Likelihood to Recommend
It is well suited for a high energy environment with a lot of traffic, from an administration standpoint it can take a full time person to manage and maintain the devices.
- The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
- Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
- In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet our 10Gbps network requirements as Sourcefire could with their 8350 appliances.
Return on Investment
- Sourcefire has given us a positive ROI. We don't really have the metrics to show this, but the cost for having it, vs the savings between blocking bad sites and the manpower to respond to malware infestations are worth it. It's hard to measure what you don't get.
Premium Consulting/Integration Services—
Entry-level set up fee?