Cloud Architect at a consultancy with 1-10 employees
Real User
Top 20
Oct 28, 2025
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledge, it's up to whoever creates the Cisco Sourcefire SNORT rules to try and understand the system to identify zero days. Cisco Sourcefire SNORT has the ability, but it's up to who actually creates the rules. I don't feel I have enough experience to comment on areas that could be improved or could be continuously improved upon with Cisco Sourcefire SNORT.
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance, and see whether there is any trouble. We are using Cisco DNA center, but again, we have a multiple layer set up. Other than Cisco DNA Center, we do have some other products. For Cisco, we are using DNA Center now. I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced.
The security landscape is changing, so the cloud can be improved. As we move, we try to adopt more cloud services and integrate everything, such as on-premise solutions, to get them to work with cloud solutions. The utopia is to see everything from one dashboard, but sometimes that's not very possible.
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Mar 18, 2021
The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it. The implementation could be a bit easier. As long as they continue to develop security features to protect our company, they will be doing quite well.
While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive.
Team Lead at a tech services company with 201-500 employees
Real User
Apr 13, 2020
Performance needs improvement. If you compare Cisco Sourcefire with other products, it performs at the same level of compliance. For Cisco Sourcefire, it's not really horrible and it's not really the market and price-performance rate. The performance can be improved.
Network Engineer at a tech services company with 501-1,000 employees
Real User
Jan 12, 2020
There are problems setting up VPNs for some regions. There are cases where they are permitted in Sourcefire but blocked in Check Point. There are some outside ports that are allowed by default but should not be. It would be helpful if a list of third-party services were listed so that the rules could be easily added. An example of this would be a ticket booking site. It would be in a list of services and selecting it would allow transactions with that site.
Information Security Operations Expert at Asiacell
Real User
Jan 9, 2020
We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco. Sourcefire SNORT is very resource heavy in terms of CPU usage and memory consumption. Technical support has told us that this is related to bugs that have yet to be fixed.
To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team is working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have. Another issue where there's room for improvement is that sometimes I feel like the device is heavy. For example, we can use either the physical or virtual device. Most of the time if you are using the virtual device, you need to have very good RAM. If, for example, we don't have a good RAM in the environment, the device will be kind of heavy. It will not run as quick as you want. Most of the time we need a minimum of 4GB of RAM. Maybe they should add the possibility that we could use 2GB of RAM so that the device can be more lightweight. Those are all small things, but if they can improve them it would be great. Of course, everything is dependent on the process running behind it. I don't know if they have the possibility to make these changes, but if they can, it would be great.
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
Oct 13, 2019
The price of this solution could be improved. If the price is brought down then everybody will be happy. I would like to see a cloud-based version of this solution.
Senior Engineer at a tech services company with 51-200 employees
Real User
Oct 6, 2019
This is a good solution, but some others may have some advantages. For example, Palo Alto has more useful and suitable application abilities. This solution has a better Firepower but the functionalities are not as good. With the next release, I would like to see some PBR, so that you can do the configuration with the features.
Network Engineer at a individual & family service with 10,001+ employees
Real User
Jul 2, 2019
One addition to the current product that I think would be helpful is if it was integrated into the Cisco DNA Center. Between their security side, their routing, and the wireless side, they kind of have a gap. If they could bridge the gap and integrate all those in the DNA Center, I think that would be a good goal and something useful to users.
Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledge, it's up to whoever creates the Cisco Sourcefire SNORT rules to try and understand the system to identify zero days. Cisco Sourcefire SNORT has the ability, but it's up to who actually creates the rules. I don't feel I have enough experience to comment on areas that could be improved or could be continuously improved upon with Cisco Sourcefire SNORT.
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance, and see whether there is any trouble. We are using Cisco DNA center, but again, we have a multiple layer set up. Other than Cisco DNA Center, we do have some other products. For Cisco, we are using DNA Center now. I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced.
The solution has some stability issues. Also, it's complicated compared to other products like FortiGate.
The main dashboard of Cisco Sourcefire SNORT could improve.
The solution is expensive and can improve by lowering the cost. I would like to have analytics included in the suite.
The security landscape is changing, so the cloud can be improved. As we move, we try to adopt more cloud services and integrate everything, such as on-premise solutions, to get them to work with cloud solutions. The utopia is to see everything from one dashboard, but sometimes that's not very possible.
The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it. The implementation could be a bit easier. As long as they continue to develop security features to protect our company, they will be doing quite well.
I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it.
While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive.
Performance needs improvement. If you compare Cisco Sourcefire with other products, it performs at the same level of compliance. For Cisco Sourcefire, it's not really horrible and it's not really the market and price-performance rate. The performance can be improved.
There are problems setting up VPNs for some regions. There are cases where they are permitted in Sourcefire but blocked in Check Point. There are some outside ports that are allowed by default but should not be. It would be helpful if a list of third-party services were listed so that the rules could be easily added. An example of this would be a ticket booking site. It would be in a list of services and selecting it would allow transactions with that site.
We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco. Sourcefire SNORT is very resource heavy in terms of CPU usage and memory consumption. Technical support has told us that this is related to bugs that have yet to be fixed.
To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team is working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have. Another issue where there's room for improvement is that sometimes I feel like the device is heavy. For example, we can use either the physical or virtual device. Most of the time if you are using the virtual device, you need to have very good RAM. If, for example, we don't have a good RAM in the environment, the device will be kind of heavy. It will not run as quick as you want. Most of the time we need a minimum of 4GB of RAM. Maybe they should add the possibility that we could use 2GB of RAM so that the device can be more lightweight. Those are all small things, but if they can improve them it would be great. Of course, everything is dependent on the process running behind it. I don't know if they have the possibility to make these changes, but if they can, it would be great.
I don't think this solution is a time-based control system, because one cannot filter traffic based on time.
The price of this solution could be improved. If the price is brought down then everybody will be happy. I would like to see a cloud-based version of this solution.
This is a good solution, but some others may have some advantages. For example, Palo Alto has more useful and suitable application abilities. This solution has a better Firepower but the functionalities are not as good. With the next release, I would like to see some PBR, so that you can do the configuration with the features.
This solution needs to be more customizable. The customization of the rules can be simplified.
The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market.
One addition to the current product that I think would be helpful is if it was integrated into the Cisco DNA Center. Between their security side, their routing, and the wireless side, they kind of have a gap. If they could bridge the gap and integrate all those in the DNA Center, I think that would be a good goal and something useful to users.