We performed a comparison between Cisco Sourcefire SNORT and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The whole solution is very good, and stable."
"The most valuable feature is the visibility that we have across the virtual environment."
"Solid intrusion detection and prevention that scales easily in very large environments."
"It simplifies the configuration process by offering pre-defined base configurations, including security and connectivity settings."
"The solution is rather easy to use."
"Cisco technical support is unbeatable. It offers a premium service every time."
"The most valuable features of Cisco Sourcefire SNORT are the dashboard for monitoring events."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"This is a good security product."
"Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks."
"The most valuable features are the indexing and powerful search features."
"The solution is definitely scalable."
"The product is at the forefront of auto-remediation networking. It's great."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"Splunk is more user-friendly than some competing solutions we tried."
"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."
"I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"The solution's approach to managing traffic blocking is confusing and impractical."
"The initial setup is a little difficult compared to other products in the market. It depends on the environment. If we are doing any migration, it might take months in a brown-field environment."
"There are problems setting up VPNs for some regions."
"The customization of the rules can be simplified."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"The correlation engine should have persistent and definable rules."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"The initial setup was complex because some of the configurations that we required needed customization."
"There are occasional bugs."
"I'm not aware of any lacking features."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"I would like improved downward integration with other tools such as McAfee and other GCP solutions."
More Splunk User Behavior Analytics Pricing and Cost Advice →
Cisco Sourcefire SNORT is ranked 12th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews while Splunk User Behavior Analytics is ranked 13th in Intrusion Detection and Prevention Software (IDPS) with 18 reviews. Cisco Sourcefire SNORT is rated 7.6, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of Cisco Sourcefire SNORT writes "An IPS solution for security and protection but lacks stability". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". Cisco Sourcefire SNORT is most compared with Fortinet FortiGate IPS, Cisco NGIPS, Check Point IPS and Palo Alto Networks Advanced Threat Prevention, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, IBM Security QRadar, Exabeam Fusion SIEM and Cynet. See our Cisco Sourcefire SNORT vs. Splunk User Behavior Analytics report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.