Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Vectra AI comparison

Cisco and Vectra AI are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 7.7, while Vectra AI is ranked #4 with an average rating of 8.0. Cisco holds a 3.6% mindshare in ID, compared to Vectra AI’s 11.2% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 97% of Vectra AI users who would recommend it.
Cisco Sourcefire SNORT
Read 19 Cisco Sourcefire SNORT reviews
  • 1,037 Views
  • 633 Comparison Views
95% willing to recommend
Vectra AI
Read 45 Vectra AI reviews
  • 4,026 Views
  • 613 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 19, 2024

Cisco Sourcefire SNORT and Vectra AI compete in the cybersecurity space, offering distinct sets of features aimed at enhancing network security. Cisco Sourcefire SNORT leads in pricing and customer support, while Vectra AI excels in advanced threat detection, making it attractive despite higher costs.

Features: Cisco Sourcefire SNORT provides effective intrusion detection and prevention using a comprehensive rule-based system, ensuring robust security controls. It benefits from an open-source foundation allowing community-driven improvements. Vectra AI employs AI and machine learning to deliver automated threat detection and insightful threat responses, offering real-time visibility and reducing the manual workload.

Room for Improvement: Cisco Sourcefire SNORT could enhance its ease of use, as its rule customization requires significant technical expertise. The interface could also be more intuitive to streamline usability. Vectra AI might look at further improving its complexity reduction, as setting initial configurations requires significant time investment. Some users may benefit from enhanced documentation to better navigate advanced features.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT offers clear deployment paths with extensive documentation, yet requires more technical skills. Its open-source community provides added support. Conversely, Vectra AI's cloud-based infrastructure simplifies deployment, complemented by superior customer service for smoother system integration.

Pricing and ROI: Cisco Sourcefire SNORT is known for favorable pricing due to its open-source nature, offering potentially high ROI with customizable capabilities. Vectra AI, while more expensive, justifies its cost with advanced features that promise reduced long-term risks, appealing to those investing in comprehensive security solutions.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Vectra AI Report (Updated: June 2025).
Buyer's Guide
Cisco Sourcefire SNORT vs. Vectra AI
June 2025
Download the complete report
Helped 860,632 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.6
Reviews Sentiment
6.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
Vectra AI
Ranking in Intrusion Detection and Prevention Software (IDPS)
4th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
45
Ranking in other categories
Network Detection and Response (NDR) (2nd), Extended Detection and Response (XDR) (14th), Identity Threat Detection and Response (ITDR) (10th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of July 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.6%, down from 3.8% compared to the previous year. The mindshare of Vectra AI is 11.2%, up from 10.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Jack Poon - PeerSpot reviewer
Offers ease of setup and good documentation
When it comes to the product's deployment phase, we have a lot of vendor support. We have a lot of skills here in Hong Kong. Our company doesn't find any problem deploying Cisco solutions. The solution is deployed on an on-premises version. Speaking about the time required to deploy the solution, I would say that we have quite a lot of previous experience with deploying Cisco products. We have our company's standard design document, which we need to follow. We have a standard testing procedure for all those features. We just take out some appropriate parts and then compile them into one document for an individual project. It is actually quite easy for us to do the documentation, so it just takes one or two hours, and we can do the implementation because all the materials and testing procedures are already in our company standard documents, so it is not that difficult for us.
Read full review
Mohammad Alkurdi - PeerSpot reviewer
Innovative detection features enhance monitoring
The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is rather easy to use."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"The most valuable feature of this solution is the filtering."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"It is quite an intelligent product."
"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"Solid intrusion detection and prevention that scales easily in very large environments."
More Cisco Sourcefire SNORT pros
"The solution is currently used as a central threat detection and response system."
"The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen."
"Vectra AI is the best. It is a major product in our cybersecurity."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"Vectra AI helped our team be more productive and save time. We have less work thanks to it."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
More Vectra AI pros
 

Cons

"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"If the price is brought down then everybody will be happy."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."
"The customization of the rules can be simplified."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
More Cisco Sourcefire SNORT cons
"For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot."
"Multiple appliances are required for Vectra AI, making it less convenient compared to competitors."
"The main improvement I can see would be to integrate with more external solutions."
"Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."
"The advantages of the integration are not entirely out-of-the-box. You have to do it manually."
More Vectra AI cons
 

Pricing and Cost Advice

"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"Licensing for this solution is paid on a yearly basis."
"We have a three-year license for this solution."
"The cost is per port and can be expensive but it does include training and support for three years."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"The pricing is high."
"My company pays for the Vectra AI licensing fee yearly. I know the figure because my company recently renewed the license, and it's okay, at least for the financial sector."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"Vectra AI's pricing is cheaper than that of Darktrace."
"The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"It is an expensive solution, but it's not the most expensive we've seen. We also know how much we're going to pay, unlike with some other providers where all of a sudden our license explodes."
More Vectra AI pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
860,632 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
University
7%
Manufacturing Company
6%
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
See all answers
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance, and see whether there is any trouble. We are using Cisco DNA center, but again,...
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
See all answers
What is your experience regarding pricing and costs for Vectra AI?
It is very acceptable when you compare it with Darktrace, for example.
See all answers
 

Comparisons

Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT Logo
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT
Compared 20% of the time
Fortinet FortiGate IPS vs Cisco Sourcefire SNORT Logo
Fortinet FortiGate IPS vs Cisco Sourcefire SNORT
Compared 19% of the time
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 16% of the time
Trend Micro TippingPoint Threat Protection System vs Cisco Sourcefire SNORT Logo
Trend Micro TippingPoint Threat Protection System vs Cisco Sourcefire SNORT
Compared 8% of the time
ExtremeCloud IQ vs Cisco Sourcefire SNORT Logo
ExtremeCloud IQ vs Cisco Sourcefire SNORT
Compared 8% of the time
More Cisco Sourcefire SNORT Competitors
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Compared 30% of the time
ExtraHop Reveal(x) vs Vectra AI Logo
ExtraHop Reveal(x) vs Vectra AI
Compared 11% of the time
Corelight vs Vectra AI Logo
Corelight vs Vectra AI
Compared 7% of the time
Cisco Secure Network Analytics vs Vectra AI Logo
Cisco Secure Network Analytics vs Vectra AI
Compared 5% of the time
Arista NDR vs Vectra AI Logo
Arista NDR vs Vectra AI
Compared 5% of the time
More Vectra AI Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
July 2025
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Vectra AI
June 2025
Vectra AI reportDownload Vectra AI product report
 

Also Known As

Sourcefire SNORT
Vectra Networks, Vectra AI NDR
 

Overview

Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

Cisco

Vectra AI is used for detecting network anomalies and potential malicious activities, providing visibility into network traffic and enhancing threat detection across environments.

Organizations deploy Vectra AI mainly on-premises with additional cloud components. It helps with compliance, incident response, security monitoring, detecting insider threats, and correlating network events. Vectra AI captures and enriches network metadata, provides detailed dashboards, reduces false positives, and supports cross-environment behavioral analysis to enhance threat detection and prioritization. While valued for its high accuracy and alert aggregation, it has room for improvement in UI/UX, packet management, and integration with SIEMs and other tools. It is noted for expensive pricing and limited proactive threat response features.

What are Vectra AI's most valuable features?
  • High accuracy in identifying threat locations
  • Aggregation of alerts into single incidents
  • 24/7 threat detection
  • Visibility into the entire attack lifecycle
  • Risk score aggregation
  • Effective triaging of alerts
  • Integration with other tools
What benefits or ROI should users look for?
  • Enhanced threat detection and prioritization
  • Comprehensive network visibility
  • Reduction in false positives
  • Better incident response capabilities
  • Improved compliance monitoring

In specific industries, Vectra AI is deployed to monitor complex networks and alleviate challenges in threat detection. It is particularly effective in sectors requiring stringent compliance and security measures, offering insights and capabilities crucial for protecting sensitive data and maintaining operational integrity.

Vectra AI
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Buyer's Guide
Cisco Sourcefire SNORT vs. Vectra AI
June 2025
Free Report: Cisco Sourcefire SNORT vs. Vectra AI
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Vectra AI and other solutions. Updated: June 2025.
DOWNLOAD NOW
860,632 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Vectra AI report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.