We performed a comparison between Cisco Sourcefire SNORT and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Solid intrusion detection and prevention that scales easily in very large environments."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"The solution is stable."
"The most valuable feature of this solution is the filtering."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The most valuable feature is the visibility that we have across the virtual environment."
"The URL filtering is very good and you can create a group for customized URLs."
"The whole solution is very good, and stable."
"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."
"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"The most valuable features are the indexing and powerful search features."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"The product is at the forefront of auto-remediation networking. It's great."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"Performance needs improvement."
"There are problems setting up VPNs for some regions."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"The cloud can be improved."
"The customization of the rules can be simplified."
"I would like to have analytics included in the suite."
"The implementation could be a bit easier."
"We'd like the ability to do custom searches."
"The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes."
"The price of Splunk UBA is too high."
"It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"I would like improved downward integration with other tools such as McAfee and other GCP solutions."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"The correlation engine should have persistent and definable rules."
More Splunk User Behavior Analytics Pricing and Cost Advice →
Cisco Sourcefire SNORT is ranked 11th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while Splunk User Behavior Analytics is ranked 12th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews. Cisco Sourcefire SNORT is rated 7.6, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Fortinet FortiWeb, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, IBM Security QRadar, Cynet and Exabeam Fusion SIEM. See our Cisco Sourcefire SNORT vs. Splunk User Behavior Analytics report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.