcefire SNORT
December 2024
Learn what your peers think about Cisco Sourcefire SNORT. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,168 professionals have used our research since 2012.

What do I think about the stability of the solution?

Cisco Sourcefire SNORT is stable.

What do I think about the scalability of the solution?

Cisco Sourcefire SNORT is scalable.

How are customer service and support?

The technical support is very good.

How was the initial setup?

The initial setup was very straightforward. Deployment took roughly two months.

What about the implementation team?

We used a reseller to help us with deployment.

Which other solutions did I evaluate?

We did evaluate other solutions before choosing Cisco Sourcefire SNORT.

What other advice do I have?

I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment.

Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
NetworkE4b4a - PeerSpot reviewer
Network Engineer at a individual & family service with 10,001+ employees
Real User
Enables us to prevent and detect intrusion in our network and actually decrease our SLA
Pros and Cons
  • "Solid intrusion detection and prevention that scales easily in very large environments."
  • "Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."

What is our primary use case?

Our primary use for the solution is security, mostly in intrusion prevention.

How has it helped my organization?

With Cisco Sourcefire SNORT, we've been able to prevent and detect intrusion in our network and actually decrease our SLA (Service Level Agreement).

What is most valuable?

For us, the scalability of the solution is really useful. We were able to rebuild our network recently and we plan to add another 500 nodes throughout South America.

What needs improvement?

One addition to the current product that I think would be helpful is if it was integrated into the Cisco DNA Center. Between their security side, their routing, and the wireless side, they kind of have a gap. If they could bridge the gap and integrate all those in the DNA Center, I think that would be a good goal and something useful to users.

What do I think about the stability of the solution?

We haven't had any problem with the stability of the solution so far. It's been a solid platform and considering how quickly we scaled without any major issues, the stability really speaks for itself.

What do I think about the scalability of the solution?

When we recently upgraded our network the scalability of the product became obvious. We're planning to add about 500 extra nodes throughout South America and we're able to scale the platform to be able to utilize the solutions.

How are customer service and technical support?

I honestly haven't had to use technical support that much because we haven't had that many issues. I guess that says something about the quality of the product when you don't need to use tech support in an installation as large as ours.

Which solution did I use previously and why did I switch?

The main reason why we switched to this solution had to do with growth. We were growing at a very high rate at the time so we needed a solution that could handle a much larger architecture reliably. This was just one of the options that we were looking at and we really thought we'd benefit from the top-notch solution that the platform was.

How was the initial setup?

The initial setup was fairly simple. We did it a couple of years ago but I remember it went well. It was, I think, a three-month project and rolled over pretty easily into our expansion.

What about the implementation team?

The initial implementation was done with the assistance of a consultant. I don't remember the name of the group but it was a good experience. We enjoyed their experience and assistance very much.

Which other solutions did I evaluate?

There were a couple of other products that we considered at the time. None of them made it very far in the process because they just didn't have a lot of the capabilities that we were looking for. Cisco came out on top.

What other advice do I have?

I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use.

The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Sourcefire SNORT
December 2024
Learn what your peers think about Cisco Sourcefire SNORT. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,168 professionals have used our research since 2012.
PeerSpot user
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Intelligent with good threat detection capabilities but could be easier to implement
Pros and Cons
  • "It is quite an intelligent product."
  • "The implementation could be a bit easier."

What is our primary use case?

The product is primarily used for an IDS, Intrusion Detection Software, element.

What is most valuable?

You can do a lot of feasibility in terms of SSLI configuration which can be enabled.

You can encrypt and encrypt your data through Cisco Sourcefire so that your IPS solution can be effectively utilized.

Users have access to intelligent security automation as one of the features. It can easily automate your event impact assessment and your IPS policy tuning can be done as well as your network behavior analysis. They have introduced this intelligent security automation as part of that and then you can do a real-time contextual awareness. Basically, you can see a correlation of events that are created on your application, user devices, operating systems, or vulnerabilities. All of this real-time data can be captured including on your apps and port scans.

It is quite an intelligent product.

It can look into your north-south traffic in case of IPv6 attacks, DOS attacks, or buffer overflow. They say that it also supports against zero-day threats and items like that. They are up-to-date in terms of their threat protection, anti-bot, antivirus, and all kinds of signatures.

They have something called Firepower, which is advanced threat protection that they offer. It's a new subscription which we use for additional malware protection. It offers blocking capabilities and continuous analysis.

The solution is very stable.

What needs improvement?

The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it.

The implementation could be a bit easier.

As long as they continue to develop security features to protect our company, they will be doing quite well.

For how long have I used the solution?

I've been using the solution for six months at this point. It's been less than a year and hasn't been that long.

What do I think about the stability of the solution?

It is quite a stable product. We have not seen many issues with this product. We haven't seen crashes or glitches or bugs. Since we have just started to use this product, we need time to understand the stability for a longer period. It's only been around six months, and we are just implementing it now across a few locations.

What do I think about the scalability of the solution?

The solution is pretty scalable. The throughput, however, depends on what kind of appliance you are buying. For example, you can have 50 Mbps to 40 Gbps of throughput. Currently, we are using 100 Mbps and, at a couple of smaller locations, we are using 50 Mbps of a throughput receiver.

We're implementing it across locations currently. We're implementing it on an enterprise level. We have close to around 15 major locations, wherein we are using it to align devices that are hosted in our data center or in our critical locations.

As we are still in the early stages, we do plan to continue to use the solution in the future.

How are customer service and technical support?

Technical support is quite fast. Cisco is quite a big company and their support contract is there with us. We use a lot of Cisco products and therefore we have platinum support for everything. Due to our level, we get immediate support from Cisco on all of our Cisco products. We're quite satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

We were previously using IBM IPS. We switched due to the fact IBM wasn't really working for us. It couldn't help us solve most of our issues and the devices which we bought were also quite old. It didn't have the option of SSL encryption and other things in it. Due to all of these limitations, we decided to move away from IBM.

How was the initial setup?

The initial implementation is pretty straightforward. It's just an appliance. We are using an appliance and it is predominantly for SSL encryption. We have a lot of applications on the cloud and on the web application. 

Your IPS, DLP, everything can be done on a single appliance itself. Predominantly, we are using it for SSL encryption to a larger extent. 

It doesn't take much time for installation. It depends on what you want to and what traffic you want to allow on Sourcefire. 

For example, if I have a proxy path, where my users are accessing through a proxy path, that traffic needs to be encrypted. In cases where I have a direct path, and if I have a CMD path, it depends on where exactly you want to enable your SSL encryption or which data needs to be analyzed and used. If you have too many paths from which the users are accessing the data, then it is important that you use all the paths. If you are using it on a single path and if there are no other kinds of encryption used there, then obviously it doesn't make sense. If your traffic is going from north-south traffic, then you can use its product to ensure that your encryption and other tasks are happening.

We only need maybe one or two people for maintenance. Our data center specialist can handle the device. After implementation, it is just a configuration of our traffic. One or two people are more than enough.

What about the implementation team?

Cisco is currently helping us with the implementation process.

What's my experience with pricing, setup cost, and licensing?

We bought the appliance, which comes with a license as well.

While I don't know the exact pricing, most of these products are through subscription. In our case, we bought the complete appliance with the software with it. It does not run with any Cisco item, as we have bought the entire appliance. The three-year warranty of the appliance is there. It does not contain any licenses except for the software license and the hardware licenses which are a part of it. It's a three-year contract which we have bought.

What other advice do I have?

The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release.

I'd recommend the solution to other organizations.

Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1200357 - PeerSpot reviewer
Team Lead Manager with 501-1,000 employees
Real User
Straightforward setup, easy to use, and very stable
Pros and Cons
  • "The solution is rather easy to use."
  • "While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."

How has it helped my organization?

The solution has improved our organization in terms of management. We don't need to have too many resources when it comes to managing it, unlike previously, when we had the IPS. It was a nightmare trying to download the signatures, and uploading them, was also a nightmare. This solution makes life a lot easier. There's fewer man-hours required.

What is most valuable?

The solution is rather easy to use. 

The signatures are uploaded and there's a set of recommended ones that we are using, which makes a lot easier than having to configure individual signatures together.

What needs improvement?

While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive.

For how long have I used the solution?

I've been working with the solution for a long time. It's been about five to six years at this point.

What do I think about the stability of the solution?

There are no bugs or glitches. The solution doesn't freeze. It doesn't crash. It's reliable. It's very stable.

What do I think about the scalability of the solution?

In terms of scalability, I've not really had to look into it due to the fact that the devices we have are accurate for our purposes. I can't really say a lot about scalability because I've not had to. I'm sure they have got configurations where you can maybe put two or three together to scale it up if you need to.

How are customer service and technical support?

We've only reached out to technical support once when we had to do an upgrade. The team at Cisco was very helpful. They were responsive and knowledgable. We were quite happy with the level of service we were provided.

How was the initial setup?

The initial setup was not complex at all. It was very straightforward. We were able to handle it easily.

Deployment, in total, took about a week.

What other advice do I have?

We're just an end-user of the service. We don't have a business relationship with Cisco.

The hardware we're using is still old. We bought it when the product was not under Cisco. That said, obviously, Cisco has now updated the product with new hardware. However, we've still got the old hardware. 

I would advise other organizations to go ahead and try the solution out. It's a good product. It's very straightforward and easy to implement especially when you compare it to other systems.

I'd rate the solution eight out of ten overall. If they offered better and more detailed alerts, I would rank them higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Operations Expert at Asiacell
Real User
Known bugs consume memory and CPU resources to the point where we are seeking a new solution
Pros and Cons
  • "The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
  • "We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."

What is our primary use case?

The primary use of this solution is intrusion prevention, for both user-to-server traffic, and server-to-server traffic.

Most of our environment is Cisco including ISE, our access control, routers, switches, call center, and TelePresence.

How has it helped my organization?

The current solution that we are using is actually a bottleneck for us. It is negatively impacting our performance because it cannot handle our traffic. The SSL offloading did not work and gives us an error regarding resources in terms of memory and CPU. 

Other than the performance issue, this product is very good because it prevents many attacks and intrusions. We have seen this from the monitoring logs. Unfortunately, with the issue related to the system slowing down, it cannot be utilized 100%. I would like to be able to use the SSL offloading and the anti-malware features.

What is most valuable?

The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that. It can tune its IPS rules automatically based on what it has learned. This feature is not available in other IPS solutions, so it is very beneficial for us. Manually tuning the IPS rules is difficult because we have thousands of them.

What needs improvement?

We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco.

Sourcefire SNORT is very resource heavy in terms of CPU usage and memory consumption. Technical support has told us that this is related to bugs that have yet to be fixed.

For how long have I used the solution?

We have been using Cisco Sourcefire SNORT for three years.

What do I think about the stability of the solution?

What we are using now is not very stable and it results in performance issues that are related to memory and CPU consumption.

What do I think about the scalability of the solution?

Scalability-wise, I can see that Cisco is one of the leaders in IPS solutions. However, I cannot comment on it personally because I have not used products by other vendors for this use case.

We have many thousands of machines that are being monitoring by my team, cybersecurity. All of the production traffic goes through Sourcefire. Because of the performance issues, we are unable to use all of the features. For example, we cannot use the SSL policy or the AMP policy.

Which solution did I use previously and why did I switch?

We did use another product prior to Cisco Sourcefire SNORT but it was before I joined the company and I am unable to comment on it.

How was the initial setup?

The initial setup is straightforward and the configuration is easy.

We implemented this solution in stages because it could not be done all at once.  It took us perhaps just over a month to finish moving all of our servers from IDS to IPS, from detection to prevention.

What about the implementation team?

Our own team was responsible for the implementation. I handled all of it myself.

What other advice do I have?

A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably.

I would rate this solution a one out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Networking and Security Engineer at IE Network Solutions PLC (Ethiopia)
Real User
Has good malware detection and URL filtering features and technical support is good
Pros and Cons
  • "I like most of Cisco's features, like malware detection and URL filtering."
  • "I don't think this solution is a time-based control system, because one cannot filter traffic based on time."

What is our primary use case?

Our primary use case of this solution is as a firewall, as an access control. We don't use it as access detection or as an intrusion prevention system, because we didn't configure it as a detector.

What is most valuable?

I like most of Cisco's features, like malware detection and URL filtering.

What needs improvement?

I don't think this solution is a time-based control system, because one cannot filter traffic based on time. 

For how long have I used the solution?

I have you been using this solution for about two years now.

What do I think about the stability of the solution?

Sometimes it has an object priority, like priority for users. Sometimes the cloud agent and the host device for the center, fails to update or to cache the objects from the cloud.

What do I think about the scalability of the solution?

The solution is scalable and I think it can be integrated with some Cisco devices and other third party devices.

How are customer service and technical support?

If you compare it to other vendors, the technical support from Cisco is excellent. 

How was the initial setup?

The initial setup is quite complex and some set parameters are definitely needed. However, the more you try it, the easier it gets. When we push a specific policy, it takes from two minutes up to five minutes to deploy. So it depends on the deployment configuration. For the general deployment, it depends on the expert. 

What other advice do I have?

The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature.

What's more, some of the configurations are a little bit complex, like the mapping.  It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company.

On a scale from one to 10, I will rate this solution an eight. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief technology officer at Next Generation Systems Nigeria Limited
Real User
A great firewall with advanced malware protection and URL filtering
Pros and Cons
  • "Cisco technical support is unbeatable. It offers a premium service every time."
  • "The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."

What is our primary use case?

We primarily use the solution as security on either side of the VPN.

What is most valuable?

The ability to roll out the services is an excellent aspect of the solution. They have advanced malware protection for URL filtering. I like working with both of these features.

What needs improvement?

The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market.

For how long have I used the solution?

I've been using the solution for eight years.

What do I think about the stability of the solution?

The solution has a considerable amount of stability.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and technical support?

Cisco technical support is unbeatable. It offers a premium service every time.

What other advice do I have?

We typically work with the on-premises deployment model.

Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product.

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1259517 - PeerSpot reviewer
Network Engineer at a tech services company with 501-1,000 employees
Real User
Reliably filter URLs and malware, easy to manage and has good support
Pros and Cons
  • "The URL filtering is very good and you can create a group for customized URLs."
  • "There are problems setting up VPNs for some regions."

What is our primary use case?

Our primary uses for this solution are URL filtering and malware filtering.

How has it helped my organization?

Sourcefire SNORT has been good for us.

What is most valuable?

The most valuable feature is reliability. This solution is better than Check Point.

The URL filtering is very good and you can create a group for customized URLs. 

Cisco SNORT is easy to manage.

What needs improvement?

There are problems setting up VPNs for some regions. There are cases where they are permitted in Sourcefire but blocked in Check Point. 

There are some outside ports that are allowed by default but should not be.

It would be helpful if a list of third-party services were listed so that the rules could be easily added. An example of this would be a ticket booking site. It would be in a list of services and selecting it would allow transactions with that site.

For how long have I used the solution?

I have been working with Sourcefire SNORT for six months.

What do I think about the stability of the solution?

There are some bugs in this solution and troubleshooting them is complicated.

What do I think about the scalability of the solution?

The scalability of this solution is good.

How are customer service and technical support?

The technical support is good and is better than Check Point.

Which solution did I use previously and why did I switch?

We are also using Check Point but it does not work as well as Sourcefire SNORT, which is why we are switching. For example, customized URLs do not work in Check Point. Check Point is also more complex.

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

This is a good solution and one that I would recommend to others.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Sourcefire SNORT Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cisco Sourcefire SNORT Report and get advice and tips from experienced pros sharing their opinions.