We performed a comparison between Cisco Sourcefire SNORT and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS)."Solid intrusion detection and prevention that scales easily in very large environments."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"The whole solution is very good, and stable."
"The most valuable feature of this solution is the filtering."
"Features for user behavior analytics and the rules for attack review are good."
"Log search allows us to dive deep into aggregated logs and query all event types at once."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"InsightIDR helps us investigate an environment to discover information about incidents."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"It is a very stable solution."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"The implementation could be a bit easier."
"The cloud can be improved."
"Performance needs improvement."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The product allows us to make only 30 custom rules."
"The dashboard is an area that could be simplified."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"They should add more configuration and security features to it."
Cisco Sourcefire SNORT is ranked 13th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. Cisco Sourcefire SNORT is rated 7.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Darktrace, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
