If you were talking to someone whose organization is considering Cisco Sourcefire SNORT, what would you say?
How would you rate it and why? Any other tips or advice?
Make sure to have good sizing because it matters for the performance of the features. Also make sure to have a good design. Before starting with the deployment and installation for Sourcefire. Have a technical session with the local Cisco office or the local department to provide a good design. I would rate it an eight out of ten. We have some architecture concerns. I'm not really sure that Cisco can quickly solve this concern. Palo Alto has a user-friendly interface for the management.
This is a good solution and one that I would recommend to others. I would rate this solution an eight out of ten.
A lot of Cisco equipment is very good, but in judging the model of this solution that we have, I feel that it is the worst. It has very big issues for us in terms of performance, reliability, and stability. It is slowing our network traffic down considerably. I would rate this solution a one out of ten.
I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.
The main problem we have when we implement security policies for our customers is scheduling. For example, customers want to take up with a time-based security policy, so that we have a different setup for working hours and non-working hours, and for weekends. But that feature is not supported by Cisco Sourcefire. So, I think it would be very good if Cisco can implement this scheduling feature. What's more, some of the configurations are a little bit complex, like the mapping. It's very difficult to rotate their VPN when you set up the access points. You must bypass those access points by using the VPN portal bypass. I think it will be very good if they can set up a tool that one can use to stop this VPN portal. It is very hazardous for security because the users of that VPN portal are visible and it's very risky for them, because they are bypassing the access points of the company. On a scale from one to 10, I will rate this solution an eight.
This solution has improved a lot in the past few years. I would rate this solution an eight out of ten.
Providing videos and materials are useful, but really what you need is the experience in analyzing logs. Without that, you wouldn't be able to problem-solve on your own, even with the assistance of videos. I would recommend this solution. It's reliable and scalable, with easy installation and integration. I would rate this solution an eight out of ten.
We are satisfied with this solution. The whole solution is very good, and stable. There are three modes that can be configured. The first is collectivity over security, the second is security over collectivity, and the third is a balanced mode. We have implemented a balanced mode, and it works just fine. I would rate this solution an eight out of ten.
We typically work with the on-premises deployment model. Cisco Sourcefire is a great solution when it was packaged into the AMP giving it the ability to do URL filtering. However, Meraki seems to be going in the cloud direction. If the cloud is not interesting, then Cisco's firewall, Sourcefire, is great a great on-premises solution when it comes to advanced malware protection, URL filtering, etc. It's a great product. I would rate the solution nine out of ten.
I'd give the product a nine out of ten because it is excellent in scalability, ease of management, and ease of use. The only reason it isn't a ten out of ten is some of the gaps in integration. I think if they could improve integration with other platforms to make it more fluid to connect between the different platforms and platform management, that would make it a much better solution. The integration issues are probably the only knock off I have on the product so far.