No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Sourcefire SNORT vs Darktrace comparison

Cisco and Darktrace are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 8.5, while Darktrace is ranked #2 with an average rating of 8.1. Cisco holds a 3.1% mindshare in ID, compared to Darktrace’s 10.5% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cisco Sourcefire SNORT
Read 20 Cisco Sourcefire SNORT reviews
  • 1,857 Views
  • 1,560 Comparison Views
95% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 24,919 Views
  • 5,482 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 29, 2026

Cisco Sourcefire SNORT and Darktrace are competing in the network security domain. Cisco Sourcefire SNORT often has the upper hand in cost-effectiveness and strong technical support, while Darktrace is preferred for its advanced AI-driven threat detection capabilities, despite being higher priced.

Features: Cisco Sourcefire SNORT is appreciated for its open-source flexibility, extensive customization capabilities, and comprehensive technical support. Darktrace offers AI-powered threat detection, autonomous response, and adaptive learning, which enhance its proactive security measures.

Room for Improvement: Cisco Sourcefire SNORT could improve in simplifying its deployment process for less technical users and providing more intuitive user interfaces. Darktrace could enhance scalability, narrow down its abundant graphical features for clarity, and focus on reducing deployment costs.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT has a detailed documentation process that facilitates efficient deployment for tech-savvy users. Darktrace offers intuitive deployment and requires minimal configuration, along with excellent ongoing support and updates.

Pricing and ROI: Cisco Sourcefire SNORT is known for its low initial setup costs, providing substantial ROI for organizations able to leverage its open-source flexibility. Darktrace involves higher initial and ongoing costs, but users find value in its investment due to the reduction in security breach incidents.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Darktrace Report (Updated: April 2026).
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
April 2026
Download the complete report
Helped 893,221 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Intrusion Detection and Prevention Software (IDPS)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (9th), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of May 2026, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.1%, up from 2.5% compared to the previous year. The mindshare of Darktrace is 10.5%, down from 14.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS) Mindshare Distribution
ProductMindshare (%)
Darktrace10.5%
Cisco Sourcefire SNORT3.1%
Other86.4%
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

reviewer2772102 - PeerSpot reviewer
reviewer2772102
Cloud Architect at a consultancy with 1-10 employees
Logging and customizable rules have helped improve threat monitoring and detection
The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT. Being able to log and store it in a file allows you to push it to a centralized repository. The logging and reporting help improve incident response. You should always be logging threats, any sort of misconfiguration, and anything that could be an issue. It's important to at least log and monitor it. The basic rules provide a good baseline in assessing Cisco Sourcefire SNORT's ability in providing real-time analytics for threat detection, but as a professional, you should look to constantly modify that baseline. They provide extensive customizability so you can define your own rules. The customizability allows it to be adaptable in protecting against diverse network threats to the constant change.
Read full review
AM
Anil M
Technical Consultant - Unix Platform Services at BITS AND BYTE IT CONSULTING PVT LTD
Consistent threat hunting and anomaly detection deliver valuable insights for network security management
In terms of improvement for Darktrace, pricing is the main concern. Pricing bothers me and this is one of the major factors when choosing a solution. When we get feedback from customers, that's the only felt need. When we factor in Darktrace, we do it only limited. We put it on where the perimeters and connections are, but still, some gray areas are left out, especially if we have multiple branches. We need Darktrace on each branch to get the data out, and I suggest having some kind of a centralized product that gets data from multiple sources to aggregate and provide the data.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The whole solution is very good, and stable."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"Cisco technical support is unbeatable. It offers a premium service every time."
"This solution makes life a lot easier as there are fewer man-hours required and we no longer need too many resources to manage it."
"Users have access to intelligent security automation as one of the features, which can easily automate your event impact assessment so your IPS policy tuning can be done as well as your network behavior analysis, and you can do real-time contextual awareness with correlation of events created on your applications, user devices, operating systems, or vulnerabilities, with all of this real-time data captured including your apps and port scans."
"The whole solution is very good, and stable."
"The most valuable feature is the visibility that we have across the virtual environment."
More Cisco Sourcefire SNORT pros
"It is a stable solution without downtime."
"Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization."
"The NDR is good in their solution and they have NTG for email."
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"The solution can scale."
"You have visibility, and it will find anything that you miss with other solutions."
"What I like about Darktrace, is that you can quickly identify threats."
More Darktrace pros
 

Cons

"Performance needs improvement."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"The pricing needs to be improved."
"This solution needs to be more customizable."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."
"I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced."
"If the price is brought down then everybody will be happy."
More Cisco Sourcefire SNORT cons
"I'd love them to see maybe covering the cloud a bit more."
"We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans."
"I did not use the AI features because they should make it more user-friendly which would be a benefit."
"My only criticism of the product is that its licensing model isn't flexible."
"The pricing model is a little too high and could be more flexible."
"It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"It is expensive, but everything else has been great so far."
More Darktrace cons
 

Pricing and Cost Advice

"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"Licensing for this solution is paid on a yearly basis."
"We have a three-year license for this solution."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"The cost is per port and can be expensive but it does include training and support for three years."
"The cost is moderate."
"The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
"The pricing is reasonable."
"The tool's pricing is costly."
"The pricing is expensive. It costs over $100,000 a year."
"The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
"I am using a demo of Darktrace for deployment and testing which is free."
"Darktrace is expensive. You can pay for the license yearly."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
893,221 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Comms Service Provider
9%
University
9%
Construction Company
9%
Manufacturing Company
9%
Computer Software Company
9%
Financial Services Firm
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise8
Large Enterprise7
By reviewers
Company SizeCount
Small Business45
Midsize Enterprise19
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledg...
See all answers
What is your primary use case for Cisco Sourcefire SNORT?
Endpoint protection is the main use case. The main aspect involves specifying different rules, and when network traffic hits these rules, it will try to block the traffic or at least log the traffi...
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 10% of the time
ExtremeCloud IQ vs Cisco Sourcefire SNORT Logo
ExtremeCloud IQ vs Cisco Sourcefire SNORT
Compared 9% of the time
TrendAI Tipping Point vs Cisco Sourcefire SNORT Logo
TrendAI Tipping Point vs Cisco Sourcefire SNORT
Compared 8% of the time
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT Logo
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT
Compared 8% of the time
Vectra AI vs Cisco Sourcefire SNORT Logo
Vectra AI vs Cisco Sourcefire SNORT
Compared 6% of the time
More Cisco Sourcefire SNORT Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 6% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 3% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
May 2026
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Darktrace
May 2026
Darktrace reportDownload Darktrace product report
 

Also Known As

Sourcefire SNORT
No data available
 

Overview

Cisco Sourcefire SNORT is a versatile cybersecurity tool offering threat detection, scalability, and integration with Cisco tools. It is recognized for ease of configuration and comprehensive protection, making it suitable for intrusion prevention and firewall applications.

Cisco Sourcefire SNORT provides advanced malware protection and integrates seamlessly with Cisco products. It enables automatic IPS tuning, real-time visibility, and intelligent security automation, which together enhance network security. Users benefit from its URL filtering, email spam elimination, and it delivers low false positives. Though highly effective, feedback highlights a desire for improvements in stability, dashboard effectiveness, traffic blocking customizations, and integration with Cisco DNA Center. Cost concerns and calls for cloud-based deployments also emerge in user feedback. Technical support and performance are also discussed, with VPN configuration posing challenges.

What are the key features of Cisco Sourcefire SNORT?
  • Threat Detection: Identifies and mitigates network threats efficiently.
  • Scalability: Easily adapts to growing network demands.
  • Cisco Integration: Works smoothly with existing Cisco infrastructure.
  • Advanced Malware Protection: Provides comprehensive security against sophisticated threats.
  • Real-Time Visibility: Offers live insights into network activity.
  • Automatic IPS Tuning: Adjusts security policies dynamically.
What benefits can be found in user reviews?
  • Ease of Configuration: Streamlined setup process.
  • Comprehensive Protection: Low false positive rates ensuring broader security.
  • Robust Support: Access to extensive Cisco support network.

Organizations primarily deploy Cisco Sourcefire SNORT for network security in sectors like finance and healthcare. Used extensively in data centers with Cisco Firepower, it provides intrusion prevention, URL filtering, and VPN security. Pre-configured settings make it practical for on-premises deployment, ensuring secure user-to-server and server-to-server interactions.

Cisco

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
April 2026
Free Report: Cisco Sourcefire SNORT vs. Darktrace
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Darktrace and other solutions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Darktrace report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.