TrustRadius: an HG Insights company

Snort

Score8.4 out of 10

26 Reviews and Ratings

Get a Demo

What is Snort?

Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.

Categories & Use Cases

Reviews

What users are saying about Snort.
View all reviews

Use your Snort to sniff traffic

Incentivized
Verified User
Manager in Information Technology (10,001+ employees employees)

Pros

  • IPS detection.
  • DoS detection.
  • Packet logging.

Cons

  • Configuration in Linux.

Most Important Features

  • Packet sniffing.
  • Real-time traffic monitor.

Return on Investment

  • Slow down in SQL transactions.
  • Improper routing.

Alternatives Considered

ExtraHop Performance Platform, Palo Alto Networks Next-Generation Firewalls - PA Series, Cisco Secure IPS (NGIPS) and Wireshark

Other Software Used

ExtraHop Performance Platform, Wireshark, Cisco Secure IPS (NGIPS)

To Sourcefire or not to Sourcefire?

Incentivized
Alan Matson, CCNA:S, MCPView profile
Senior Network Security Engineer in Information Technology at Insight (5001-10,000 employees employees)

Pros

  • Real Time updates for security signatures via Talos
  • Great signature blocking
  • Excellent reporting via syslog to our Security Analytics collectors.

Cons

  • At times can be unstable with Cisco bugs, require frequent upgrading.
  • FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.

Return on Investment

  • The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise.
  • It has given us great visibility to our network.

Alternatives Considered

TippingPoint

Other Software Used

TippingPoint IPS, Kemp LoadMaster, Palo Alto Networks Next-Generation Firewalls - PA Series

Peace of mind and another layer of security

Incentivized
Verified User
Consultant in Marketing (501-1000 employees employees)

Pros

  • Catches things Admins may miss with regular network scanning
  • Keeps your network visibility high
  • Is open source so code can be reviewed easily

Cons

  • Due to its open source nature, it can be behind in updates
  • It does have quite the complex setup process and configuration
  • You don't get a whole lot of backend support included

Return on Investment

  • Caught some security issues we would not have known about
  • Saved time having to configure firewalls to do its same job
  • Takes some processing time off your firewall to do the job of scanning traffic

Other Software Used

Cisco Wireless LAN Controllers, Cisco SD-WAN, SolarWinds IP Address Manager (IPAM)

Put some fire in your network security

Incentivized
David MyersView profile
Network Administrator in Information Technology at West Wichita Family Physicians, P.A. (201-500 employees employees)

Pros

  • The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
  • Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
  • In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.

Cons

  • Due to the extensive interface, it can be quite overwhelming to try and manage the product. There are many different places to go to set up individual items. It would be nice to simplify the interface down a bit
  • Upgrades can be somewhat hazardous. I think they are working to get the upgrade process streamlined, but currently moving major version (5.x to 6.x) there was a lot of additional work outside of the UI that if not done correctly can tank the system, requiring a fresh load or restore from backup

Return on Investment

  • Sourcefire has given us a positive ROI. We don't really have the metrics to show this, but the cost for having it, vs the savings between blocking bad sites and the manpower to respond to malware infestations are worth it. It's hard to measure what you don't get.

Alternatives Considered

Barracuda Web Filter and Palo Alto Networks Next-Generation Firewalls - PA Series

Other Software Used

eClinicalWorks, Cisco ASA, Jive-x

Snort and Guardian, safe and secure

Curt DickmanView profile
Owner at Grandpa's Garage (1-10 employees employees)

Pros

  • I am no IS expert, but I feel SNORT and guardian really helps keep my network safe.
  • So far it has been easy to administer.
  • SNORT and guardian are easy to install add-ons for my firewall.

Cons

  • There are plenty of false positives in the logs, but no problems noticed related to them.

Return on Investment

  • Being open source, ROI on free is hard to beat for something that works.
  • I believe it greatly enhances the security of my network.

Other Software Used

Oracle VM VirtualBox