No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Sourcefire SNORT vs Darktrace comparison

Cisco and Darktrace are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 8.5, while Darktrace is ranked #2 with an average rating of 8.1. Cisco holds a 3.0% mindshare in ID, compared to Darktrace’s 10.3% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cisco Sourcefire SNORT
Read 20 Cisco Sourcefire SNORT reviews
  • 2,025 Views
  • 1,721 Comparison Views
95% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 26,968 Views
  • 5,663 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 29, 2026

Cisco Sourcefire SNORT and Darktrace are competing in the network security domain. Cisco Sourcefire SNORT often has the upper hand in cost-effectiveness and strong technical support, while Darktrace is preferred for its advanced AI-driven threat detection capabilities, despite being higher priced.

Features: Cisco Sourcefire SNORT is appreciated for its open-source flexibility, extensive customization capabilities, and comprehensive technical support. Darktrace offers AI-powered threat detection, autonomous response, and adaptive learning, which enhance its proactive security measures.

Room for Improvement: Cisco Sourcefire SNORT could improve in simplifying its deployment process for less technical users and providing more intuitive user interfaces. Darktrace could enhance scalability, narrow down its abundant graphical features for clarity, and focus on reducing deployment costs.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT has a detailed documentation process that facilitates efficient deployment for tech-savvy users. Darktrace offers intuitive deployment and requires minimal configuration, along with excellent ongoing support and updates.

Pricing and ROI: Cisco Sourcefire SNORT is known for its low initial setup costs, providing substantial ROI for organizations able to leverage its open-source flexibility. Darktrace involves higher initial and ongoing costs, but users find value in its investment due to the reduction in security breach incidents.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Darktrace Report (Updated: June 2026).
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
June 2026
Download the complete report
Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Intrusion Detection and Prevention Software (IDPS)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of June 2026, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.0%, up from 2.5% compared to the previous year. The mindshare of Darktrace is 10.3%, down from 14.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS) Mindshare Distribution
ProductMindshare (%)
Darktrace10.3%
Cisco Sourcefire SNORT3.0%
Other86.7%
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

reviewer2772102 - PeerSpot reviewer
reviewer2772102
Cloud Architect at a consultancy with 1-10 employees
Logging and customizable rules have helped improve threat monitoring and detection
The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT. Being able to log and store it in a file allows you to push it to a centralized repository. The logging and reporting help improve incident response. You should always be logging threats, any sort of misconfiguration, and anything that could be an issue. It's important to at least log and monitor it. The basic rules provide a good baseline in assessing Cisco Sourcefire SNORT's ability in providing real-time analytics for threat detection, but as a professional, you should look to constantly modify that baseline. They provide extensive customizability so you can define your own rules. The customizability allows it to be adaptable in protecting against diverse network threats to the constant change.
Read full review
Pasan Jayarathna - PeerSpot reviewer
Pasan Jayarathna
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Solid intrusion detection and prevention that scales easily in very large environments."
"This solution makes life a lot easier as there are fewer man-hours required and we no longer need too many resources to manage it."
"There are a lot of features that I really appreciate with Firepower, which is why I advise most of my customers to go with Firepower."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"I like most of Cisco's features, like malware detection and URL filtering."
"The most valuable feature is the visibility that we have across the virtual environment."
"The product is inexpensive compared to leading brands such as Palo Alto or Fortinet."
More Cisco Sourcefire SNORT pros
"You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network."
"Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization."
"The features that are most valuable to me include detection, response with analytics, and network detection."
"The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network."
"It's a very stable product."
"We are able to detect a lot of things, actually, and see what is happening in our network."
"Technical support is great. They are very responsive and helpful."
"A simple, powerful AI solution that just does all the work for you when you turn it on."
More Darktrace pros
 

Cons

"To be frank, the product is not really stable, although they're working on that."
"I would like to have analytics included in the suite."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"Performance needs improvement."
"There are some bugs in this solution and troubleshooting them is complicated."
More Cisco Sourcefire SNORT cons
"The solution's user interface and stability could be improved."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace."
"I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself."
"The management user interface needs improvement."
"Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
"The product doesn't have an endpoint agent that can react to triggers set on the device,"
More Darktrace cons
 

Pricing and Cost Advice

"We have a three-year license for this solution."
"The cost is per port and can be expensive but it does include training and support for three years."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"Licensing for this solution is paid on a yearly basis."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products."
"Darktrace is quite an expensive solution."
"The tool's pricing is costly."
"Darktrace is expensive. You can pay for the license yearly."
"It is inexpensive considering what it can do and the competition."
"Our customers feel that the price of Darktrace is quite high compared to other solutions."
"The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
"When it comes to large installations, it can be expensive, but for small accounts it's fine."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
900,644 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Construction Company
10%
Comms Service Provider
8%
University
8%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise8
Large Enterprise7
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledg...
See all answers
What is your primary use case for Cisco Sourcefire SNORT?
Endpoint protection is the main use case. The main aspect involves specifying different rules, and when network traffic hits these rules, it will try to block the traffic or at least log the traffi...
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 10% of the time
ExtremeCloud IQ vs Cisco Sourcefire SNORT Logo
ExtremeCloud IQ vs Cisco Sourcefire SNORT
Compared 9% of the time
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT Logo
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT
Compared 9% of the time
TrendAI Tipping Point vs Cisco Sourcefire SNORT Logo
TrendAI Tipping Point vs Cisco Sourcefire SNORT
Compared 8% of the time
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT Logo
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT
Compared 6% of the time
More Cisco Sourcefire SNORT Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 5% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 2% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
June 2026
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Darktrace
June 2026
Darktrace reportDownload Darktrace product report
 

Also Known As

Sourcefire SNORT
No data available
 

Overview

Cisco Sourcefire SNORT is a versatile cybersecurity tool offering threat detection, scalability, and integration with Cisco tools. It is recognized for ease of configuration and comprehensive protection, making it suitable for intrusion prevention and firewall applications.

Cisco Sourcefire SNORT provides advanced malware protection and integrates seamlessly with Cisco products. It enables automatic IPS tuning, real-time visibility, and intelligent security automation, which together enhance network security. Users benefit from its URL filtering, email spam elimination, and it delivers low false positives. Though highly effective, feedback highlights a desire for improvements in stability, dashboard effectiveness, traffic blocking customizations, and integration with Cisco DNA Center. Cost concerns and calls for cloud-based deployments also emerge in user feedback. Technical support and performance are also discussed, with VPN configuration posing challenges.

What are the key features of Cisco Sourcefire SNORT?
  • Threat Detection: Identifies and mitigates network threats efficiently.
  • Scalability: Easily adapts to growing network demands.
  • Cisco Integration: Works smoothly with existing Cisco infrastructure.
  • Advanced Malware Protection: Provides comprehensive security against sophisticated threats.
  • Real-Time Visibility: Offers live insights into network activity.
  • Automatic IPS Tuning: Adjusts security policies dynamically.
What benefits can be found in user reviews?
  • Ease of Configuration: Streamlined setup process.
  • Comprehensive Protection: Low false positive rates ensuring broader security.
  • Robust Support: Access to extensive Cisco support network.

Organizations primarily deploy Cisco Sourcefire SNORT for network security in sectors like finance and healthcare. Used extensively in data centers with Cisco Firepower, it provides intrusion prevention, URL filtering, and VPN security. Pre-configured settings make it practical for on-premises deployment, ensuring secure user-to-server and server-to-server interactions.

Cisco

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
June 2026
Free Report: Cisco Sourcefire SNORT vs. Darktrace
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Darktrace and other solutions. Updated: June 2026.
DOWNLOAD NOW
900,644 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Darktrace report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.