We performed a comparison between Cisco Sourcefire SNORT and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of this solution is the filtering."
"I like most of Cisco's features, like malware detection and URL filtering."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"The solution is stable."
"The URL filtering is very good and you can create a group for customized URLs."
"Cisco technical support is unbeatable. It offers a premium service every time."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"We often use the new feature to create PCAP files from the whole data traffic. It makes it much easier to find network problems such as whether the server is responding to a request. It has nothing to do with security, but it helps a lot to find other problems."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen."
"Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products... Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"I would like to have analytics included in the suite."
"There are problems setting up VPNs for some regions."
"The cloud can be improved."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
"The rules for threats are not always precise and Vectra AI should improve this."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
Cisco Sourcefire SNORT is ranked 15th in Intrusion Detection and Prevention Software (IDPS) with 17 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 39 reviews. Cisco Sourcefire SNORT is rated 7.6, while Vectra AI is rated 8.6. The top reviewer of Cisco Sourcefire SNORT writes "The solution provides visibility across virtual environments, protects internal networks, and is scalable to meet organizational needs". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Palo Alto Networks URL Filtering with PAN-DB, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Trend Micro Deep Discovery. See our Cisco Sourcefire SNORT vs. Vectra AI report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.