We performed a comparison between Cisco Sourcefire SNORT and ExtraHop Reveal(x) based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS)."The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
"The solution is stable."
"I like most of Cisco's features, like malware detection and URL filtering."
"It is quite an intelligent product."
"Cisco technical support is unbeatable. It offers a premium service every time."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The security features of this solution are the most valuable."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"Setting up the solution is relatively easy."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"We are unhappy with technical support for this solution, and it is not as professional as what we typically expect from Cisco."
"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"The customization of the rules can be simplified."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"The solution should include more support protocols."
"The solution’s pricing could be improved."
"The solution is expensive and gets more expensive if a company needs to scale it."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"It needs integration with more security vendors."
Cisco Sourcefire SNORT is ranked 11th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Cisco Sourcefire SNORT is rated 7.6, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS, Palo Alto Networks Advanced Threat Prevention and Darktrace, whereas ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Arista NDR and Cisco Secure Network Analytics.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.