Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Darktrace vs Trellix Intrusion Prevention System comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.3%, down from 3.9% compared to the previous year. The mindshare of Darktrace is 19.5%, up from 17.8% compared to the previous year. The mindshare of Trellix Intrusion Prevention System is 3.3%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Jack Poon - PeerSpot reviewer
Offers ease of setup and good documentation
When it comes to the product's deployment phase, we have a lot of vendor support. We have a lot of skills here in Hong Kong. Our company doesn't find any problem deploying Cisco solutions. The solution is deployed on an on-premises version. Speaking about the time required to deploy the solution, I would say that we have quite a lot of previous experience with deploying Cisco products. We have our company's standard design document, which we need to follow. We have a standard testing procedure for all those features. We just take out some appropriate parts and then compile them into one document for an individual project. It is actually quite easy for us to do the documentation, so it just takes one or two hours, and we can do the implementation because all the materials and testing procedures are already in our company standard documents, so it is not that difficult for us.
Peter-Murphy - PeerSpot reviewer
Enables proactive threat detection and immediate response through AI monitoring
The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation. Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures. Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.
Juan Muriel - PeerSpot reviewer
Protects from attacks in real-time and provides accurate threat intelligence updates
I rate the ease of setup a seven or eight out of ten. The platform functions very well. We need technical support to make improvements to the platform. The deployment takes eight months. We need two or three system engineers and one electronic engineer specialized in Trellix platforms to deploy the tool. We need only one system engineer to maintain the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is stable."
"The most valuable feature is the visibility that we have across the virtual environment."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"The URL filtering is very good and you can create a group for customized URLs."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"It is quite an intelligent product."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The most valuable feature of Darktrace is its ability to detect and counter threats before they occur."
"The solution can scale."
"The autonomous mode, which is the Antigena AI response, is particularly valuable."
"The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection."
"The features that are most valuable to me include detection, response with analytics, and network detection."
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
"The main valuable feature is that we don't need a lot of analysts. With few analysts, we have all the network monitored, 24/7."
"We liked their approach to identifying intrusions or network anomalies using AI."
"The most valuable features are the customization of the signature and the unlimited amount of signatures in IPS."
"The initial setup is straightforward."
"McAfee NSP is much more stable than Cisco."
"The solution can scale."
"The threat intelligence updates are very accurate."
"The ability to centrally manage all the IPS sensors, track the different security events generated by it, and customize the different policies, depending on their location."
"The most valuable features of the solution stem from the fact that it is a good product for dealing with DDoS attacks and for the inspection of network traffic."
"There's a good dashboard you can drill down into. It helps you easily locate intrusions and the source of attacks."
 

Cons

"Performance needs improvement."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"There are problems setting up VPNs for some regions."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"If the price is brought down then everybody will be happy."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"The cloud can be improved."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"A reporting portal could be a great addition to help customize reports."
"Darktrace could improve its features, such as monitoring and detecting ransomware."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"I think there is some MSSP missing."
"I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"It is expensive, but everything else has been great so far."
"There are limited resources for configuration guidance."
"The management component could be simplified."
"Some of the documentation is not as straightforward as it could be."
"The technical support has room for improvement."
"The Network Security Managers could be more stable, agile, and work faster. When it comes to instability, there is room for improvement."
"The technical support must be improved."
"We would like to have a simpler version. Some settings and functions on the McAfee console are complex and complicated. I want the management console to be simpler."
"The area of concern where the tool needs improvement is how the product prompts users at a network level that helps prevent any wireless network attacks through alerts and notifications."
 

Pricing and Cost Advice

"Licensing for this solution is paid on a yearly basis."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"The cost is per port and can be expensive but it does include training and support for three years."
"We have a three-year license for this solution."
"We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once. Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution."
"The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
"This solution is expensive."
"All of the other modules, such as the licensing modules, are on par. It's one for one."
"The cost of the solution can be reduced to make it more appealing to customers."
"The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
"It is a very expensive product."
"The price of Darktrace is high and could be reduced. We pay approximately $30,000 to $54,000 annually."
"The tool is competitively priced."
"I rate the product’s pricing an eight out of ten."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
11%
Government
8%
Comms Service Provider
6%
Computer Software Company
14%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
Financial Services Firm
13%
Computer Software Company
11%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other t...
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet tr...
What do you like most about McAfee Network Security Platform?
The threat intelligence updates are very accurate.
What is your experience regarding pricing and costs for McAfee Network Security Platform?
The tool is competitively priced. I rate the pricing a six out of ten.
What needs improvement with McAfee Network Security Platform?
Network Threat Behavior Analysis must be improved. The technical support must be improved. The support team must prov...
 

Also Known As

Sourcefire SNORT
No data available
McAfee Network Security Platform, McAfee NSP, IntruShield Network Intrusion Prevention System, IntruShield Network IPS
 

Overview

 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Desjardins Group, HollyFrontier, Nubia, Agbar, WNS Global Services, INAIL, Universidad de Las Américas Puebla (UDLAP), Cook County, China Pacific Insurance, Bank Central Asia, California Department of Corrections and Rehabilitation, City of Chicago, Macquarie Telecom, Sutherland Global Services, Texas Tech University Health Sciences Center, United Automotive Electronic Systems
Find out what your peers are saying about Darktrace, Check Point Software Technologies, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: April 2025.
848,989 professionals have used our research since 2012.