Cisco Sourcefire SNORT Review

Has good malware detection and URL filtering features and technical support is good

What is our primary use case?

Our primary use case of this solution is as a firewall, as an access control. We don't use it as access detection or as an intrusion prevention system, because we didn't configure it as a detector.

What is most valuable?

I like most of Cisco's features, like malware detection and URL filtering.

What needs improvement?

I don't think this solution is a time-based control system, because one cannot filter traffic based on time. 

For how long have I used the solution?

I have you been using this solution for about two years now.

What do I think about the stability of the solution?

Sometimes it has an object priority, like priority for users. Sometimes the cloud agent and the host device for the center, fails to update or to cache the objects from the cloud.

What do I think about the scalability of the solution?

The solution is scalable and I think it can be integrated with some Cisco devices and other third party devices.

How are customer service and technical support?

If you compare it to other vendors, the technical support from Cisco is excellent. 

How was the initial setup?

The initial setup is quite complex and some set parameters are definitely needed. However, the more you try it, the easier it gets. When we push a specific policy, it takes from two minutes up to five minutes to deploy. So it depends on the deployment configuration. For the general deployment, it depends on the expert. 

What other advice do I have?

The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature.

What's more, some of the configurations are a little bit complex, like the mapping.  It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company.

On a scale from one to 10, I will rate this solution an eight. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment