We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team.

When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility.

We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire.

Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution.

Overall, I rate the solution a 7 out of 10.

It provides a centralized platform using Cisco. SNORT is integral to the database. The primary function is expanding the database. As nodes transition, adjustments are made to SNORT, further enhancing its capabilities. It plays a crucial role in managing various protocols.

Cisco Sourcefire SNORT is expected to offer improved management capabilities within the ACP. However, navigating the ACP settings can be challenging, particularly when dealing with default configurations. Additionally, upgrading devices may receive unfamiliar database updates from the FMC, such as ETB. This can lead to confusion and necessitate careful handling to ensure proper integration and functionality.

Changes in Cisco Sourcefire SNORT, particularly in application settings, can have significant impacts. For instance, transitioning from one application setting to another, such as from a large-scale deployment to a maximum setting, can disrupt operations. This disruption is particularly challenging because it affects various rules and configurations for different applications. It's essential for Cisco to streamline the process of managing these changes, possibly by providing more user-friendly interfaces or tools, as relying solely on technical support can be cumbersome. Specifically, when discussing SmartOps, the complexity of managing configurations and settings becomes apparent, highlighting the need for simpler, more intuitive solutions.

When working with Cisco Sourcefire SNORT, creating your profile files and meticulously tracking your activities is essential. When starting out with SNORT and adjusting migration rules, it's crucial to exercise caution and understand the potential impact on the business.

Sometimes, you need to put your network into 'inline mode' to observe the traffic and understand what's happening on your network. Enabling this mode allows you to see what's passing through your network.

There are some tools we use to analyze specialized traffic. We recently encountered a situation in which Cisco SQL traffic was blocked because of SNORT. It provides good analysis and outputs. You can see everything if you're attached to intrusion testing in the FMC; its database is good. The strength of SNORT, coupled with its integration with the firewall, works well. The database from SNORT contains a lot of data, and it's not just a single tool requirement. Dealing with all this data can be challenging.

Firepower had some options like that that couldn't be blocked. Then, you can start to see improvement. We encountered an issue where certain features were blocked after migrating from SNORT version two to three. Despite our efforts to ensure progress, some problems arose, particularly related to the network analysis policy. This occurred even before transitioning to Sourcefire; within the engine, some traffic passing through SNORT faced issues. When migrating to version three, Cisco had to release a patch to address this problem and give you an idea.

Overall, I rate this solution an eight out of ten.

I give the solution a nine out of ten.

We have an in-house engineer that has been assigned by the system integrators for a year. It's easier for our team to manage the solution because we have a local system integrator onsite. It's a type of hybrid managed service which is one way to mitigate the manpower that we have.

Before using this solution we must understand our infrastructure. We can reduce the cost by understanding which critical portion of our infrastructure needs to be protected.

We use two people for the maintenance of the solution.

I would recommend this solution to others.

I rate Cisco Sourcefire SNORT an eight out of ten.

I rate the solution an eight out of ten. The solution is good, but the cloud can be improved. I recommend it to others.

We are satisfied with this solution. The whole solution is very good, and stable.

There are three modes that can be configured. The first is collectivity over security, the second is security over collectivity, and the third is a balanced mode. We have implemented a balanced mode, and it works just fine.

I would rate this solution an eight out of ten.

I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.

I would definitely recommend this solution to other users. Should you choose to use Cisco Sourcefire SNORT, I'd recommend that you get the help of a professional service for deployment.

Overall, on a scale from one to ten, I would give Cisco Sourcefire SNORT a rating of eight.

I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use.

The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.

The solution is the latest version. We're still in the process of implementing it, and therefore are using the most recent release.

I'd recommend the solution to other organizations.

Currently, I would rate the solution at a seven out of ten. I'm not completely migrated over. I need more time with the solution to really gauge its effectiveness.

We're just an end-user of the service. We don't have a business relationship with Cisco.

The hardware we're using is still old. We bought it when the product was not under Cisco. That said, obviously, Cisco has now updated the product with new hardware. However, we've still got the old hardware. 

I would advise other organizations to go ahead and try the solution out. It's a good product. It's very straightforward and easy to implement especially when you compare it to other systems.

I'd rate the solution eight out of ten overall. If they offered better and more detailed alerts, I would rank them higher.

A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably.

I would rate this solution a one out of ten.

The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature.

What's more, some of the configurations are a little bit complex, like the mapping.  It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company.

On a scale from one to 10, I will rate this solution an eight. 

We typically work with the on-premises deployment model.

Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product.

I would rate the solution nine out of ten.

This is a good solution and one that I would recommend to others.

I would rate this solution an eight out of ten.

This solution has improved a lot in the past few years.

I would rate this solution an eight out of ten.

Make sure to have good sizing because it matters for the performance of the features. Also make sure to have a good design. Before starting with the deployment and installation for Sourcefire. Have a technical session with the local Cisco office or the local department to provide a good design. 

I would rate it an eight out of ten. 

We have some architecture concerns. I'm not really sure that Cisco can quickly solve this concern. Palo Alto has a user-friendly interface for the management. 

Providing videos and materials are useful, but really what you need is the experience in analyzing logs. Without that, you wouldn't be able to problem-solve on your own, even with the assistance of videos.

I would recommend this solution. It's reliable and scalable, with easy installation and integration.

I would rate this solution an eight out of ten.