TrustRadius
Sourcefire SNORT is network security software, acquired (and now supported) by Cisco, since 2013.https://dudodiprj2sv7.cloudfront.net/product-logos/40/Lo/UCT27I2XL5FC.jpegTo Sourcefire or not to Sourcefire?At my current position, we have Sourcefire deployed inline in a "layer 2" fashion to allow not only for constant threat monitoring but to also actively block threats and attacks as they occur. We utilize Sourcefire in "Stacks" allowing us to have full redundancy and Five9's up-time and protection. Prior to Sourcefire, we used TippingPoint however, their 10Gbp performance was not as efficient as Sourcefire modules allowing true 10Gbps network performance and scanning.,Real Time updates for security signatures via Talos Great signature blocking Excellent reporting via syslog to our Security Analytics collectors.,At times can be unstable with Cisco bugs, require frequent upgrading. FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.,7,The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise. It has given us great visibility to our network.,TippingPoint,TippingPoint IPS, Kemp LoadMaster, Palo Alto Networks Next-Generation Firewalls - PA SeriesPut some fire in your network securityWe use Sourcefire as an intrusion detection/prevention platform, but also as a form of a web filter, blocking certain types of sites. Its use is centered only in IT, as there's no need for any other part of the organization to use it. The goal of having it is to address the concern of watching web traffic and having a mechanism to aggressively block known bad sites, attacks, requests, etc.,The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you. Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring. In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.,Due to the extensive interface, it can be quite overwhelming to try and manage the product. There are many different places to go to set up individual items. It would be nice to simplify the interface down a bit Upgrades can be somewhat hazardous. I think they are working to get the upgrade process streamlined, but currently moving major version (5.x to 6.x) there was a lot of additional work outside of the UI that if not done correctly can tank the system, requiring a fresh load or restore from backup,10,Sourcefire has given us a positive ROI. We don't really have the metrics to show this, but the cost for having it, vs the savings between blocking bad sites and the manpower to respond to malware infestations are worth it. It's hard to measure what you don't get.,Barracuda Web Filter and Palo Alto Networks Next-Generation Firewalls - PA Series,eClinicalWorks, Cisco ASA, Jive-xSnort and Guardian, safe and secureI added SNORT and the guardian IPS to my firewall to help meet pci dss compliance. The setup was easy on my firewall - Ipfire - and I have had no problems related to its use. Before my cc terminal was changed, I had to disable guardian as it wouldn't let the old cc terminal through - I believe it was an SSL related issue. My old credit card processing company didn't seem interested in updating my terminal in a timely fashion. With the new cc terminal, I have had no issues. I sometimes leave my win xp virtual machine connected to the internet and have not seen any evidence of an intrusion. I know there are some false positives with the ruleset I use -emerging threats, but it has not blocked any traffic that has impaired any function on my network.,I am no IS expert, but I feel SNORT and guardian really helps keep my network safe. So far it has been easy to administer. SNORT and guardian are easy to install add-ons for my firewall.,There are plenty of false positives in the logs, but no problems noticed related to them.,10,Being open source, ROI on free is hard to beat for something that works. I believe it greatly enhances the security of my network.,Oracle VM VirtualBox
Unspecified
Cisco Sourcefire SNORT
11 Ratings
Score 8.7 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Cisco Sourcefire SNORT Reviews

Cisco Sourcefire SNORT
11 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101
Show Filters 
Hide Filters 
Filter 11 vetted Cisco Sourcefire SNORT reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-3 of 3)
  Vendors can't alter or remove reviews. Here's why.
Alan Matson, CCNA:S, MCP profile photo
April 25, 2018

Cisco Sourcefire SNORT Review: "To Sourcefire or not to Sourcefire?"

Score 7 out of 10
Vetted Review
Verified User
Review Source
At my current position, we have Sourcefire deployed inline in a "layer 2" fashion to allow not only for constant threat monitoring but to also actively block threats and attacks as they occur. We utilize Sourcefire in "Stacks" allowing us to have full redundancy and Five9's up-time and protection. Prior to Sourcefire, we used TippingPoint however, their 10Gbp performance was not as efficient as Sourcefire modules allowing true 10Gbps network performance and scanning.
  • Real Time updates for security signatures via Talos
  • Great signature blocking
  • Excellent reporting via syslog to our Security Analytics collectors.
  • At times can be unstable with Cisco bugs, require frequent upgrading.
  • FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
It is well suited for a high energy environment with a lot of traffic, from an administration standpoint it can take a full time person to manage and maintain the devices.
Read Alan Matson, CCNA:S, MCP's full review
David Myers profile photo
August 10, 2017

Cisco Sourcefire SNORT Review: "Put some fire in your network security"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Sourcefire as an intrusion detection/prevention platform, but also as a form of a web filter, blocking certain types of sites. Its use is centered only in IT, as there's no need for any other part of the organization to use it. The goal of having it is to address the concern of watching web traffic and having a mechanism to aggressively block known bad sites, attacks, requests, etc.
  • The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
  • Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
  • In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
  • Due to the extensive interface, it can be quite overwhelming to try and manage the product. There are many different places to go to set up individual items. It would be nice to simplify the interface down a bit
  • Upgrades can be somewhat hazardous. I think they are working to get the upgrade process streamlined, but currently moving major version (5.x to 6.x) there was a lot of additional work outside of the UI that if not done correctly can tank the system, requiring a fresh load or restore from backup
I think in any situation where you have the IT staff to be able to manage it, Sourcefire SNORT is a good fit. Perhaps if you have a very large budget, and could get something like Palo Alto there might be a different fit, but Sourcefire works very well in our market (SMB) but would scale nicely in a larger organization, as you can use the interface to manage multiple devices. For smaller customers with less dedicated IT teams or none, Cisco Meraki offers the same level of protection with less work via the MX model of firewalls.
Read David Myers's full review
Curt Dickman profile photo
August 24, 2017

Cisco Sourcefire SNORT Review: "Snort and Guardian, safe and secure"

Score 10 out of 10
Vetted Review
Verified User
Review Source
I added SNORT and the guardian IPS to my firewall to help meet pci dss compliance. The setup was easy on my firewall - Ipfire - and I have had no problems related to its use. Before my cc terminal was changed, I had to disable guardian as it wouldn't let the old cc terminal through - I believe it was an SSL related issue. My old credit card processing company didn't seem interested in updating my terminal in a timely fashion. With the new cc terminal, I have had no issues. I sometimes leave my win xp virtual machine connected to the internet and have not seen any evidence of an intrusion. I know there are some false positives with the ruleset I use -emerging threats, but it has not blocked any traffic that has impaired any function on my network.
  • I am no IS expert, but I feel SNORT and guardian really helps keep my network safe.
  • So far it has been easy to administer.
  • SNORT and guardian are easy to install add-ons for my firewall.
  • There are plenty of false positives in the logs, but no problems noticed related to them.
It sure seems to work well in a small business network, I don't know how well it would work in a larger network.
Read Curt Dickman's full review

Cisco Sourcefire SNORT Scorecard Summary

About Cisco Sourcefire SNORT

Sourcefire SNORT is network security software, acquired (and now supported) by Cisco, since 2013.
Categories:  Network Security

Cisco Sourcefire SNORT Technical Details

Operating Systems: Unspecified
Mobile Application:No