To Sourcefire or not to Sourcefire?
April 25, 2018
To Sourcefire or not to Sourcefire?
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco Sourcefire SNORT
At my current position, we have Sourcefire deployed inline in a "layer 2" fashion to allow not only for constant threat monitoring but to also actively block threats and attacks as they occur. We utilize Sourcefire in "Stacks" allowing us to have full redundancy and Five9's up-time and protection. Prior to Sourcefire, we used TippingPoint however, their 10Gbp performance was not as efficient as Sourcefire modules allowing true 10Gbps network performance and scanning.
- Real Time updates for security signatures via Talos
- Great signature blocking
- Excellent reporting via syslog to our Security Analytics collectors.
- At times can be unstable with Cisco bugs, require frequent upgrading.
- FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
- The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise.
- It has given us great visibility to our network.
Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet our 10Gbps network requirements as Sourcefire could with their 8350 appliances.