Sourcefire is Snort on Steroids
June 03, 2016

Sourcefire is Snort on Steroids

Marc Uydess | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Sourcefire 3D

We utilize Sourcefire 3D to monitor network traffic at our egress points as well as our critical subnets within the infrastructure. We also have it inline at our egress points to drop packets that match specific signature sets. It helps us add a layer of security to our infrastructure by blocking and alerting on malicious traffic that matches various signatures such as CnC and Exploit Kits. This also helps us achieve PCI compliance.
  • Low false positive rate as long as it is properly managed/tuned.
  • Easy to manage and configure with the GUI.
  • Support is great if assistance is needed.
  • Wish additional modules were included such as FireAmp.
  • Wish it was easier to include customized signatures if needed. Required to know how to code with Snort in order to add real customization.
  • We have noticed a drop in the amount of infections within the environment since introducing Sourcefire 3 years ago. This saves on time and effort on our desktop teams to remediate threats.
Sourcefire 3D is Snort on steroids. Snort is a great free open source tool but Sourcefire adds a lot of functionality on top of the Snort engine. It opens a whole new world when it comes to detecting and blocking malicious traffic if you decide to place it inline. We needed to enhance our Security posture and Sourcefire allowed us to do that.
This is great for large and small organizations as they have different models and modules that fit every scenario.

Using Sourcefire 3D

2 - IT Security
2 - Networking background, Security background, analysis background
  • Detect malware traversing the network
  • Blocking malware traversing the network
  • Reviewing patch of the malicious traffic
  • FireAmp allows us to monitor specific files traversing our network such as DOC, PDF and Flash files
  • It drops known malicious traffic since we are inline
  • Monitor internal traffic just not egress points.
We are in the middle of outsourcing and may not be able to keep this product.