No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Sourcefire SNORT vs Darktrace comparison

Cisco and Darktrace are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 8.5, while Darktrace is ranked #2 with an average rating of 8.1. Cisco holds a 3.1% mindshare in ID, compared to Darktrace’s 10.5% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cisco Sourcefire SNORT
Read 20 Cisco Sourcefire SNORT reviews
  • 1,857 Views
  • 1,560 Comparison Views
95% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 24,919 Views
  • 5,482 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 29, 2026

Cisco Sourcefire SNORT and Darktrace are competing in the network security domain. Cisco Sourcefire SNORT often has the upper hand in cost-effectiveness and strong technical support, while Darktrace is preferred for its advanced AI-driven threat detection capabilities, despite being higher priced.

Features: Cisco Sourcefire SNORT is appreciated for its open-source flexibility, extensive customization capabilities, and comprehensive technical support. Darktrace offers AI-powered threat detection, autonomous response, and adaptive learning, which enhance its proactive security measures.

Room for Improvement: Cisco Sourcefire SNORT could improve in simplifying its deployment process for less technical users and providing more intuitive user interfaces. Darktrace could enhance scalability, narrow down its abundant graphical features for clarity, and focus on reducing deployment costs.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT has a detailed documentation process that facilitates efficient deployment for tech-savvy users. Darktrace offers intuitive deployment and requires minimal configuration, along with excellent ongoing support and updates.

Pricing and ROI: Cisco Sourcefire SNORT is known for its low initial setup costs, providing substantial ROI for organizations able to leverage its open-source flexibility. Darktrace involves higher initial and ongoing costs, but users find value in its investment due to the reduction in security breach incidents.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Darktrace Report (Updated: April 2026).
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
April 2026
Download the complete report
Helped 893,221 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Intrusion Detection and Prevention Software (IDPS)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (9th), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of May 2026, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.1%, up from 2.5% compared to the previous year. The mindshare of Darktrace is 10.5%, down from 14.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS) Mindshare Distribution
ProductMindshare (%)
Darktrace10.5%
Cisco Sourcefire SNORT3.1%
Other86.4%
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

reviewer2772102 - PeerSpot reviewer
reviewer2772102
Cloud Architect at a consultancy with 1-10 employees
Logging and customizable rules have helped improve threat monitoring and detection
The logging is mainly what I consider one of the best features with Cisco Sourcefire SNORT. Being able to log and store it in a file allows you to push it to a centralized repository. The logging and reporting help improve incident response. You should always be logging threats, any sort of misconfiguration, and anything that could be an issue. It's important to at least log and monitor it. The basic rules provide a good baseline in assessing Cisco Sourcefire SNORT's ability in providing real-time analytics for threat detection, but as a professional, you should look to constantly modify that baseline. They provide extensive customizability so you can define your own rules. The customizability allows it to be adaptable in protecting against diverse network threats to the constant change.
Read full review
AM
Anil M
Technical Consultant - Unix Platform Services at BITS AND BYTE IT CONSULTING PVT LTD
Consistent threat hunting and anomaly detection deliver valuable insights for network security management
In terms of improvement for Darktrace, pricing is the main concern. Pricing bothers me and this is one of the major factors when choosing a solution. When we get feedback from customers, that's the only felt need. When we factor in Darktrace, we do it only limited. We put it on where the perimeters and connections are, but still, some gray areas are left out, especially if we have multiple branches. We need Darktrace on each branch to get the data out, and I suggest having some kind of a centralized product that gets data from multiple sources to aggregate and provide the data.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
"Solid intrusion detection and prevention that scales easily in very large environments."
"The most valuable feature is reliability, and this solution is better than Check Point."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
"We primarily use this solution as an intrusion prevention system for external firewalls and deploy the solution on-premises."
"It has a huge rate of protection. It's has a low level of positives and a huge rate of threat protection. It's easy to deploy and easy to implement. It has an incredible price rate compared to similar solutions."
"Users have access to intelligent security automation as one of the features, which can easily automate your event impact assessment so your IPS policy tuning can be done as well as your network behavior analysis, and you can do real-time contextual awareness with correlation of events created on your applications, user devices, operating systems, or vulnerabilities, with all of this real-time data captured including your apps and port scans."
More Cisco Sourcefire SNORT pros
"The technical support from Darktrace is very good, including support from their resellers."
"The NDR is good in their solution and they have NTG for email."
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
"In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful."
"I find it very good in the way that they show the past events, including the attack history."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"The most valuable feature is that it works autonomously."
"The most valuable features of Darktrace are the tracing of unusual external emails and monitoring the local network."
More Darktrace pros
 

Cons

"The solution's approach to managing traffic blocking is confusing and impractical."
"I don't think this solution is a time-based control system, because one cannot filter traffic based on time."
"The pricing needs to be improved."
"There are problems setting up VPNs for some regions."
"Integration with other components — even Cisco's own products — can be enhanced to improve administrative experience."
"The pricing needs to be improved. We have lots of low-budget clients around us. Budget constraints are always a deterrent in our market."
"Performance needs improvement."
"The main dashboard of Cisco Sourcefire SNORT could improve."
More Cisco Sourcefire SNORT cons
"This product needs more in terms of prevention."
"The pricing is a bit high for the region."
"The management dashboards and the meter dashboards should be more user-friendly and simple to use for easy management."
"Darktrace could improve its features, such as monitoring and detecting ransomware."
"Darktrace should have more automation and integrations with other security monitoring tools."
"There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market."
"With Darktrace, at the moment, I have to almost put in a date and tell them that I want you to give me data from this date to this date."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning."
More Darktrace cons
 

Pricing and Cost Advice

"We have a three-year license for this solution."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"Licensing for this solution is paid on a yearly basis."
"The cost is per port and can be expensive but it does include training and support for three years."
"This solution is expensive."
"The cost is moderate."
"The price of Darktrace is high and could be reduced. We pay approximately $30,000 to $54,000 annually."
"We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once. Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution."
"The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
"Our customers feel that the price of Darktrace is quite high compared to other solutions."
"There is an annual license to use Darktrace."
"The pricing is subscription-based and it is high."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
893,221 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Comms Service Provider
9%
University
9%
Construction Company
9%
Manufacturing Company
9%
Computer Software Company
9%
Financial Services Firm
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise8
Large Enterprise7
By reviewers
Company SizeCount
Small Business45
Midsize Enterprise19
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
I have not had much experience with the community-driven rule set while utilizing Cisco Sourcefire SNORT. I don't have experience with recognizing zero-day vulnerabilities, but based on my knowledg...
See all answers
What is your primary use case for Cisco Sourcefire SNORT?
Endpoint protection is the main use case. The main aspect involves specifying different rules, and when network traffic hits these rules, it will try to block the traffic or at least log the traffi...
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 10% of the time
ExtremeCloud IQ vs Cisco Sourcefire SNORT Logo
ExtremeCloud IQ vs Cisco Sourcefire SNORT
Compared 9% of the time
TrendAI Tipping Point vs Cisco Sourcefire SNORT Logo
TrendAI Tipping Point vs Cisco Sourcefire SNORT
Compared 8% of the time
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT Logo
Splunk User Behavior Analytics vs Cisco Sourcefire SNORT
Compared 8% of the time
Vectra AI vs Cisco Sourcefire SNORT Logo
Vectra AI vs Cisco Sourcefire SNORT
Compared 6% of the time
More Cisco Sourcefire SNORT Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 6% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 3% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
May 2026
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Darktrace
May 2026
Darktrace reportDownload Darktrace product report
 

Also Known As

Sourcefire SNORT
No data available
 

Overview

Cisco Sourcefire SNORT is a versatile cybersecurity tool offering threat detection, scalability, and integration with Cisco tools. It is recognized for ease of configuration and comprehensive protection, making it suitable for intrusion prevention and firewall applications.

Cisco Sourcefire SNORT provides advanced malware protection and integrates seamlessly with Cisco products. It enables automatic IPS tuning, real-time visibility, and intelligent security automation, which together enhance network security. Users benefit from its URL filtering, email spam elimination, and it delivers low false positives. Though highly effective, feedback highlights a desire for improvements in stability, dashboard effectiveness, traffic blocking customizations, and integration with Cisco DNA Center. Cost concerns and calls for cloud-based deployments also emerge in user feedback. Technical support and performance are also discussed, with VPN configuration posing challenges.

What are the key features of Cisco Sourcefire SNORT?
  • Threat Detection: Identifies and mitigates network threats efficiently.
  • Scalability: Easily adapts to growing network demands.
  • Cisco Integration: Works smoothly with existing Cisco infrastructure.
  • Advanced Malware Protection: Provides comprehensive security against sophisticated threats.
  • Real-Time Visibility: Offers live insights into network activity.
  • Automatic IPS Tuning: Adjusts security policies dynamically.
What benefits can be found in user reviews?
  • Ease of Configuration: Streamlined setup process.
  • Comprehensive Protection: Low false positive rates ensuring broader security.
  • Robust Support: Access to extensive Cisco support network.

Organizations primarily deploy Cisco Sourcefire SNORT for network security in sectors like finance and healthcare. Used extensively in data centers with Cisco Firepower, it provides intrusion prevention, URL filtering, and VPN security. Pre-configured settings make it practical for on-premises deployment, ensuring secure user-to-server and server-to-server interactions.

Cisco

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cisco Sourcefire SNORT vs. Darktrace
April 2026
Free Report: Cisco Sourcefire SNORT vs. Darktrace
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Darktrace and other solutions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Darktrace report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.