To Sourcefire or not to Sourcefire?
Alan Matson, CCNA:S, MCP profile photo
April 25, 2018

To Sourcefire or not to Sourcefire?

Score 7 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco Sourcefire SNORT

At my current position, we have Sourcefire deployed inline in a "layer 2" fashion to allow not only for constant threat monitoring but to also actively block threats and attacks as they occur. We utilize Sourcefire in "Stacks" allowing us to have full redundancy and Five9's up-time and protection. Prior to Sourcefire, we used TippingPoint however, their 10Gbp performance was not as efficient as Sourcefire modules allowing true 10Gbps network performance and scanning.
  • Real Time updates for security signatures via Talos
  • Great signature blocking
  • Excellent reporting via syslog to our Security Analytics collectors.
  • At times can be unstable with Cisco bugs, require frequent upgrading.
  • FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
  • The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise.
  • It has given us great visibility to our network.
Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet our 10Gbps network requirements as Sourcefire could with their 8350 appliances.
It is well suited for a high energy environment with a lot of traffic, from an administration standpoint it can take a full time person to manage and maintain the devices.