Cisco Sourcefire Firewalls Review
It's a straightforward setup with easy to follow instructions, however, some IDS/IPS appliances can be too complicated and too time consuming to properly deploy.


Valuable Features

The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.

Improvements to My Organization

Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.

Room for Improvement

Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.

Use of Solution

I've used it for two years.

Deployment Issues

No, it was quite easy.

Stability Issues

No issues with stability.

Scalability Issues

The only issue I have is with the price, as SourceFire is VERY expensive.

Customer Service and Technical Support

Customer Service:

Customer service is very helpful and there are some extremely knowledgeable people on board.

Technical Support:

Very technical! The men and women know what they are doing and are very helpful.

Previous Solutions

No previous solution was used.

Initial Setup

It's straightforward with easy to follow instructions. You just plug-in and go.

Implementation Team

I implemented it myself.

ROI

Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.

Pricing, Setup Cost and Licensing

The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!

Other Solutions Considered

Other IDS/IPS products were looked at.

Other Advice

The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

2 Comments

Christian CampodonicoReal UserTOP 20

try watchguard!!!

20 April 15
it_user221862Real User

I use pfSense at home and HIGHLY recommend this over anything else. But for a very distributed environment, checkout Aanval and Suricata combo with rules from Emerging Threats. At my old employer, I developed a plan to replace their $250K/year SourceFire deployment with a $80K/year custom solution that scales much better.

But again, each their own. For small/medium business, I would recommend pfSense, but for larger enterprise, I would recommend a custom solution based around Aanval/Suricata/ETPro with Firewall/VPN as separate devices.

20 April 15
Guest
Why do you like it?

Sign Up with Email