We performed a comparison between Cisco Sourcefire SNORT and ExtraHop Reveal(x) based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS)."The URL filtering is very good and you can create a group for customized URLs."
"Solid intrusion detection and prevention that scales easily in very large environments."
"I like most of Cisco's features, like malware detection and URL filtering."
"The whole solution is very good, and stable."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"Cisco technical support is unbeatable. It offers a premium service every time."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"The solution's ability to decrypt SSL traffic is its most valuable feature."
"Setting up the solution is relatively easy."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"The security features of this solution are the most valuable."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"The solution's approach to managing traffic blocking is confusing and impractical."
"There are problems setting up VPNs for some regions."
"The implementation could be a bit easier."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"It needs integration with more security vendors."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"I would like to see more cloud capability."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"The solution should include more support protocols."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"The solution’s pricing could be improved."
Cisco Sourcefire SNORT is ranked 12th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Cisco Sourcefire SNORT is rated 7.6, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Darktrace, whereas ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Cisco Secure Network Analytics and Arista NDR.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.