Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco Sourcefire SNORT OverviewUNIXBusinessApplication

Cisco Sourcefire SNORT is #16 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Cisco Sourcefire SNORT an average rating of 7.6 out of 10. Cisco Sourcefire SNORT is most commonly compared to Check Point IPS: Cisco Sourcefire SNORT vs Check Point IPS. Cisco Sourcefire SNORT is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 25% of all views.
Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: September 2022

What is Cisco Sourcefire SNORT?

Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

Cisco Sourcefire SNORT was previously known as Sourcefire SNORT.

Cisco Sourcefire SNORT Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia

Cisco Sourcefire SNORT Video

Cisco Sourcefire SNORT Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PeerSpot user
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Top 5Leaderboard
Intelligent with good threat detection capabilities but could be easier to implement
Pros and Cons
  • "It is quite an intelligent product."
  • "The implementation could be a bit easier."

What is our primary use case?

The product is primarily used for an IDS, Intrusion Detection Software, element.

What is most valuable?

You can do a lot of feasibility in terms of SSLI configuration which can be enabled.

You can encrypt and encrypt your data through Cisco Sourcefire so that your IPS solution can be effectively utilized.

Users have access to intelligent security automation as one of the features. It can easily automate your event impact assessment and your IPS policy tuning can be done as well as your network behavior analysis. They have introduced this intelligent security automation as part of that and then you can do a real-time contextual awareness. Basically, you can see a correlation of events that are created on your application, user devices, operating systems, or vulnerabilities. All of this real-time data can be captured including on your apps and port scans.

It is quite an intelligent product.

It can look into your north-south traffic in case of IPv6 attacks, DOS attacks, or buffer overflow. They say that it also supports against zero-day threats and items like that. They are up-to-date in terms of their threat protection, anti-bot, antivirus, and all kinds of signatures.

They have something called Firepower, which is advanced threat protection that they offer. It's a new subscription which we use for additional malware protection. It offers blocking capabilities and continuous analysis.

The solution is very stable.

What needs improvement?

The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it.

The implementation could be a bit easier.

As long as they continue to develop security features to protect our company, they will be doing quite well.

For how long have I used the solution?

I've been using the solution for six months at this point. It's been less than a year and hasn't been that long.

Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
September 2022
Find out what your peers are saying about Cisco, Darktrace, Trend Micro and others in Intrusion Detection and Prevention Software (IDPS). Updated: September 2022.
634,775 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is quite a stable product. We have not seen many issues with this product. We haven't seen crashes or glitches or bugs. Since we have just started to use this product, we need time to understand the stability for a longer period. It's only been around six months, and we are just implementing it now across a few locations.

What do I think about the scalability of the solution?

The solution is pretty scalable. The throughput, however, depends on what kind of appliance you are buying. For example, you can have 50 Mbps to 40 Gbps of throughput. Currently, we are using 100 Mbps and, at a couple of smaller locations, we are using 50 Mbps of a throughput receiver.

We're implementing it across locations currently. We're implementing it on an enterprise level. We have close to around 15 major locations, wherein we are using it to align devices that are hosted in our data center or in our critical locations.

As we are still in the early stages, we do plan to continue to use the solution in the future.

How are customer service and support?

Technical support is quite fast. Cisco is quite a big company and their support contract is there with us. We use a lot of Cisco products and therefore we have platinum support for everything. Due to our level, we get immediate support from Cisco on all of our Cisco products. We're quite satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

We were previously using IBM IPS. We switched due to the fact IBM wasn't really working for us. It couldn't help us solve most of our issues and the devices which we bought were also quite old. It didn't have the option of SSL encryption and other things in it. Due to all of these limitations, we decided to move away from IBM.

How was the initial setup?

The initial implementation is pretty straightforward. It's just an appliance. We are using an appliance and it is predominantly for SSL encryption. We have a lot of applications on the cloud and on the web application. 

Your IPS, DLP, everything can be done on a single appliance itself. Predominantly, we are using it for SSL encryption to a larger extent. 

It doesn't take much time for installation. It depends on what you want to and what traffic you want to allow on Sourcefire. 

For example, if I have a proxy path, where my users are accessing through a proxy path, that traffic needs to be encrypted. In cases where I have a direct path, and if I have a CMD path, it depends on where exactly you want to enable your SSL encryption or which data needs to be analyzed and used. If you have too many paths from which the users are accessing the data, then it is important that you use all the paths. If you are using it on a single path and if there are no other kinds of encryption used there, then obviously it doesn't make sense. If your traffic is going from north-south traffic, then you can use its product to ensure that your encryption and other tasks are happening.

We only need maybe one or two people for maintenance. Our data center specialist can handle the device. After implementation, it is just a configuration of our traffic. One or two people are more than enough.

What about the implementation team?

Cisco is currently helping us with the implementation process.

What's my experience with pricing, setup cost, and licensing?

We bought the appliance, which comes with a license as well.

While I don't know the exact pricing, most of these products are through subscription. In our case, we bought the complete appliance with the software with it. It does not run with any Cisco item, as we have bought the entire appliance. The three-year warranty of the appliance is there. It does not contain any licenses except for the software license and the hardware licenses which are a part of it. It's a three-year contract which we have bought.

What other advice do I have?

The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release.

I'd recommend the solution to other organizations.

Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
NOC Supervisor / Network Architect / System Analyst at a non-profit with 10,001+ employees
Real User
Top 10
Protects your network against various threats
Pros and Cons
  • "Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
  • "I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."

What is our primary use case?

We use Cisco Sourcefire SNORT for intrusion prevention cases.

Within our organization, there are roughly 1,000 people using this solution.

What is most valuable?

Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly.

What needs improvement?

I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it.

For how long have I used the solution?

I have been using this solution for roughly four years.

What do I think about the scalability of the solution?

Cisco Sourcefire SNORT is both scalable and stable.

How are customer service and technical support?

The technical support is very good.

How was the initial setup?

The initial setup was very straightforward. Deployment took roughly two months.

What about the implementation team?

We used a reseller to help us with deployment.

Which other solutions did I evaluate?

Yes, we did evaluate other solutions before choosing Cisco Sourcefire SNORT.

What other advice do I have?

I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment.

Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Cisco, Darktrace, Trend Micro, and more!
Updated: September 2022
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Cisco, Darktrace, Trend Micro, and more!