We just raised a $30M Series A: Read our story

Cisco Sourcefire SNORT Competitors and Alternatives

Get our free report covering Cisco, Check Point, Darktrace, and other competitors of Cisco Sourcefire SNORT. Updated: October 2021.
542,267 professionals have used our research since 2012.

Read reviews of Cisco Sourcefire SNORT competitors and alternatives

AHmadMhedat
Senior Network Security Engineer with 201-500 employees
Real User
Top 10
Attack analysis shows who tries to exploit my vulnerabilities

Pros and Cons

  • "The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features."
  • "Integration with Global Thereat Intelligence could be better. Also, I think management solutions are end of life now at McAfee. Network threat analyzer may be used for endpoint quarantines. Integration between these sides, as well as endpoint APO, will help you quarantine the risky endpoints."

What is our primary use case?

I look at the attack analysis, which shows me which attackers try to exploit my vulnerabilities. I can check the ticket to see if it's blocked or whether it's a false positive. Whatever the case, if it already exists, I will block it. McAfee IPS has a benign engine, so this may not be a target in your environment. If you just prevent attackers from using it, they will try another vulnerability.

I have physical routers, but they try to make some novel vulnerabilities. This is not applicable to my environment, so when I see this alert I know it's a false positive not related to my environment. In some cases, I change the action of these alerts or attacks to block. This is what happened in one of the use cases I take advantage of from IPS. I got an alert about some attacks in my environment, regarding the SPAN port and server traffic. I saw it and I detected the source point of this attack.

How has it helped my organization?

It improved my security by stopping an attack to the signature base, or the behavior base. This is what I use Network Security Platform for.

What is most valuable?

The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features.

What needs improvement?

Integration with Global Thereat Intelligence could be better. Also, I think management solutions are end of life now at McAfee. Network threat analyzer may be used for endpoint quarantines. Integration between these sides, as well as endpoint APO, will help you quarantine the risky endpoints.

Maybe they should add a feature to block all high severity threats. You cannot block all of them now. I would like to select them all and block then in one action. In crunch data situations, you need to go through every attack one at a time and change the action.

For how long have I used the solution?

We have been using this solution for around two years.

What do I think about the stability of the solution?

It is stable. Network security manager previews might have some bugs, such as compiler or vulnerability issues. I did upgrade two or three times because of these issues. The first time I did it for a services issue. I opened a case with the McAfee support team and they allowed me to upgrade it to another version.

After I upgraded it, I faced a compiler issue. That was with version 9.2.7.22. Maybe this was a bug in the software or something else, but just they recommended for me to upgrade to version 9.2.9.12. That is what I did. Those were the issues I faced with McAfee Network Security Platform.

In terms of high-security attacks, not all of them are developed. You cannot do a rule that includes all high severities. In this aspect, I am confused about McAfee.

What do I think about the scalability of the solution?

It's easy to scale with this solution. After two years of experience, I'm responsible for the Network Security Platform. I think it's easy.

My customers are huge. They are banking size or enterprise. The biggest one has around 5,200 users.

How are customer service and technical support?

If we would rate technical support from one to ten, they would be an eight.

Which solution did I use previously and why did I switch?

I haven't used another product, but we have a built-in feature with Palo Alto. They have a built-in IPS, professional anti-spyware, and anti-virus. That is also the case with FortiGate. It is built in. In terms of standalone network security platforms, I only have experience with McAfee. I know there are some other vendors working as a standalone IPS, like Cisco Sourcefire and Trend Micro TippingPoint, but I don't work with them either. I think the business firewall has a good chance of dealing with any threats without an IPS.

How was the initial setup?

For the initial setup, you should be using the database. Enter the user name and password for these databases. Make a management IP for core components between Network Security Manager and IPS sensor. After you enter the CLI for the setup, there is a wizard view to enter the IP address of the management interface for the IPS sensor. The gateway, manager IP address, and peer manager IP address share secret keys, which should exist in the manager before you set up your IP sensor. After that, you have a left channel and packet channel between IPS sensor and network security manager over port 8501, 8502, and 8503. Another port should be opened for your firewall if there is a firewall or layer three devices between these two components to be managed from Network Security Manager. This is the first general installation of Network Security Manager after making the configurations. This is the initial setup. After that, you will have to try to make the policies: ITS policies, mindware policies, condition limiting policies, firewall policies, and advanced policies. This is what will happen. Then there is also customizing dashboards and tuning.

I worked as a system integrator and deployed it for the customer. Most of these customers are in critical areas, so downtime needs to be low and they might want the deployment time to be improved, but overall the time during all the setup takes me between two and three days.

From my company's side, I work alone to deploy. From the customer side, maybe two or three engineers are involved. Then there might be one or two people to handle maintenance, but McAfee is responsible for their product maintenance most of the time.

What other advice do I have?

Don't be afraid to deploy this solution. It is very simple and easy to deploy. I think there is no issue. I tested on the McAfee Network Security Platform. You just need to thinking carefully about attacks to decide if it's a sole attacker or two specific attacks. Use that information to create a decision about what action to take against the attack. Consider whether you want to lock off or block the action.

Maybe I can improve myself in some of my web analysis. I read articles to improve my knowledge in this area. This is what I do to improve my experience.

I would rate this solution as nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SR
IT and Operations Manager at a financial services firm with 1-10 employees
Real User
Top 10
Scalable with an easy initial setup but technical support is terrible

Pros and Cons

  • "The initial setup is a breeze."
  • "When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions."

What is our primary use case?

We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

What is most valuable?

I really like their general IT.

I like how it's possible for me to block other countries immediately if I see the need to do so.

The initial setup is a breeze.

What needs improvement?

The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

For how long have I used the solution?

I've been using the solution for about five years now.

What do I think about the stability of the solution?

The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

What do I think about the scalability of the solution?

The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

How are customer service and technical support?

Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

Which solution did I use previously and why did I switch?

I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

How was the initial setup?

The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

What about the implementation team?

I handled the implementation myself.

What other advice do I have?

We're using the latest version of the solution.

I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MV
Managing Director at a tech company with 11-50 employees
Real User
Top 5
A mature product with good integration capabilities, however, it needs to be more affordable

Pros and Cons

  • "Cisco has always been a premium product. There's a lot of other entry-level solutions. This is more robust."
  • "The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it."

What is most valuable?

The product is quite mature. Cisco is well known within the industry.

The solution's most valuable aspect is that it is extremely integrated. The product basically comes with the firewall features including IPS, URL filtering, malware, et cetera. The integrated features are great.

The functionalities of the product are pretty good.

Cisco has always been a premium product. There's a lot of other entry-level solutions. This is more robust.

The solution offers a good mix of features. You can always add more modules as you need to if you need even more features.

What needs improvement?

The pricing of the solution can be improved. It's not cheap. It's quite expensive.

The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it.

For how long have I used the solution?

I've been using the solution for quite a long time. It's been ten or 15 years. I have well over a decade of experience under my belt.

What do I think about the stability of the solution?

The solution is stable. We find Cisco to be very reliable. It doesn't crash or freeze. There aren't bugs or glitches that disrupt its performance. It's good. There's never been an issue.

What do I think about the scalability of the solution?

The solution can scale. It's designed more as an enterprise-level solution, so it's good for larger companies.

How are customer service and technical support?

The customer support is great. We're quite satisfied with the level of service Cisco provides. They're knowledgeable and responsive.

Overall, we find that they have the best technical support in the business. Their support is quite competent in terms of their technical skills, more so than other competitors. If you face any issues, you can call them at any time and get the answers you need to resolve whatever is going on.

Which solution did I use previously and why did I switch?

I've used a variety of other solutions. I've used Check Point, Palo Alto, and Juniper as well.

We primarily like Cisco due to the fact that their technical support is great. By far, it's the best I've ever seen.

How was the initial setup?

The solution's initial setup is very straightforward. It's not complex at all.

What's my experience with pricing, setup cost, and licensing?

The solution's costs are quite high. It's a turn-off in terms of actually using it. It's more of an enterprise-level solution. It's not ideal for smaller organizations as the cost to run it would be out of their budgeting capabilities.

What other advice do I have?

We use a few different Cisco solutions. 

We're a Cisco partner. We have a business relationship with the company.

We're dealing with the latest version of this particular solution.

I'd rate the solution seven out of ten. 

The value for money it should be there. Which means good features, good functioning things are there, but they need to make it more affordable for big market. If they were able to price the solution to make it more affordable for more clients that may not be enterprise-level, they've have a bigger footprint.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
HS
Senior Network Engineer at a comms service provider with 10,001+ employees
MSP
Top 5
Very stable with good technical support, but can be quite expensive

Pros and Cons

  • "The technical support on offer is very good."
  • "The solution is pretty expensive."

What is our primary use case?

We primarily use the solution for email scanning.

What is most valuable?

The solution is very good at tracking attacks.

The solution automatically upgrades itself well in order to be effective against future attacks.

We can manually bypass IP addresses and DNS entries if we need to.

The technical support on offer is very good.

What needs improvement?

Right now, we are stuck with an older platform, 1400 N. It's more like a software base, so bypassing is done through software. If you go with the newer system, for example, the 4-40s, that's a hardware-based bypass, so those are more powerful. It has more throughput.

The initial setup is not straightforward.

The solution is pretty expensive.

For how long have I used the solution?

We've been using this solution for many, many years so far. It's been a while at this point.

What do I think about the stability of the solution?

The stability is excellent. It's 99.9% stable. There aren't issues with bugs or glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The solution is scalable, however, you need to swap the box. It's not the kind of scalability that you can do it via software. You need to swap the box and get a better model to expand it out. That said, it can scale. A company that needs to scale can do so. It just takes a hardware upgrade.

How are customer service and technical support?

We've dealt with technical support in the past. We've found them to be very good. They are responsive and knowledgeable. They are helpful. We're satisfied with the level of support we receive.

Which solution did I use previously and why did I switch?

We also use Splunk. We use both together. Splunk will warn us if something is happening, and then we can use TippingPoint to block access as necessary. We tend to use Splunk everywhere.

How was the initial setup?

The initial setup is not so easy. It's not that it's complex, per se. It's just not super-simple. You need some technical folks to manage it. It's not like anybody can do it. You have to have some knowledge. Otherwise, you'll run into a lot of issues.

What's my experience with pricing, setup cost, and licensing?

This is not the cheapest option. The solution is quite expensive.

Which other solutions did I evaluate?

We're currently looking at Cisco and considering deploying their solution in the new year.

What other advice do I have?

I'd recommend the solution, however, it depends on what a company needs. Before jumping in, a company needs to ask, themselves questions like: "What's our requirement". That said, for general enterprises, it's a good enough option. 

For our organization, however, as of next year, we're going to move away from it and deploy with a Cisco-based solution.

Overall, I would rate the solution at a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Cisco, Check Point, Darktrace, and other competitors of Cisco Sourcefire SNORT. Updated: October 2021.
542,267 professionals have used our research since 2012.