Cisco Sourcefire SNORT Review

Intelligent with good threat detection capabilities but could be easier to implement


What is our primary use case?

The product is primarily used for an IDS, Intrusion Detection Software, element.

What is most valuable?

You can do a lot of feasibility in terms of SSLI configuration which can be enabled.

You can encrypt and encrypt your data through Cisco Sourcefire so that your IPS solution can be effectively utilized.

Users have access to intelligent security automation as one of the features. It can easily automate your event impact assessment and your IPS policy tuning can be done as well as your network behavior analysis. They have introduced this intelligent security automation as part of that and then you can do a real-time contextual awareness. Basically, you can see a correlation of events that are created on your application, user devices, operating systems, or vulnerabilities. All of this real-time data can be captured including on your apps and port scans.

It is quite an intelligent product.

It can look into your north-south traffic in case of IPv6 attacks, DOS attacks, or buffer overflow. They say that it also supports against zero-day threats and items like that. They are up-to-date in terms of their threat protection, anti-bot, antivirus, and all kinds of signatures.

They have something called Firepower, which is advanced threat protection that they offer. It's a new subscription which we use for additional malware protection. It offers blocking capabilities and continuous analysis.

The solution is very stable.

What needs improvement?

The solution is still very new to us. Maybe if I extensively start using it on our environment I will be able to, based on the events and other things, come back with insights on features. But currently, it is quite new to us, so we are still using it and learning it.

The implementation could be a bit easier.

As long as they continue to develop security features to protect our company, they will be doing quite well.

For how long have I used the solution?

I've been using the solution for six months at this point. It's been less than a year and hasn't been that long.

What do I think about the stability of the solution?

It is quite a stable product. We have not seen many issues with this product. We haven't seen crashes or glitches or bugs. Since we have just started to use this product, we need time to understand the stability for a longer period. It's only been around six months, and we are just implementing it now across a few locations.

What do I think about the scalability of the solution?

The solution is pretty scalable. The throughput, however, depends on what kind of appliance you are buying. For example, you can have 50 Mbps to 40 Gbps of throughput. Currently, we are using 100 Mbps and, at a couple of smaller locations, we are using 50 Mbps of a throughput receiver.

We're implementing it across locations currently. We're implementing it on an enterprise level. We have close to around 15 major locations, wherein we are using it to align devices that are hosted in our data center or in our critical locations.

As we are still in the early stages, we do plan to continue to use the solution in the future.

How are customer service and technical support?

Technical support is quite fast. Cisco is quite a big company and their support contract is there with us. We use a lot of Cisco products and therefore we have platinum support for everything. Due to our level, we get immediate support from Cisco on all of our Cisco products. We're quite satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

We were previously using IBM IPS. We switched due to the fact IBM wasn't really working for us. It couldn't help us solve most of our issues and the devices which we bought were also quite old. It didn't have the option of SSL encryption and other things in it. Due to all of these limitations, we decided to move away from IBM.

How was the initial setup?

The initial implementation is pretty straightforward. It's just an appliance. We are using an appliance and it is predominantly for SSL encryption. We have a lot of applications on the cloud and on the web application. 

Your IPS, DLP, everything can be done on a single appliance itself. Predominantly, we are using it for SSL encryption to a larger extent. 

It doesn't take much time for installation. It depends on what you want to and what traffic you want to allow on Sourcefire. 

For example, if I have a proxy path, where my users are accessing through a proxy path, that traffic needs to be encrypted. In cases where I have a direct path, and if I have a CMD path, it depends on where exactly you want to enable your SSL encryption or which data needs to be analyzed and used. If you have too many paths from which the users are accessing the data, then it is important that you use all the paths. If you are using it on a single path and if there are no other kinds of encryption used there, then obviously it doesn't make sense. If your traffic is going from north-south traffic, then you can use its product to ensure that your encryption and other tasks are happening.

We only need maybe one or two people for maintenance. Our data center specialist can handle the device. After implementation, it is just a configuration of our traffic. One or two people are more than enough.

What about the implementation team?

Cisco is currently helping us with the implementation process.

What's my experience with pricing, setup cost, and licensing?

We bought the appliance, which comes with a license as well.

While I don't know the exact pricing, most of these products are through subscription. In our case, we bought the complete appliance with the software with it. It does not run with any Cisco item, as we have bought the entire appliance. The three-year warranty of the appliance is there. It does not contain any licenses except for the software license and the hardware licenses which are a part of it. It's a three-year contract which we have bought.

What other advice do I have?

The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release.

I'd recommend the solution to other organizations.

Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco Sourcefire SNORT reviews from users
Learn what your peers think about Cisco Sourcefire SNORT. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
479,599 professionals have used our research since 2012.
Add a Comment
Guest