No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Sourcefire SNORT vs ExtraHop Reveal(x) comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (13th)
ExtraHop Reveal(x)
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
15
Ranking in other categories
Network Traffic Analysis (NTA) (6th), Network Detection and Response (NDR) (5th)
 

Mindshare comparison

While both are Network Security Systems solutions, they serve different purposes. Cisco Sourcefire SNORT is designed for Intrusion Detection and Prevention Software (IDPS) and holds a mindshare of 3.0%, up 2.6% compared to last year.
ExtraHop Reveal(x), on the other hand, focuses on Network Traffic Analysis (NTA), holds 6.7% mindshare, down 16.2% since last year.
Intrusion Detection and Prevention Software (IDPS) Mindshare Distribution
ProductMindshare (%)
Cisco Sourcefire SNORT3.0%
Darktrace10.2%
Fortinet FortiGate9.2%
Other77.6%
Intrusion Detection and Prevention Software (IDPS)
Network Traffic Analysis (NTA) Mindshare Distribution
ProductMindshare (%)
ExtraHop Reveal(x)6.7%
Darktrace15.6%
Cisco Secure Network Analytics8.8%
Other68.9%
Network Traffic Analysis (NTA)
 

Featured Reviews

reviewer2772102 - PeerSpot reviewer
Cloud Architect at a consultancy with 1-10 employees
Logging and customizable rules have helped improve threat monitoring and detection
The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT. Being able to log and store it in a file allows you to push it to a centralized repository. The logging and reporting help improve incident response. You should always be logging threats, any sort of misconfiguration, and anything that could be an issue. It's important to at least log and monitor it. The basic rules provide a good baseline in assessing Cisco Sourcefire SNORT's ability in providing real-time analytics for threat detection, but as a professional, you should look to constantly modify that baseline. They provide extensive customizability so you can define your own rules. The customizability allows it to be adaptable in protecting against diverse network threats to the constant change.
Henri Heuvel - PeerSpot reviewer
Technical Consultant at Axians
Cloud-based administration streamlines network security management
ExtraHop Reveal(x) can improve regarding integration capabilities. For instance, the market is getting really flooded with Microsoft Sentinel, and I know there is an integration possible, but the tools on the market right now indicate that integration should not be a skill from an integrator point of view. It should be quite easy for customers to integrate that solution into SOCs, SIEMs, or any other integration with other tools. There are various integrations from which there's a manual on how to do it, but specifically, the Microsoft portfolio, particularly Sentinel, integration is not yet there. If you score them on a scale of one to ten, ExtraHop scores around a 7.5 to an 8 on an integration basis, but there's actually room for improvement on that side. In the older days, ExtraHop had a license model where you could do all you can eat, so if you had a sensor with 10 gig of capacity, you could use all the entire 10 gig of throughput. They changed that to an asset-based license model, and that's an absolute downside of the solution, where it is harder for smaller companies to acquire the solution itself. That has given us quite some problems in positioning the solution properly within the network, so the licensing model is an absolute downside where they need to improve.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Users have access to intelligent security automation as one of the features, which can easily automate your event impact assessment so your IPS policy tuning can be done as well as your network behavior analysis, and you can do real-time contextual awareness with correlation of events created on your applications, user devices, operating systems, or vulnerabilities, with all of this real-time data captured including your apps and port scans."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"Scalability is something that Cisco has always cared about."
"We primarily use this solution as an intrusion prevention system for external firewalls and deploy the solution on-premises."
"The whole solution is very good, and stable."
"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"The most valuable feature is the visibility that we have across the virtual environment."
"This solution makes life a lot easier as there are fewer man-hours required and we no longer need too many resources to manage it."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"The solution's initial setup process is easy."
"The most valuable aspect of the solution is the depth of information that's available."
"We've done our due diligence and research on other products such as Riverbed and NetScout, and this product is by far the supreme leader."
"The solution offers a friendly GUI for security features."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"We had useful information within the hour of deployment."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
 

Cons

"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"The pricing needs to be improved."
"The solution's approach to managing traffic blocking is confusing and impractical."
"I would like to have analytics included in the suite."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"Performance needs improvement."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"I would like to see more cloud capability."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"It needs integration with more security vendors."
"The support from ExtraHop Reveal(x) is sporadic, it can be good and it can be poor."
"I would rate the price a three out of five. It could be less expensive."
 

Pricing and Cost Advice

"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"Licensing for this solution is paid on a yearly basis."
"We have a three-year license for this solution."
"The cost is per port and can be expensive but it does include training and support for three years."
"I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."
"I would rate the price a three out of five. It could be less expensive."
"I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
"The solution is based on an annual subscription model and is expensive."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
903,147 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
10%
Comms Service Provider
8%
University
7%
Financial Services Firm
16%
Manufacturing Company
9%
Healthcare Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise8
Large Enterprise7
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise4
Large Enterprise9
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
What needs improvement with Cisco Sourcefire SNORT?
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledg...
What is your primary use case for Cisco Sourcefire SNORT?
Endpoint protection is the main use case. The main aspect involves specifying different rules, and when network traffic hits these rules, it will try to block the traffic or at least log the traffi...
What is the best network monitoring software for large enterprises?
We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated c...
What open source tool can one use to measure bandwidth from one's upstream service provider?
One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow. The other one we are using is ExtraHop. This has both a Datacenter Hig...
What is your experience regarding pricing and costs for ExtraHop Reveal(x)?
We manage the setup cost ourselves, so I am quite happy with that. I also had engagement with professional services from ExtraHop, and it wasn't bad, but I was not impressed; it's not academic work...
 

Also Known As

Sourcefire SNORT
Reveal(x), Revealx
 

Overview

 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Wood County Hospital
Find out what your peers are saying about Fortinet, Darktrace, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS). Updated: June 2026.
903,147 professionals have used our research since 2012.