The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
Improvements to My Organization
Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
Room for Improvement
Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.
Use of Solution
I've used it for two years.
No issues with stability.
The only issue I have is with the price, as SourceFire is VERY expensive.
Customer Service and Technical Support
Customer service is very helpful and there are some extremely knowledgeable people on board. Technical Support
Very technical! The men and women know what they are doing and are very helpful.
No previous solution was used.
It's straightforward with easy to follow instructions. You just plug-in and go.
Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.
Pricing, Setup Cost and Licensing
The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!
Other Solutions Considered
Other IDS/IPS products were looked at.
The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mar 31 2015