We performed a comparison between Cisco Sourcefire SNORT and ExtraHop Reveal(x) based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS)."The most valuable feature of this solution is the filtering."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The whole solution is very good, and stable."
"I like most of Cisco's features, like malware detection and URL filtering."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"The most valuable feature is the visibility that we have across the virtual environment."
"The solution is rather easy to use."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"The solution's ability to decrypt SSL traffic is its most valuable feature."
"The security features of this solution are the most valuable."
"The solution's initial setup process is easy."
"The solution works well for sending sensors."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"The customization of the rules can be simplified."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"I would like to have analytics included in the suite."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"If the price is brought down then everybody will be happy."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"I would like to see more cloud capability."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"The solution should include more support protocols."
"The solution’s pricing could be improved."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"The solution is expensive and gets more expensive if a company needs to scale it."
Cisco Sourcefire SNORT is ranked 11th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Cisco Sourcefire SNORT is rated 7.6, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Darktrace, whereas ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Arista NDR and Cisco Secure Network Analytics.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.