As an end customer, we do not actually know whether the tool uses real AI to do the analysis and then gives us advice or feedback or if it just uses simple logic to do it. The tool claims it has AI, but as a result, it can be a simple traditional relational way of dealing with logic and then feed us back. We cannot differentiate whether the tool has real AI or is just a traditional way to detect threats. If someone wants to deploy a product easily and has a lot of support staff, then they can easily acquire the tool. I rate the tool as an eight out of ten.
Sr. Executive Design Engineering Team at a comms service provider with 1,001-5,000 employees
Real User
Top 10
2024-03-20T09:34:00Z
Mar 20, 2024
We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.
I give the solution a nine out of ten. We have an in-house engineer that has been assigned by the system integrators for a year. It's easier for our team to manage the solution because we have a local system integrator onsite. It's a type of hybrid managed service which is one way to mitigate the manpower that we have. Before using this solution we must understand our infrastructure. We can reduce the cost by understanding which critical portion of our infrastructure needs to be protected.
The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release. I'd recommend the solution to other organizations. Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.
Information Systems, Manager - Network at a government with 1,001-5,000 employees
Real User
Top 5
2020-12-08T14:56:35Z
Dec 8, 2020
I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment. Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.
We're just an end-user of the service. We don't have a business relationship with Cisco. The hardware we're using is still old. We bought it when the product was not under Cisco. That said, obviously, Cisco has now updated the product with new hardware. However, we've still got the old hardware. I would advise other organizations to go ahead and try the solution out. It's a good product. It's very straightforward and easy to implement especially when you compare it to other systems. I'd rate the solution eight out of ten overall. If they offered better and more detailed alerts, I would rank them higher.
Team Lead at a tech services company with 201-500 employees
Real User
2020-04-13T06:27:00Z
Apr 13, 2020
Make sure to have good sizing because it matters for the performance of the features. Also make sure to have a good design. Before starting with the deployment and installation for Sourcefire. Have a technical session with the local Cisco office or the local department to provide a good design. I would rate it an eight out of ten. We have some architecture concerns. I'm not really sure that Cisco can quickly solve this concern. Palo Alto has a user-friendly interface for the management.
Information Security Operations Expert at Asiacell
Real User
2020-01-09T06:15:00Z
Jan 9, 2020
A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably. I would rate this solution a one out of ten.
I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.
Networking and Security Engineer at IE Network Solutions PLC (Ethiopia)
Real User
2019-11-19T06:35:00Z
Nov 19, 2019
The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature. What's more, some of the configurations are a little bit complex, like the mapping. It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company. On a scale from one to 10, I will rate this solution an eight.
Senior Engineer at a tech services company with 51-200 employees
Real User
2019-10-06T16:38:00Z
Oct 6, 2019
Providing videos and materials are useful, but really what you need is the experience in analyzing logs. Without that, you wouldn't be able to problem-solve on your own, even with the assistance of videos. I would recommend this solution. It's reliable and scalable, with easy installation and integration. I would rate this solution an eight out of ten.
We are satisfied with this solution. The whole solution is very good, and stable. There are three modes that can be configured. The first is collectivity over security, the second is security over collectivity, and the third is a balanced mode. We have implemented a balanced mode, and it works just fine. I would rate this solution an eight out of ten.
Chief technology officer at Next Generation Systems Nigeria Limited
Real User
2019-08-28T09:52:00Z
Aug 28, 2019
We typically work with the on-premises deployment model. Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product. I would rate the solution nine out of ten.
Network Engineer at a individual & family service with 10,001+ employees
Real User
2019-07-02T06:57:00Z
Jul 2, 2019
I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use. The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.
Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.
As an end customer, we do not actually know whether the tool uses real AI to do the analysis and then gives us advice or feedback or if it just uses simple logic to do it. The tool claims it has AI, but as a result, it can be a simple traditional relational way of dealing with logic and then feed us back. We cannot differentiate whether the tool has real AI or is just a traditional way to detect threats. If someone wants to deploy a product easily and has a lot of support staff, then they can easily acquire the tool. I rate the tool as an eight out of ten.
We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.
We use two people for the maintenance of the solution. I would recommend this solution to others. I rate Cisco Sourcefire SNORT an eight out of ten.
I give the solution a nine out of ten. We have an in-house engineer that has been assigned by the system integrators for a year. It's easier for our team to manage the solution because we have a local system integrator onsite. It's a type of hybrid managed service which is one way to mitigate the manpower that we have. Before using this solution we must understand our infrastructure. We can reduce the cost by understanding which critical portion of our infrastructure needs to be protected.
I rate the solution an eight out of ten. The solution is good, but the cloud can be improved. I recommend it to others.
The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release. I'd recommend the solution to other organizations. Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.
I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment. Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.
We're just an end-user of the service. We don't have a business relationship with Cisco. The hardware we're using is still old. We bought it when the product was not under Cisco. That said, obviously, Cisco has now updated the product with new hardware. However, we've still got the old hardware. I would advise other organizations to go ahead and try the solution out. It's a good product. It's very straightforward and easy to implement especially when you compare it to other systems. I'd rate the solution eight out of ten overall. If they offered better and more detailed alerts, I would rank them higher.
Make sure to have good sizing because it matters for the performance of the features. Also make sure to have a good design. Before starting with the deployment and installation for Sourcefire. Have a technical session with the local Cisco office or the local department to provide a good design. I would rate it an eight out of ten. We have some architecture concerns. I'm not really sure that Cisco can quickly solve this concern. Palo Alto has a user-friendly interface for the management.
This is a good solution and one that I would recommend to others. I would rate this solution an eight out of ten.
A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably. I would rate this solution a one out of ten.
I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.
The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature. What's more, some of the configurations are a little bit complex, like the mapping. It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company. On a scale from one to 10, I will rate this solution an eight.
This solution has improved a lot in the past few years. I would rate this solution an eight out of ten.
Providing videos and materials are useful, but really what you need is the experience in analyzing logs. Without that, you wouldn't be able to problem-solve on your own, even with the assistance of videos. I would recommend this solution. It's reliable and scalable, with easy installation and integration. I would rate this solution an eight out of ten.
We are satisfied with this solution. The whole solution is very good, and stable. There are three modes that can be configured. The first is collectivity over security, the second is security over collectivity, and the third is a balanced mode. We have implemented a balanced mode, and it works just fine. I would rate this solution an eight out of ten.
We typically work with the on-premises deployment model. Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product. I would rate the solution nine out of ten.
I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use. The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.