We performed a comparison between Cisco Sourcefire SNORT and ExtraHop Reveal(x) based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS)."I like most of Cisco's features, like malware detection and URL filtering."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The whole solution is very good, and stable."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"The URL filtering is very good and you can create a group for customized URLs."
"The solution is stable."
"Cisco technical support is unbeatable. It offers a premium service every time."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"The security features of this solution are the most valuable."
"The solution works well for sending sensors."
"The solution's initial setup process is easy."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"Setting up the solution is relatively easy."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"I would like to have analytics included in the suite."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"If the price is brought down then everybody will be happy."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."
"Performance needs improvement."
"The solution's approach to managing traffic blocking is confusing and impractical."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"It needs integration with more security vendors."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"I would like to see more cloud capability."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"The solution should include more support protocols."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
Cisco Sourcefire SNORT is ranked 13th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Cisco Sourcefire SNORT is rated 7.6, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Darktrace, whereas ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Cisco Secure Network Analytics and Arista NDR.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.