We changed our name from IT Central Station: Here's why

Cisco Sourcefire SNORT OverviewUNIXBusinessApplication

Cisco Sourcefire SNORT is #10 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Cisco Sourcefire SNORT an average rating of 8 out of 10. Cisco Sourcefire SNORT is most commonly compared to Check Point IPS: Cisco Sourcefire SNORT vs Check Point IPS. The top industry researching this solution are professionals from a comms service provider, accounting for 32% of all views.
What is Cisco Sourcefire SNORT?

Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

Cisco Sourcefire SNORT was previously known as Sourcefire SNORT.

Cisco Sourcefire SNORT Buyer's Guide

Download the Cisco Sourcefire SNORT Buyer's Guide including reviews and more. Updated: January 2022

Cisco Sourcefire SNORT Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia

Cisco Sourcefire SNORT Video

Archived Cisco Sourcefire SNORT Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Network Engineer at a tech services company with 501-1,000 employees
Real User
Reliably filter URLs and malware, easy to manage and has good support
Pros and Cons
  • "The URL filtering is very good and you can create a group for customized URLs."
  • "There are problems setting up VPNs for some regions."

What is our primary use case?

Our primary uses for this solution are URL filtering and malware filtering.

How has it helped my organization?

Sourcefire SNORT has been good for us.

What is most valuable?

The most valuable feature is reliability. This solution is better than Check Point.

The URL filtering is very good and you can create a group for customized URLs. 

Cisco SNORT is easy to manage.

What needs improvement?

There are problems setting up VPNs for some regions. There are cases where they are permitted in Sourcefire but blocked in Check Point. 

There are some outside ports that are allowed by default but should not be.

It would be helpful if a list of third-party services were listed so that the rules could be easily added. An example of this would be a ticket booking site. It would be in a list of services and selecting it would allow transactions with that site.

For how long have I used the solution?

I have been working with Sourcefire SNORT for six months.

What do I think about the stability of the solution?

There are some bugs in this solution and troubleshooting them is complicated.

What do I think about the scalability of the solution?

The scalability of this solution is good.

How are customer service and technical support?

The technical support is good and is better than Check Point.

Which solution did I use previously and why did I switch?

We are also using Check Point but it does not work as well as Sourcefire SNORT, which is why we are switching. For example, customized URLs do not work in Check Point. Check Point is also more complex.

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

This is a good solution and one that I would recommend to others.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Operations Expert at Asiacell
Real User
Top 20
Known bugs consume memory and CPU resources to the point where we are seeking a new solution
Pros and Cons
  • "The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
  • "We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."

What is our primary use case?

The primary use of this solution is intrusion prevention, for both user-to-server traffic, and server-to-server traffic.

Most of our environment is Cisco including ISE, our access control, routers, switches, call center, and TelePresence.

How has it helped my organization?

The current solution that we are using is actually a bottleneck for us. It is negatively impacting our performance because it cannot handle our traffic. The SSL offloading did not work and gives us an error regarding resources in terms of memory and CPU. 

Other than the performance issue, this product is very good because it prevents many attacks and intrusions. We have seen this from the monitoring logs. Unfortunately, with the issue related to the system slowing down, it cannot be utilized 100%. I would like to be able to use the SSL offloading and the anti-malware features.

What is most valuable?

The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that. It can tune its IPS rules automatically based on what it has learned. This feature is not available in other IPS solutions, so it is very beneficial for us. Manually tuning the IPS rules is difficult because we have thousands of them.

What needs improvement?

We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco.

Sourcefire SNORT is very resource heavy in terms of CPU usage and memory consumption. Technical support has told us that this is related to bugs that have yet to be fixed.

For how long have I used the solution?

We have been using Cisco Sourcefire SNORT for three years.

What do I think about the stability of the solution?

What we are using now is not very stable and it results in performance issues that are related to memory and CPU consumption.

What do I think about the scalability of the solution?

Scalability-wise, I can see that Cisco is one of the leaders in IPS solutions. However, I cannot comment on it personally because I have not used products by other vendors for this use case.

We have many thousands of machines that are being monitoring by my team, cybersecurity. All of the production traffic goes through Sourcefire. Because of the performance issues, we are unable to use all of the features. For example, we cannot use the SSL policy or the AMP policy.

Which solution did I use previously and why did I switch?

We did use another product prior to Cisco Sourcefire SNORT but it was before I joined the company and I am unable to comment on it.

How was the initial setup?

The initial setup is straightforward and the configuration is easy.

We implemented this solution in stages because it could not be done all at once.  It took us perhaps just over a month to finish moving all of our servers from IDS to IPS, from detection to prevention.

What about the implementation team?

Our own team was responsible for the implementation. I handled all of it myself.

What other advice do I have?

A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably.

I would rate this solution a one out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Cisco Sourcefire SNORT. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,689 professionals have used our research since 2012.
GoumouFerdinand
Security Engineer at Socitech SA
Real User
Good functionality and has the possibility to have one manager for other firewalls but stability needs to improve
Pros and Cons
  • "In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
  • "To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."

What is our primary use case?

I work directly with clients, such as financial companies like banks, for example. Most of the time they want they're product to be on their premises, only in their local area.

What is most valuable?

In general, the features are all great. However, if I need to take hardware for ASA because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower, you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well. 

The functionality they have deployed is also very good. They provide the possibility to have one manager for other firewalls, which is Firepower Management Center. I can manage many other firewalls from Firepower Management Center, by just logging on to the other device. That feature is also very great. 

The idea that they implement the malware protection inside the firewall is another great feature. This has the same features and functionality as they had for the IPS device. The way they deploy the AMP is also great because from there we can even go to the packet level, both to the header of the packet, as well as inside the packet, to see if there is any virus there. Right now, the firewall has the possibility to pick up inspection, not only on the header of the packet but off the packet itself. That feature is very great.

There are a lot of features that I really appreciate with Firepower, which is why I advise most of my customers to go with Firepower.

What needs improvement?

To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team is working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have.

Another issue where there's room for improvement is that sometimes I feel like the device is heavy. For example, we can use either the physical or virtual device. Most of the time if you are using the virtual device, you need to have very good RAM. If, for example, we don't have a good RAM in the environment, the device will be kind of heavy. It will not run as quick as you want. Most of the time we need a  minimum of 4GB of RAM. Maybe they should add the possibility that we could use 2GB of RAM so that the device can be more lightweight.

Those are all small things, but if they can improve them it would be great. Of course, everything is dependent on the process running behind it. I don't know if they have the possibility to make these changes, but if they can, it would be great.

For how long have I used the solution?

I've been using this solution for almost two years.

How are customer service and technical support?

When I have an issue I usually go to the community. Most of the time I'll find the solution there. Right now, I don't have any open cases with Cisco, so I don't know if they're able to respond on time. For their other products like Fusion, I have an open case with their technical support team that I'm waiting for them to respond to. For Firepower, however, I don't have any issue that would lead me up to open up a case.

For my experience, technical support is okay. I never had the kind of issue that technical support could not resolve because I would just go to the community. The technical community is very good for me so far.

How was the initial setup?

For me, it was straightforward, maybe because I'm used to it. 

The first step is to install Linux because the product is based on Linux OS. Then, I just install the Firewall Management Center. After installing that, I install the full Firepower Firewall. From there, I would make sure that the Firewall Management Center and Firepower can ping each other, that they have connectivity. If that works, then I would add all the IPs of Firepower to the Firepower Management Center. Once that is finished, the whole installation is done, and I can try to call the Firepower Firewall directly to the grid from within Firepower Management Center.

I think the installation is okay. It is easy for me.

Deployment time varies from customer to customer. It depends on what things they want to deploy.

What other advice do I have?

I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
GebremichaelTeklemariam
Networking and Security Engineer at IE Network Solutions PLC (Ethiopia)
Real User
Has good malware detection and URL filtering features and technical support is good
Pros and Cons
  • "I like most of Cisco's features, like malware detection and URL filtering."
  • "I don't think this solution is a time-based control system, because one cannot filter traffic based on time."

What is our primary use case?

Our primary use case of this solution is as a firewall, as an access control. We don't use it as access detection or as an intrusion prevention system, because we didn't configure it as a detector.

What is most valuable?

I like most of Cisco's features, like malware detection and URL filtering.

What needs improvement?

I don't think this solution is a time-based control system, because one cannot filter traffic based on time. 

For how long have I used the solution?

I have you been using this solution for about two years now.

What do I think about the stability of the solution?

Sometimes it has an object priority, like priority for users. Sometimes the cloud agent and the host device for the center, fails to update or to cache the objects from the cloud.

What do I think about the scalability of the solution?

The solution is scalable and I think it can be integrated with some Cisco devices and other third party devices.

How are customer service and technical support?

If you compare it to other vendors, the technical support from Cisco is excellent. 

How was the initial setup?

The initial setup is quite complex and some set parameters are definitely needed. However, the more you try it, the easier it gets. When we push a specific policy, it takes from two minutes up to five minutes to deploy. So it depends on the deployment configuration. For the general deployment, it depends on the expert. 

What other advice do I have?

The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature.

What's more, some of the configurations are a little bit complex, like the mapping.  It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company.

On a scale from one to 10, I will rate this solution an eight. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
NAWAF-TAWAKOL
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
User friendly GUI, good filtering capability, and good technical support

What is our primary use case?

We are a system integrator and this is one of the solutions that we provide to our customers. This solution is for inspecting traffic. It works with the firewall, email, etc. This is for an on-premises deployment.

How has it helped my organization?

This is a solution that we trust for protection.

What is most valuable?

The most valuable feature of this solution is the filtering. It does well for eliminating email spam. The GUI is user-friendly.

What needs improvement?

The price of this solution could be improved. If the price is brought down then everybody will be happy. I would like to see a cloud-based version of this solution.

For how long have I used the solution?

I have been familiar with this solution for five years.

What do I

What is our primary use case?

We are a system integrator and this is one of the solutions that we provide to our customers.

This solution is for inspecting traffic. It works with the firewall, email, etc.

This is for an on-premises deployment.

How has it helped my organization?

This is a solution that we trust for protection.

What is most valuable?

The most valuable feature of this solution is the filtering.

It does well for eliminating email spam.

The GUI is user-friendly.

What needs improvement?

The price of this solution could be improved. If the price is brought down then everybody will be happy.

I would like to see a cloud-based version of this solution.

For how long have I used the solution?

I have been familiar with this solution for five years.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

Scalability is something that Cisco has always cared about. There is no problem with it. For example, if you have one branch and you want to expand to two or three then it will work without any problems.

How are customer service and technical support?

The technical support is very good. I deal with several Cisco departments, and they have a good team. The team around the world is large and their support is very good.

We had a customer who had a problem with their server, and Cisco sent an entirely new one as a replacement. 

How was the initial setup?

The initial setup of this solution is a little bit complex compared to other solutions.

The average deployment takes approximately half a day. It depends on the environment. If we are connecting braches versus only connecting the head office, the length of time to deploy can change.

What's my experience with pricing, setup cost, and licensing?

Licensing for this solution is paid on a yearly basis.

What other advice do I have?

This solution has improved a lot in the past few years.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Engineer at a tech services company with 51-200 employees
Real User
User-friendly and provides important insights into SSL traffic
Pros and Cons
  • "The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
  • "With the next release, I would like to see some PBR, so that you can do the configuration with the features."

What is our primary use case?

The main features of the Cisco Sourcefire are that it's a next-generation firewall with new features. It has application security, advanced malware protection, URL filterings, encryption, and decryption.

It is also used for email filtration and web application cyber protection.

The deployment model we used was on-premises.

How has it helped my organization?

This solution has improved our security level for our organization. It's a more intellectual system with many features that can help us with decryption. 

At this time, we have more than eighty-six percent of the traffic is SSL. We must decrypt this, and these devices provide us with tools for encrypted traffic inspection.

What is most valuable?

 It's user-friendly for engineers and works well for configuration and debugging.

The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates.

What needs improvement?

This is a good solution, but some others may have some advantages. For example, Palo Alto has more useful and suitable application abilities. This solution has a better Firepower but the functionalities are not as good.

With the next release, I would like to see some PBR, so that you can do the configuration with the features.

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

This solution is stable if we talk about boxes, and usually, it is a strong system, but with some software versions, we have had some trouble. I think that it depends on the manufacturers. 

What do I think about the scalability of the solution?

This solution is scalable and reliable.

You can use it in a cluster for one PC or a cluster for two different data centers.

How are customer service and technical support?

The support is good.

For customers, there are many features and we try to resolve as many issues as we can, but we only have access to some of the core elements. They can only be resolved by contacting technical support.

How was the initial setup?

The initial setup and configuration are easy.

You can create panels with deeper functionalities, but you need a bit more experience with the technology. 

What other advice do I have?

Providing videos and materials are useful, but really what you need is the experience in analyzing logs. Without that, you wouldn't be able to problem-solve on your own, even with the assistance of videos.

I would recommend this solution. It's reliable and scalable, with easy installation and integration.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a financial services firm with 201-500 employees
Real User
A straightforward setup, and flexible enough to activate based on any rule that I want
Pros and Cons
  • "The whole solution is very good, and stable."
  • "The customization of the rules can be simplified."

What is our primary use case?

We use this solution, in conjunction with the Cisco Firepower 4000 series, for security in our data center. We also use it with a Cisco Firepower 2000 series for our VPN and internet access firewall.

What is most valuable?

The most valuable feature of this solution is support for everything in the same box, including IPS, High Availability, etc.

What needs improvement?

This solution needs to be more customizable.

The customization of the rules can be simplified.

For how long have I used the solution?

We have been using this solution for about five months.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

This is a scalable solution that I can apply to any rule I want.

We have approximately five hundred and fifty employees who are protected by this solution.

How are customer service and technical support?

We contacted technical support many times during our deployment, but none of them were directly related to Sourcefire SNORT.

Which solution did I use previously and why did I switch?

Prior to this solution, we used McAfee. We switched because we replace our firewalls every five or six years.

How was the initial setup?

The initial setup of this solution is straightforward.

The deployment took approximately two days, which included applying the IPS rules in the Sourcefire policy.

One person is suitable for deployment and maintenance.

What about the implementation team?

A support company assisted us with the deployment.

What's my experience with pricing, setup cost, and licensing?

We have a three-year license for this solution.

Which other solutions did I evaluate?

We evaluated Fortinet FortiGate and Palo Alto before choosing this solution.

What other advice do I have?

We are satisfied with this solution. The whole solution is very good, and stable.

There are three modes that can be configured. The first is collectivity over security, the second is security over collectivity, and the third is a balanced mode. We have implemented a balanced mode, and it works just fine.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief technology officer at Next Generation Systems Nigeria Limited
Real User
A great firewall with advanced malware protection and URL filtering
Pros and Cons
  • "Cisco technical support is unbeatable. It offers a premium service every time."
  • "The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."

What is our primary use case?

We primarily use the solution as security on either side of the VPN.

What is most valuable?

The ability to roll out the services is an excellent aspect of the solution. They have advanced malware protection for URL filtering. I like working with both of these features.

What needs improvement?

The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market.

For how long have I used the solution?

I've been using the solution for eight years.

What do I think about the stability of the solution?

The solution has a considerable amount of stability.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and technical support?

Cisco technical support is unbeatable. It offers a premium service every time.

What other advice do I have?

We typically work with the on-premises deployment model.

Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product.

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a individual & family service with 10,001+ employees
Real User
Enables us to prevent and detect intrusion in our network and actually decrease our SLA
Pros and Cons
  • "Solid intrusion detection and prevention that scales easily in very large environments."
  • "Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."

What is our primary use case?

Our primary use for the solution is security, mostly in intrusion prevention.

How has it helped my organization?

With Cisco Sourcefire SNORT, we've been able to prevent and detect intrusion in our network and actually decrease our SLA (Service Level Agreement).

What is most valuable?

For us, the scalability of the solution is really useful. We were able to rebuild our network recently and we plan to add another 500 nodes throughout South America.

What needs improvement?

One addition to the current product that I think would be helpful is if it was integrated into the Cisco DNA Center. Between their security side, their routing, and the wireless side, they kind of have a gap. If they could bridge the gap and integrate all those in the DNA Center, I think that would be a good goal and something useful to users.

What do I think about the stability of the solution?

We haven't had any problem with the stability of the solution so far. It's been a solid platform and considering how quickly we scaled without any major issues, the stability really speaks for itself.

What do I think about the scalability of the solution?

When we recently upgraded our network the scalability of the product became obvious. We're planning to add about 500 extra nodes throughout South America and we're able to scale the platform to be able to utilize the solutions.

How are customer service and technical support?

I honestly haven't had to use technical support that much because we haven't had that many issues. I guess that says something about the quality of the product when you don't need to use tech support in an installation as large as ours.

Which solution did I use previously and why did I switch?

The main reason why we switched to this solution had to do with growth. We were growing at a very high rate at the time so we needed a solution that could handle a much larger architecture reliably. This was just one of the options that we were looking at and we really thought we'd benefit from the top-notch solution that the platform was.

How was the initial setup?

The initial setup was fairly simple. We did it a couple of years ago but I remember it went well. It was, I think, a three-month project and rolled over pretty easily into our expansion.

What about the implementation team?

The initial implementation was done with the assistance of a consultant. I don't remember the name of the group but it was a good experience. We enjoyed their experience and assistance very much.

Which other solutions did I evaluate?

There were a couple of other products that we considered at the time. None of them made it very far in the process because they just didn't have a lot of the capabilities that we were looking for. Cisco came out on top.

What other advice do I have?

I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use.

The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Sourcefire SNORT Report and get advice and tips from experienced pros sharing their opinions.