The product is primarily used for an IDS, Intrusion Detection Software, element.
Cisco Sourcefire SNORT OverviewUNIXBusinessApplicationPrice:
Buyer's Guide
Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: July 2022
What is Cisco Sourcefire SNORT?
Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.
Cisco Sourcefire SNORT was previously known as Sourcefire SNORT.
Cisco Sourcefire SNORT Customers
CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Cisco Sourcefire SNORT Video
Cisco Sourcefire SNORT Reviews
Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
- Date
- Highest Rating
- Lowest Rating
- Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Lead Program Manager at a computer software company with 10,001+ employees
Intelligent with good threat detection capabilities but could be easier to implement
Pros and Cons
- "It is quite an intelligent product."
- "The implementation could be a bit easier."
What is our primary use case?
What is most valuable?
You can do a lot of feasibility in terms of SSLI configuration which can be enabled.
You can encrypt and encrypt your data through Cisco Sourcefire so that your IPS solution can be effectively utilized.
Users have access to intelligent security automation as one of the features. It can easily automate your event impact assessment and your IPS policy tuning can be done as well as your network behavior analysis. They have introduced this intelligent security automation as part of that and then you can do a real-time contextual awareness. Basically, you can see a correlation of events that are created on your application, user devices, operating systems, or vulnerabilities. All of this real-time data can be captured including on your apps and port scans.
It is quite an intelligent product.
It can look into your north-south traffic in case of IPv6 attacks, DOS attacks, or buffer overflow. They say that it also supports against zero-day threats and items like that. They are up-to-date in terms of their threat protection, anti-bot, antivirus, and all kinds of signatures.
They have something called Firepower, which is advanced threat protection that they offer. It's a new subscription which we use for additional malware protection. It offers blocking capabilities and continuous analysis.
The solution is very stable.
What needs improvement?
The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it.
The implementation could be a bit easier.
As long as they continue to develop security features to protect our company, they will be doing quite well.
For how long have I used the solution?
I've been using the solution for six months at this point. It's been less than a year and hasn't been that long.
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
July 2022

Find out what your peers are saying about Cisco, Darktrace, Trend Micro and others in Intrusion Detection and Prevention Software (IDPS). Updated: July 2022.
620,987 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is quite a stable product. We have not seen many issues with this product. We haven't seen crashes or glitches or bugs. Since we have just started to use this product, we need time to understand the stability for a longer period. It's only been around six months, and we are just implementing it now across a few locations.
What do I think about the scalability of the solution?
The solution is pretty scalable. The throughput, however, depends on what kind of appliance you are buying. For example, you can have 50 Mbps to 40 Gbps of throughput. Currently, we are using 100 Mbps and, at a couple of smaller locations, we are using 50 Mbps of a throughput receiver.
We're implementing it across locations currently. We're implementing it on an enterprise level. We have close to around 15 major locations, wherein we are using it to align devices that are hosted in our data center or in our critical locations.
As we are still in the early stages, we do plan to continue to use the solution in the future.
How are customer service and support?
Technical support is quite fast. Cisco is quite a big company and their support contract is there with us. We use a lot of Cisco products and therefore we have platinum support for everything. Due to our level, we get immediate support from Cisco on all of our Cisco products. We're quite satisfied with the level of service provided.
Which solution did I use previously and why did I switch?
We were previously using IBM IPS. We switched due to the fact IBM wasn't really working for us. It couldn't help us solve most of our issues and the devices which we bought were also quite old. It didn't have the option of SSL encryption and other things in it. Due to all of these limitations, we decided to move away from IBM.
How was the initial setup?
The initial implementation is pretty straightforward. It's just an appliance. We are using an appliance and it is predominantly for SSL encryption. We have a lot of applications on the cloud and on the web application.
Your IPS, DLP, everything can be done on a single appliance itself. Predominantly, we are using it for SSL encryption to a larger extent.
It doesn't take much time for installation. It depends on what you want to and what traffic you want to allow on Sourcefire.
For example, if I have a proxy path, where my users are accessing through a proxy path, that traffic needs to be encrypted. In cases where I have a direct path, and if I have a CMD path, it depends on where exactly you want to enable your SSL encryption or which data needs to be analyzed and used. If you have too many paths from which the users are accessing the data, then it is important that you use all the paths. If you are using it on a single path and if there are no other kinds of encryption used there, then obviously it doesn't make sense. If your traffic is going from north-south traffic, then you can use its product to ensure that your encryption and other tasks are happening.
We only need maybe one or two people for maintenance. Our data center specialist can handle the device. After implementation, it is just a configuration of our traffic. One or two people are more than enough.
What about the implementation team?
Cisco is currently helping us with the implementation process.
What's my experience with pricing, setup cost, and licensing?
We bought the appliance, which comes with a license as well.
While I don't know the exact pricing, most of these products are through subscription. In our case, we bought the complete appliance with the software with it. It does not run with any Cisco item, as we have bought the entire appliance. The three-year warranty of the appliance is there. It does not contain any licenses except for the software license and the hardware licenses which are a part of it. It's a three-year contract which we have bought.
What other advice do I have?
The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release.
I'd recommend the solution to other organizations.
Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

NOC Supervisor / Network Architect / System Analyst at a non-profit with 10,001+ employees
Protects your network against various threats
Pros and Cons
- "Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
- "I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
What is our primary use case?
We use Cisco Sourcefire SNORT for intrusion prevention cases.
Within our organization, there are roughly 1,000 people using this solution.
What is most valuable?
Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly.
What needs improvement?
I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it.
For how long have I used the solution?
I have been using this solution for roughly four years.
What do I think about the scalability of the solution?
Cisco Sourcefire SNORT is both scalable and stable.
How are customer service and technical support?
The technical support is very good.
How was the initial setup?
The initial setup was very straightforward. Deployment took roughly two months.
What about the implementation team?
We used a reseller to help us with deployment.
Which other solutions did I evaluate?
Yes, we did evaluate other solutions before choosing Cisco Sourcefire SNORT.
What other advice do I have?
I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment.
Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Cisco, Darktrace, Trend Micro, and more!
Updated: July 2022
Product Categories
Intrusion Detection and Prevention Software (IDPS)Popular Comparisons
Check Point IPS
Palo Alto Networks Threat Prevention
Fortinet FortiGate IPS
Cisco NGIPS
Cisco Stealthwatch
Darktrace
Tripwire Enterprise
Splunk User Behavior Analytics
Fortinet FortiWeb
Kerio Control
Trend Micro TippingPoint Threat Protection System
Vectra AI
McAfee Network Security Platform
WatchGuard Intrusion Prevention Service
Trend Micro Deep Discovery
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Cisco, Darktrace, Trend Micro, and more!
Quick Links
Learn More: Questions:
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- When evaluating Intrusion Detection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- What product do you recommend for a Campus IPS appliance implementation?
- How would you rate Rapid7 InsightIDR?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which is the best intrusion detection and prevention solution?
- What is the best IDPS security tool and why?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What is Cognitive Cybersecurity and what is it used for?