Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Darktrace vs Trellix Intrusion Prevention System comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.3%, down from 3.9% compared to the previous year. The mindshare of Darktrace is 19.5%, up from 17.8% compared to the previous year. The mindshare of Trellix Intrusion Prevention System is 3.3%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Jack Poon - PeerSpot reviewer
Offers ease of setup and good documentation
When it comes to the product's deployment phase, we have a lot of vendor support. We have a lot of skills here in Hong Kong. Our company doesn't find any problem deploying Cisco solutions. The solution is deployed on an on-premises version. Speaking about the time required to deploy the solution, I would say that we have quite a lot of previous experience with deploying Cisco products. We have our company's standard design document, which we need to follow. We have a standard testing procedure for all those features. We just take out some appropriate parts and then compile them into one document for an individual project. It is actually quite easy for us to do the documentation, so it just takes one or two hours, and we can do the implementation because all the materials and testing procedures are already in our company standard documents, so it is not that difficult for us.
Peter-Murphy - PeerSpot reviewer
Enables proactive threat detection and immediate response through AI monitoring
The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation. Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures. Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.
Juan Muriel - PeerSpot reviewer
Protects from attacks in real-time and provides accurate threat intelligence updates
I rate the ease of setup a seven or eight out of ten. The platform functions very well. We need technical support to make improvements to the platform. The deployment takes eight months. We need two or three system engineers and one electronic engineer specialized in Trellix platforms to deploy the tool. We need only one system engineer to maintain the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The most valuable feature is the visibility that we have across the virtual environment."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"It is quite an intelligent product."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"The whole solution is very good, and stable."
"The solution is rather easy to use."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The NDR is good in their solution and they have NTG for email."
"We liked their approach to identifying intrusions or network anomalies using AI."
"Technical support is helpful and responsive."
"I would 100% recommend Darktrace."
"I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities."
"The most valuable features are the AI and advanced learning tools that distinguish it from other products."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"The solution is outstanding from a monitoring perspective."
"The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features."
"The initial setup is straightforward."
"The product is worth the investment."
"The threat intelligence updates are very accurate."
"The most valuable features in Trellix for me are the automated signature updates. It is a great and convenient feature."
"There's a good dashboard you can drill down into. It helps you easily locate intrusions and the source of attacks."
"The ability to centrally manage all the IPS sensors, track the different security events generated by it, and customize the different policies, depending on their location."
"The most valuable features of the solution stem from the fact that it is a good product for dealing with DDoS attacks and for the inspection of network traffic."
 

Cons

"I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced."
"Performance needs improvement."
"If the price is brought down then everybody will be happy."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"The solution's approach to managing traffic blocking is confusing and impractical."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"The customization of the rules can be simplified."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"Darktrace does not have any capabilities to configure."
"The pricing needs improvement."
"The interface and dashboards could be improved for ease-of-use."
"Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler."
"The level of tracking within the network from the transmission level up to the machine level can use improvement."
"They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users."
"The platform’s GUI could be the latest."
"The solution needs to improve the graphical interface. And they had a limitation in some of the sensor modems as well."
"The area of concern where the tool needs improvement is how the product prompts users at a network level that helps prevent any wireless network attacks through alerts and notifications."
"The technical support has room for improvement."
"The management console needs to be less complex and easier to navigate."
"There are limited resources for configuration guidance."
"The solution could improve some aspects of detection."
"We would like to have a simpler version. Some settings and functions on the McAfee console are complex and complicated. I want the management console to be simpler."
 

Pricing and Cost Advice

"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"We have a three-year license for this solution."
"The cost is per port and can be expensive but it does include training and support for three years."
"Licensing for this solution is paid on a yearly basis."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"Our customers feel that the price of Darktrace is quite high compared to other solutions."
"The pricing is subscription-based and it is high."
"It is expensive. I don't have the price for other competitors."
"I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more."
"Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products."
"The pricing is quite high, estimated at around $350,000 per year."
"They are too expensive compared with other vendors."
"It is a very expensive product."
"I rate the product’s pricing an eight out of ten."
"The tool is competitively priced."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
11%
Government
8%
Comms Service Provider
6%
Computer Software Company
14%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
Financial Services Firm
13%
Computer Software Company
11%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other t...
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet tr...
What do you like most about McAfee Network Security Platform?
The threat intelligence updates are very accurate.
What is your experience regarding pricing and costs for McAfee Network Security Platform?
The tool is competitively priced. I rate the pricing a six out of ten.
What needs improvement with McAfee Network Security Platform?
Network Threat Behavior Analysis must be improved. The technical support must be improved. The support team must prov...
 

Also Known As

Sourcefire SNORT
No data available
McAfee Network Security Platform, McAfee NSP, IntruShield Network Intrusion Prevention System, IntruShield Network IPS
 

Overview

 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Desjardins Group, HollyFrontier, Nubia, Agbar, WNS Global Services, INAIL, Universidad de Las Américas Puebla (UDLAP), Cook County, China Pacific Insurance, Bank Central Asia, California Department of Corrections and Rehabilitation, City of Chicago, Macquarie Telecom, Sutherland Global Services, Texas Tech University Health Sciences Center, United Automotive Electronic Systems
Find out what your peers are saying about Darktrace, Check Point Software Technologies, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: April 2025.
848,989 professionals have used our research since 2012.