We performed a comparison between Check Point CloudGuard CNAPP, Cisco Sourcefire SNORT, and Darktrace based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."The rulesets and the findings are valuable. The actual core functionality of it and the efficacy of events are great."
"The most valuable feature is the single dashboard that enables us to manage the entire cloud environment from one place."
"The most valuable feature is the separate environment."
"It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants."
"All of the features are very useful in today's market."
"Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless"
"On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
"The most valuable features of CloudGuard CNAPP are its compliance engine and auto-remediation features."
"The solution is stable."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"The most valuable feature is the visibility that we have across the virtual environment."
"The URL filtering is very good and you can create a group for customized URLs."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"The most valuable feature of this solution is the filtering."
"I like most of Cisco's features, like malware detection and URL filtering."
"Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
"Darktrace is very flexible."
"It is a very simple product to use."
"The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
"The NDR is good in their solution and they have NTG for email."
"The tool should incorporate more use cases like improving security scores. It should also improve documentation."
"The guidelines to implement or to link with the clouds are not complete."
"Scalability, particularly in workload protection, is an area that needs improvement."
"Check Point tools need to improve the latency in the portal since they take a long time to load."
"The support it provides is not very good. They should improve it since we have had several setbacks due to support issues."
"The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there."
"The dashboard customization has room for improvement."
"Automation and advanced threat prevention have room for improvement."
"To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"The implementation could be a bit easier."
"If the price is brought down then everybody will be happy."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"There are problems setting up VPNs for some regions."
"Performance needs improvement."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"The interface is too mathematical and it should be simplified."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
"In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"The product doesn't have an endpoint agent that can react to triggers set on the device,"
