I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT.

I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledge, it's up to whoever creates the Cisco Sourcefire SNORT rules to try and understand the system to identify zero days. Cisco Sourcefire SNORT has the ability, but it's up to who actually creates the rules.

I don't feel I have enough experience to comment on areas that could be improved or could be continuously improved upon with Cisco Sourcefire SNORT.

The solution has some stability issues. Also, it's complicated compared to other products like FortiGate.

Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance, and see whether there is any trouble. We are using Cisco DNA center, but again, we have a multiple layer set up. Other than Cisco DNA Center, we do have some other products. For Cisco, we are using DNA Center now. I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced.

The main dashboard of Cisco Sourcefire SNORT could improve.

The solution is expensive and can improve by lowering the cost.

I would like to have analytics included in the suite.

The solution's approach to managing traffic blocking is confusing and impractical. It's challenging to envision how to implement it, especially considering architectural constraints.

The security landscape is changing, so the cloud can be improved. As we move, we try to adopt more cloud services and integrate everything, such as on-premise solutions, to get them to work with cloud solutions. The utopia is to see everything from one dashboard, but sometimes that's not very possible.

The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it.

The implementation could be a bit easier.

As long as they continue to develop security features to protect our company, they will be doing quite well.

To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team is working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have.

Another issue where there's room for improvement is that sometimes I feel like the device is heavy. For example, we can use either the physical or virtual device. Most of the time if you are using the virtual device, you need to have very good RAM. If, for example, we don't have a good RAM in the environment, the device will be kind of heavy. It will not run as quick as you want. Most of the time we need a  minimum of 4GB of RAM. Maybe they should add the possibility that we could use 2GB of RAM so that the device can be more lightweight.

Those are all small things, but if they can improve them it would be great. Of course, everything is dependent on the process running behind it. I don't know if they have the possibility to make these changes, but if they can, it would be great.

I did not experience any pain points that required improvement. Maybe a couple of false positives, but that's about it.

While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive.

Performance needs improvement. If you compare Cisco Sourcefire with other products, it performs at the same level of compliance. For Cisco Sourcefire, it's not really horrible and it's not really the market and price-performance rate. The performance can be improved. 

There are problems setting up VPNs for some regions. There are cases where they are permitted in Sourcefire but blocked in Check Point. 

There are some outside ports that are allowed by default but should not be.

It would be helpful if a list of third-party services were listed so that the rules could be easily added. An example of this would be a ticket booking site. It would be in a list of services and selecting it would allow transactions with that site.

We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco.

Sourcefire SNORT is very resource heavy in terms of CPU usage and memory consumption. Technical support has told us that this is related to bugs that have yet to be fixed.

I don't think this solution is a time-based control system, because one cannot filter traffic based on time. 

The price of this solution could be improved. If the price is brought down then everybody will be happy.

I would like to see a cloud-based version of this solution.

This is a good solution, but some others may have some advantages. For example, Palo Alto has more useful and suitable application abilities. This solution has a better Firepower but the functionalities are not as good.

With the next release, I would like to see some PBR, so that you can do the configuration with the features.

This solution needs to be more customizable.

The customization of the rules can be simplified.

The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market.

One addition to the current product that I think would be helpful is if it was integrated into the Cisco DNA Center. Between their security side, their routing, and the wireless side, they kind of have a gap. If they could bridge the gap and integrate all those in the DNA Center, I think that would be a good goal and something useful to users.