Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
SonicWall TZ
ScoreĀ 8.1Ā outĀ ofĀ 10
N/A
SonicWall TZ is an entry to mid-tier NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Based on my experience, this is a solid platform for a small to mid sized company, especially when there is someone who has IT experience, or can get outsourced IT help. I would not recommend for someone who is a technology novice. Also, this is a competent device for someone who is looking to add VPN services for remote workers.
There are Service Bundles in SonicWall TZ that are Unlicensed and do not know why they have not be Activated - would need help to further understand benefits
Do not know why Standard Support is Unlicensed
WiFi range of TZ270W is very limited - need to add Access Points or Extended to obtain adequate coverage
Overall the new interface is very logical and easy to navigate. We did struggle at first coming from the older interface and finding our way around the new. But our new users found it very simple to find what they were looking for. One negative we do all struggle with is packet cpature not always being clear how its set/what is being monitored. this could do with more information on teh intial page instead of having to look for it
Once you get to a competent technician the support experience is better. But I have found that the lower tiers of support are very slow to respond (like 1 email per day) and you typically have to re-explain yourself a couple times before they get it. I have not used Phone support, and that may be a better experience.
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.
