Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Darktrace vs Trellix Intrusion Prevention System comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.3%, down from 3.9% compared to the previous year. The mindshare of Darktrace is 19.5%, up from 17.8% compared to the previous year. The mindshare of Trellix Intrusion Prevention System is 3.3%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Syed Shahnawaz Hussain - PeerSpot reviewer
An IPS solution for security and protection but lacks stability
We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.
Peter-Murphy - PeerSpot reviewer
Enables proactive threat detection and immediate response through AI monitoring
The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation. Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures. Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.
Juan Muriel - PeerSpot reviewer
Protects from attacks in real-time and provides accurate threat intelligence updates
I rate the ease of setup a seven or eight out of ten. The platform functions very well. We need technical support to make improvements to the platform. The deployment takes eight months. We need two or three system engineers and one electronic engineer specialized in Trellix platforms to deploy the tool. We need only one system engineer to maintain the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"It is quite an intelligent product."
"The most valuable feature of this solution is the filtering."
"I like most of Cisco's features, like malware detection and URL filtering."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"The most valuable feature is the visibility that we have across the virtual environment."
"The most valuable features of Darktrace are its full capabilities. You have visibility of everything."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"The most valuable feature is the endpoint protection."
"We have found the product to be stable and issue-free."
"The solution is stable. We've never had any problems with it."
"I am impressed with the product's ability to give insights into network traffic."
"I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities."
"The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features."
"Overall the solution is very good. It offers great protection and gives us a good overview of what is on the network."
"McAfee NSP is much more stable than Cisco."
"The initial setup is straightforward."
"Great monitoring feature."
"The threat intelligence updates are very accurate."
"The ability to centrally manage all the IPS sensors, track the different security events generated by it, and customize the different policies, depending on their location."
"It has a lot of functions, such as firewall. We are administrators, and we create some rules to protect our network. We also monitor the traffic in and out and have disk encryption on-premises. When we detect malware, we scan for the virus on the PC. We can then delete or block the malware."
 

Cons

"We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."
"The implementation could be a bit easier."
"There are problems setting up VPNs for some regions."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"The customization of the rules can be simplified."
"The solution's approach to managing traffic blocking is confusing and impractical."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
"Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
"I think there is some MSSP missing."
"The pricing is a bit high for the region."
"The interface is too mathematical and it should be simplified."
"One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
"The technical support must be improved."
"The management component could be simplified."
"The technical support has room for improvement."
"The platform’s GUI could be the latest."
"There are limited resources for configuration guidance."
"The pricing could be improved."
"The solution needs to improve the graphical interface. And they had a limitation in some of the sensor modems as well."
"We would like to have a simpler version. Some settings and functions on the McAfee console are complex and complicated. I want the management console to be simpler."
 

Pricing and Cost Advice

"We have a three-year license for this solution."
"The cost is per port and can be expensive but it does include training and support for three years."
"Licensing for this solution is paid on a yearly basis."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"The cost of the solution can be reduced to make it more appealing to customers."
"The price of Darktrace is high and could be reduced. We pay approximately $30,000 to $54,000 annually."
"The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
"It is pretty expensive, but it is worth it. Its licensing is yearly."
"Darktrace is quite an expensive solution."
"All of the other modules, such as the licensing modules, are on par. It's one for one."
"In the ballpark, we're talking about $30K, $50K, and up. It can even be as much as $50K or $100K."
"Our customers feel that the price of Darktrace is quite high compared to other solutions."
"I rate the product’s pricing an eight out of ten."
"The tool is competitively priced."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
11%
Government
8%
University
8%
Computer Software Company
14%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other t...
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet tr...
What do you like most about McAfee Network Security Platform?
The threat intelligence updates are very accurate.
What is your experience regarding pricing and costs for McAfee Network Security Platform?
The tool is competitively priced. I rate the pricing a six out of ten.
What needs improvement with McAfee Network Security Platform?
Network Threat Behavior Analysis must be improved. The technical support must be improved. The support team must prov...
 

Also Known As

Sourcefire SNORT
No data available
McAfee Network Security Platform, McAfee NSP, IntruShield Network Intrusion Prevention System, IntruShield Network IPS
 

Overview

 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Desjardins Group, HollyFrontier, Nubia, Agbar, WNS Global Services, INAIL, Universidad de Las Américas Puebla (UDLAP), Cook County, China Pacific Insurance, Bank Central Asia, California Department of Corrections and Rehabilitation, City of Chicago, Macquarie Telecom, Sutherland Global Services, Texas Tech University Health Sciences Center, United Automotive Electronic Systems
Find out what your peers are saying about Darktrace, Check Point Software Technologies, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: March 2025.
842,767 professionals have used our research since 2012.