No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Sourcefire SNORT vs Darktrace comparison

Cisco and Darktrace are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 8.5, while Darktrace is ranked #2 with an average rating of 8.1. Cisco holds a 3.0% mindshare in ID, compared to Darktrace’s 10.3% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cisco Sourcefire SNORT
Read 20 Cisco Sourcefire SNORT reviews
  • 2,025 Views
  • 1,721 Comparison Views
95% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 26,968 Views
  • 5,663 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 29, 2026

Cisco Sourcefire SNORT and Darktrace are competing in the network security domain. Cisco Sourcefire SNORT often has the upper hand in cost-effectiveness and strong technical support, while Darktrace is preferred for its advanced AI-driven threat detection capabilities, despite being higher priced.

Features: Cisco Sourcefire SNORT is appreciated for its open-source flexibility, extensive customization capabilities, and comprehensive technical support. Darktrace offers AI-powered threat detection, autonomous response, and adaptive learning, which enhance its proactive security measures.

Room for Improvement: Cisco Sourcefire SNORT could improve in simplifying its deployment process for less technical users and providing more intuitive user interfaces. Darktrace could enhance scalability, narrow down its abundant graphical features for clarity, and focus on reducing deployment costs.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT has a detailed documentation process that facilitates efficient deployment for tech-savvy users. Darktrace offers intuitive deployment and requires minimal configuration, along with excellent ongoing support and updates.

Pricing and ROI: Cisco Sourcefire SNORT is known for its low initial setup costs, providing substantial ROI for organizations able to leverage its open-source flexibility. Darktrace involves higher initial and ongoing costs, but users find value in its investment due to the reduction in security breach incidents.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Darktrace Report (Updated: June 2026).
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
June 2026
Download the complete report
Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Intrusion Detection and Prevention Software (IDPS)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of June 2026, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.0%, up from 2.5% compared to the previous year. The mindshare of Darktrace is 10.3%, down from 14.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS) Mindshare Distribution
ProductMindshare (%)
Darktrace10.3%
Cisco Sourcefire SNORT3.0%
Other86.7%
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

reviewer2772102 - PeerSpot reviewer
reviewer2772102
Cloud Architect at a consultancy with 1-10 employees
Logging and customizable rules have helped improve threat monitoring and detection
The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT. Being able to log and store it in a file allows you to push it to a centralized repository. The logging and reporting help improve incident response. You should always be logging threats, any sort of misconfiguration, and anything that could be an issue. It's important to at least log and monitor it. The basic rules provide a good baseline in assessing Cisco Sourcefire SNORT's ability in providing real-time analytics for threat detection, but as a professional, you should look to constantly modify that baseline. They provide extensive customizability so you can define your own rules. The customizability allows it to be adaptable in protecting against diverse network threats to the constant change.
Read full review
Pasan Jayarathna - PeerSpot reviewer
Pasan Jayarathna
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT; being able to log and store it in a file allows you to push it to a centralized repository."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"The whole solution is very good, and stable."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"Solid intrusion detection and prevention that scales easily in very large environments."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
More Cisco Sourcefire SNORT pros
"The most valuable features are the AI and advanced learning tools that distinguish it from other products."
"Artificial intelligence and machine learning functionalities are valuable."
"I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
"Overall, this is a good product that seems to be working well."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"It is a very simple product to use."
"You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network."
"The models, triggers, and alerts are customizable."
More Darktrace pros
 

Cons

"Cisco Sourcefire SNORT can scale, but if you have too much, you could fill up your log files, which I consider when discussing scalability."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"If the price is brought down then everybody will be happy."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"The customization of the rules can be simplified."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
More Cisco Sourcefire SNORT cons
"There is a high ratio of false positive information."
"The user interface and the configuration are a bit complex and should be improved or simplified."
"Pricing bothers me and this is one of the major factors when choosing a solution."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"The technical support is not very good."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
"The cost of the solution is quite high."
More Darktrace cons
 

Pricing and Cost Advice

"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"Licensing for this solution is paid on a yearly basis."
"The cost is per port and can be expensive but it does include training and support for three years."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"We have a three-year license for this solution."
"It is pretty expensive, but it is worth it. Its licensing is yearly."
"In the ballpark, we're talking about $30K, $50K, and up. It can even be as much as $50K or $100K."
"The pricing is a little high compared to the competition."
"All of the other modules, such as the licensing modules, are on par. It's one for one."
"It's an expensive solution."
"We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost."
"They are too expensive compared with other vendors."
"The pricing is quite high, estimated at around $350,000 per year."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
900,644 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Construction Company
10%
Comms Service Provider
8%
University
8%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise8
Large Enterprise7
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledg...
See all answers
What is your primary use case for Cisco Sourcefire SNORT?
Endpoint protection is the main use case. The main aspect involves specifying different rules, and when network traffic hits these rules, it will try to block the traffic or at least log the traffi...
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 10% of the time
ExtremeCloud IQ vs Cisco Sourcefire SNORT Logo
ExtremeCloud IQ vs Cisco Sourcefire SNORT
Compared 9% of the time
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT Logo
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT
Compared 9% of the time
TrendAI Tipping Point vs Cisco Sourcefire SNORT Logo
TrendAI Tipping Point vs Cisco Sourcefire SNORT
Compared 8% of the time
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT Logo
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT
Compared 6% of the time
More Cisco Sourcefire SNORT Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 5% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 2% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
June 2026
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Darktrace
June 2026
Darktrace reportDownload Darktrace product report
 

Also Known As

Sourcefire SNORT
No data available
 

Overview

Cisco Sourcefire SNORT is a versatile cybersecurity tool offering threat detection, scalability, and integration with Cisco tools. It is recognized for ease of configuration and comprehensive protection, making it suitable for intrusion prevention and firewall applications.

Cisco Sourcefire SNORT provides advanced malware protection and integrates seamlessly with Cisco products. It enables automatic IPS tuning, real-time visibility, and intelligent security automation, which together enhance network security. Users benefit from its URL filtering, email spam elimination, and it delivers low false positives. Though highly effective, feedback highlights a desire for improvements in stability, dashboard effectiveness, traffic blocking customizations, and integration with Cisco DNA Center. Cost concerns and calls for cloud-based deployments also emerge in user feedback. Technical support and performance are also discussed, with VPN configuration posing challenges.

What are the key features of Cisco Sourcefire SNORT?
  • Threat Detection: Identifies and mitigates network threats efficiently.
  • Scalability: Easily adapts to growing network demands.
  • Cisco Integration: Works smoothly with existing Cisco infrastructure.
  • Advanced Malware Protection: Provides comprehensive security against sophisticated threats.
  • Real-Time Visibility: Offers live insights into network activity.
  • Automatic IPS Tuning: Adjusts security policies dynamically.
What benefits can be found in user reviews?
  • Ease of Configuration: Streamlined setup process.
  • Comprehensive Protection: Low false positive rates ensuring broader security.
  • Robust Support: Access to extensive Cisco support network.

Organizations primarily deploy Cisco Sourcefire SNORT for network security in sectors like finance and healthcare. Used extensively in data centers with Cisco Firepower, it provides intrusion prevention, URL filtering, and VPN security. Pre-configured settings make it practical for on-premises deployment, ensuring secure user-to-server and server-to-server interactions.

Cisco

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
June 2026
Free Report: Cisco Sourcefire SNORT vs. Darktrace
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Darktrace and other solutions. Updated: June 2026.
DOWNLOAD NOW
900,644 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Darktrace report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.