We performed a comparison between Cisco Sourcefire SNORT and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The most valuable feature of this solution is the filtering."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"The most valuable feature is the visibility that we have across the virtual environment."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"Cisco technical support is unbeatable. It offers a premium service every time."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"The solution is rather easy to use."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"The solution appears to be stable, although we haven't used it heavily."
"The product is at the forefront of auto-remediation networking. It's great."
"The most valuable feature is the ability to search through a large amount of data."
"The most valuable features are the indexing and powerful search features."
"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."
"The solution is definitely scalable."
"The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"There are problems setting up VPNs for some regions."
"Performance needs improvement."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"The solution's approach to managing traffic blocking is confusing and impractical."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."
"The implementation could be a bit easier."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"In the future I would like to see simplified statistics and analytical threats."
"We'd like the ability to do custom searches."
"The correlation engine should have persistent and definable rules."
"I'm not aware of any lacking features."
"There are occasional bugs."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
More Splunk User Behavior Analytics Pricing and Cost Advice →
Cisco Sourcefire SNORT is ranked 13th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while Splunk User Behavior Analytics is ranked 12th in Intrusion Detection and Prevention Software (IDPS) with 17 reviews. Cisco Sourcefire SNORT is rated 7.6, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Fortinet FortiWeb, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, IBM Security QRadar, Varonis Datalert and Cynet. See our Cisco Sourcefire SNORT vs. Splunk User Behavior Analytics report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.