What is most valuable?
The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
How has it helped my organization?
Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
What needs improvement?
Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.
For how long have I used the solution?
I've used it for two years.
What was my experience with deployment of the solution?
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
The only issue I have is with the price, as SourceFire is VERY expensive.
How are customer service and technical support?
Customer Service:
Customer service is very helpful and there are some extremely knowledgeable people on board.
Technical Support:
Very technical! The men and women know what they are doing and are very helpful.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
It's straightforward with easy to follow instructions. You just plug-in and go.
What about the implementation team?
What was our ROI?
Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.
What's my experience with pricing, setup cost, and licensing?
The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!
Which other solutions did I evaluate?
Other IDS/IPS products were looked at.
What other advice do I have?
The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.
Which version of this solution are you currently using?
4.x & 5.x