The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
Cisco ASA NGFW Review
It's a straightforward setup with easy to follow instructions, however, some IDS/IPS appliances can be too complicated and too time consuming to properly deploy.
What is most valuable?
How has it helped my organization?
Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
What needs improvement?
Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.
For how long have I used the solution?
I've used it for two years.
What was my experience with deployment of the solution?
No, it was quite easy.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
The only issue I have is with the price, as SourceFire is VERY expensive.
How are customer service and technical support?
Customer Service:
Customer service is very helpful and there are some extremely knowledgeable people on board.
Technical Support:Very technical! The men and women know what they are doing and are very helpful.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
It's straightforward with easy to follow instructions. You just plug-in and go.
What about the implementation team?
I implemented it myself.
What was our ROI?
Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.
What's my experience with pricing, setup cost, and licensing?
The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!
Which other solutions did I evaluate?
Other IDS/IPS products were looked at.
What other advice do I have?
The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mar 31 2015
Add a Comment
2 Comments
Cloud Engineer at a tech services company with 1,001-5,000 employeesConsultant
I use pfSense at home and HIGHLY recommend this over anything else. But for a very distributed environment, checkout Aanval and Suricata combo with rules from Emerging Threats. At my old employer, I developed a plan to replace their $250K/year SourceFire deployment with a $80K/year custom solution that scales much better.
But again, each their own. For small/medium business, I would recommend pfSense, but for larger enterprise, I would recommend a custom solution based around Aanval/Suricata/ETPro with Firewall/VPN as separate devices.
0
Author
it_user221862
Cloud Engineer at a tech services company with 1,001-5,000 employees
Consultant
BUYER'S GUIDE
Download our free Firewalls Report and find out what your peers are saying about Cisco, Fortinet, Juniper, and more!
