Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Darktrace vs Trellix Intrusion Prevention System comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.3%, down from 3.9% compared to the previous year. The mindshare of Darktrace is 19.5%, up from 17.8% compared to the previous year. The mindshare of Trellix Intrusion Prevention System is 3.3%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Syed Shahnawaz Hussain - PeerSpot reviewer
An IPS solution for security and protection but lacks stability
We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.
Peter-Murphy - PeerSpot reviewer
Enables proactive threat detection and immediate response through AI monitoring
The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation. Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures. Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.
Juan Muriel - PeerSpot reviewer
Protects from attacks in real-time and provides accurate threat intelligence updates
I rate the ease of setup a seven or eight out of ten. The platform functions very well. We need technical support to make improvements to the platform. The deployment takes eight months. We need two or three system engineers and one electronic engineer specialized in Trellix platforms to deploy the tool. We need only one system engineer to maintain the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is quite an intelligent product."
"The solution is rather easy to use."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"I like most of Cisco's features, like malware detection and URL filtering."
"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"The solution is stable. We've never had any problems with it."
"The most valuable feature is that it gives us visibility of rogue traffic that is on the network."
"I highly recommend the overall solution to other users and rate it as nine out of ten."
"Technical support is helpful and responsive."
"Darktrace is valuable since it offers full packet capture and detailed metadata."
"Provides great network protection."
"It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk."
"The models, triggers, and alerts are customizable."
"The product is worth the investment."
"The most valuable features of the solution stem from the fact that it is a good product for dealing with DDoS attacks and for the inspection of network traffic."
"The most valuable features are the customization of the signature and the unlimited amount of signatures in IPS."
"The solution can scale."
"The threat intelligence updates are very accurate."
"McAfee NSP is much more stable than Cisco."
"The most valuable features in Trellix for me are the automated signature updates. It is a great and convenient feature."
"There's a good dashboard you can drill down into. It helps you easily locate intrusions and the source of attacks."
 

Cons

"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"The cloud can be improved."
"There are problems setting up VPNs for some regions."
"I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"I would like to have analytics included in the suite."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"The module can improve so that every time it's more intelligent."
"Darktrace needs significant improvement in its notification capabilities."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"The price point for the product was too high for what our possible use case could be."
"In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from."
"I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
"Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
"A reporting portal could be a great addition to help customize reports."
"Some of the documentation is not as straightforward as it could be."
"The area of concern where the tool needs improvement is how the product prompts users at a network level that helps prevent any wireless network attacks through alerts and notifications."
"The technical support has room for improvement."
"The management component could be simplified."
"Integration with Global Thereat Intelligence could be better. Also, I think management solutions are end of life now at McAfee. Network threat analyzer may be used for endpoint quarantines. Integration between these sides, as well as endpoint APO, will help you quarantine the risky endpoints."
"There are limited resources for configuration guidance."
"The technical support must be improved."
"The management console needs to be less complex and easier to navigate."
 

Pricing and Cost Advice

"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"Licensing for this solution is paid on a yearly basis."
"The cost is per port and can be expensive but it does include training and support for three years."
"We have a three-year license for this solution."
"It is expensive."
"They are too expensive compared with other vendors."
"It's an expensive solution."
"If you consider the features and the cost of market leaders, we are satisfied with the pricing."
"All of the other modules, such as the licensing modules, are on par. It's one for one."
"We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once. Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution."
"Darktrace is expensive. You can pay for the license yearly."
"When it comes to large installations, it can be expensive, but for small accounts it's fine."
"The tool is competitively priced."
"I rate the product’s pricing an eight out of ten."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
11%
Government
9%
University
7%
Computer Software Company
14%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other t...
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet tr...
What do you like most about McAfee Network Security Platform?
The threat intelligence updates are very accurate.
What is your experience regarding pricing and costs for McAfee Network Security Platform?
The tool is competitively priced. I rate the pricing a six out of ten.
What needs improvement with McAfee Network Security Platform?
Network Threat Behavior Analysis must be improved. The technical support must be improved. The support team must prov...
 

Also Known As

Sourcefire SNORT
No data available
McAfee Network Security Platform, McAfee NSP, IntruShield Network Intrusion Prevention System, IntruShield Network IPS
 

Overview

 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Desjardins Group, HollyFrontier, Nubia, Agbar, WNS Global Services, INAIL, Universidad de Las Américas Puebla (UDLAP), Cook County, China Pacific Insurance, Bank Central Asia, California Department of Corrections and Rehabilitation, City of Chicago, Macquarie Telecom, Sutherland Global Services, Texas Tech University Health Sciences Center, United Automotive Electronic Systems
Find out what your peers are saying about Darktrace, Check Point Software Technologies, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: March 2025.
844,944 professionals have used our research since 2012.