Try our new research platform with insights from 80,000+ expert users

Cisco Sourcefire SNORT vs Vectra AI comparison

Cisco and Vectra AI are both solutions in the Intrusion Detection and Prevention Software (IDPS) category. Cisco is ranked #14 with an average rating of 7.7, while Vectra AI is ranked #3 with an average rating of 8.0. Cisco holds a 3.3% mindshare in ID, compared to Vectra AI’s 11.3% mindshare. Additionally, 95% of Cisco users are willing to recommend the solution, compared to 97% of Vectra AI users who would recommend it.
Cisco Sourcefire SNORT
Read 19 Cisco Sourcefire SNORT reviews
  • 1,188 Views
  • 855 Comparison Views
95% willing to recommend
Vectra AI
Read 44 Vectra AI reviews
  • 5,133 Views
  • 2,624 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 19, 2024

Cisco Sourcefire SNORT and Vectra AI compete in the cybersecurity space, offering distinct sets of features aimed at enhancing network security. Cisco Sourcefire SNORT leads in pricing and customer support, while Vectra AI excels in advanced threat detection, making it attractive despite higher costs.

Features: Cisco Sourcefire SNORT provides effective intrusion detection and prevention using a comprehensive rule-based system, ensuring robust security controls. It benefits from an open-source foundation allowing community-driven improvements. Vectra AI employs AI and machine learning to deliver automated threat detection and insightful threat responses, offering real-time visibility and reducing the manual workload.

Room for Improvement: Cisco Sourcefire SNORT could enhance its ease of use, as its rule customization requires significant technical expertise. The interface could also be more intuitive to streamline usability. Vectra AI might look at further improving its complexity reduction, as setting initial configurations requires significant time investment. Some users may benefit from enhanced documentation to better navigate advanced features.

Ease of Deployment and Customer Service: Cisco Sourcefire SNORT offers clear deployment paths with extensive documentation, yet requires more technical skills. Its open-source community provides added support. Conversely, Vectra AI's cloud-based infrastructure simplifies deployment, complemented by superior customer service for smoother system integration.

Pricing and ROI: Cisco Sourcefire SNORT is known for favorable pricing due to its open-source nature, offering potentially high ROI with customizable capabilities. Vectra AI, while more expensive, justifies its cost with advanced features that promise reduced long-term risks, appealing to those investing in comprehensive security solutions.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Sourcefire SNORT vs. Vectra AI Report (Updated: March 2025).
Buyer's Guide
Cisco Sourcefire SNORT vs. Vectra AI
March 2025
Download the complete report
Helped 845,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Sourcefire SNORT
Ranking in Intrusion Detection and Prevention Software (IDPS)
14th
Average Rating
7.6
Reviews Sentiment
6.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
Vectra AI
Ranking in Intrusion Detection and Prevention Software (IDPS)
3rd
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
44
Ranking in other categories
Network Detection and Response (NDR) (2nd), Extended Detection and Response (XDR) (15th), Identity Threat Detection and Response (ITDR) (10th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Cisco Sourcefire SNORT is 3.3%, down from 3.9% compared to the previous year. The mindshare of Vectra AI is 11.3%, up from 10.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Syed Shahnawaz Hussain - PeerSpot reviewer
An IPS solution for security and protection but lacks stability
We assess the client's environment, including the size of the workforce responsible for firewall management. Sourcefire can be effective despite its complexity if you have a capable team. Sourcefire might not be more appropriate if you lack a strong IT team. When it comes to real-time traffic analysis, the requirements can vary significantly. Discussing an organization's or individual user's security posture adds another layer of complexity. It's important to note that there isn't a single device that can fully meet the demands of real-time traffic analysis for security purposes. Multiple appliances and solutions are often necessary to achieve comprehensive real-time visibility. We've successfully integrated Sourcefire into various environments, making the process relatively straightforward. We've incorporated it with certain NMS, so I foresee no significant challenges in integrating the Sourcefire. Cisco Sourcefire SNORT offers visibility and robust support. Its resource management documentation is notably extensive, enhancing usability. However, its complexity may pose challenges, especially as the market trends toward simpler solutions for intricate issues. While concerns regarding maturity and stability exist, the development team has actively addressed these issues, requiring ongoing scrutiny to ensure complete resolution. Overall, I rate the solution a 7 out of 10.
Read full review
Mohammad Alkurdi - PeerSpot reviewer
Innovative detection features enhance monitoring
The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the ability to automatically learn the traffic in our environment, and change the merit recommendations based on that."
"The most valuable feature is the visibility that we have across the virtual environment."
"I like most of Cisco's features, like malware detection and URL filtering."
"The URL filtering is very good and you can create a group for customized URLs."
"The tool's most valuable feature is threat detection, which is important because we have multiple layers not only in Cisco."
"The most valuable feature of this solution is the filtering."
"The solution can be integrated with some network electors like Cisco Stealthwatch, Cisco ISE, and Active Directory to provide the client with authentication certificates."
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly."
More Cisco Sourcefire SNORT pros
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"What I like best about Vectra AI is that it alerts you about suspicious activities."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched."
"Vectra AI can bring the ability to detect intrusion on the network more so than legacy IDS tools."
"The packet-capturing feature is very useful."
"One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
More Vectra AI pros
 

Cons

"With the next release, I would like to see some PBR, so that you can do the configuration with the features."
"I want to see a better dashboard for the product. The dashboard can be a bit modified or enhanced."
"While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."
"The main dashboard of Cisco Sourcefire SNORT could improve."
"The cloud can be improved."
"The solution's approach to managing traffic blocking is confusing and impractical."
"There are problems setting up VPNs for some regions."
"Performance needs improvement."
More Cisco Sourcefire SNORT cons
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"The rules for threats are not always precise and Vectra AI should improve this."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."
"Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources."
More Vectra AI cons
 

Pricing and Cost Advice

"I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco device are expensive compared to other devices."
"The cost is per port and can be expensive but it does include training and support for three years."
"If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five."
"We have a three-year license for this solution."
"Licensing for this solution is paid on a yearly basis."
"Vectra AI is not a cheap solution."
"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"The licensing is on an annual basis."
"Vectra's pricing is too high. All schools will not be able to afford it. Vectra will only end up targeting higher education and higher value independence purely because of the price. A lot of schools would love to have a product like Vectra AI, but they simply can't because they struggle to even pay the high E5 licensing from Microsoft. When you're up against that, Vectra AI is never going to be within the sector's price range."
"Its cost is too much. It's an investment that we can afford. It's a lot, but it's worth it."
"The pricing is very good. It's less expensive than many of the tools out there."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
More Vectra AI pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
See recommendations
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
11%
Government
9%
University
7%
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Sourcefire SNORT?
The product is inexpensive compared to leading brands such as Palo Alto or Fortinet.
See all answers
What is your experience regarding pricing and costs for Cisco Sourcefire SNORT?
If one is an extremely expensive product, and ten is cheap, I rate the tool's price as a five. There are some other tools in the market that are more expensive than Cisco. There are no additional c...
See all answers
What needs improvement with Cisco Sourcefire SNORT?
Cisco offers the Cisco DNA Center, which is a source that provides crucial information for us to monitor performance, and see whether there is any trouble. We are using Cisco DNA center, but again,...
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
See all answers
What is your experience regarding pricing and costs for Vectra AI?
It is very acceptable when you compare it with Darktrace, for example.
See all answers
 

Comparisons

Fortinet FortiGate IPS vs Cisco Sourcefire SNORT Logo
Fortinet FortiGate IPS vs Cisco Sourcefire SNORT
Compared 21% of the time
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT Logo
Palo Alto Networks Advanced Threat Prevention vs Cisco Sourcefire SNORT
Compared 19% of the time
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT Logo
Cisco Secure IPS (NGIPS) vs Cisco Sourcefire SNORT
Compared 15% of the time
Trend Micro TippingPoint Threat Protection System vs Cisco Sourcefire SNORT Logo
Trend Micro TippingPoint Threat Protection System vs Cisco Sourcefire SNORT
Compared 8% of the time
Darktrace vs Cisco Sourcefire SNORT Logo
Darktrace vs Cisco Sourcefire SNORT
Compared 7% of the time
More Cisco Sourcefire SNORT Competitors
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Compared 32% of the time
ExtraHop Reveal(x) vs Vectra AI Logo
ExtraHop Reveal(x) vs Vectra AI
Compared 11% of the time
Corelight vs Vectra AI Logo
Corelight vs Vectra AI
Compared 6% of the time
Cisco Secure Network Analytics vs Vectra AI Logo
Cisco Secure Network Analytics vs Vectra AI
Compared 6% of the time
More Vectra AI Competitors
 

Product Reports

Buyer's Guide
Cisco Sourcefire SNORT
March 2025
Cisco Sourcefire SNORT reportDownload Cisco Sourcefire SNORT product report
Buyer's Guide
Vectra AI
March 2025
Vectra AI reportDownload Vectra AI product report
 

Also Known As

Sourcefire SNORT
Vectra Networks, Vectra AI NDR
 

Overview

Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

Cisco

Vectra AI is used for detecting network anomalies and potential malicious activities, providing visibility into network traffic and enhancing threat detection across environments.

Organizations deploy Vectra AI mainly on-premises with additional cloud components. It helps with compliance, incident response, security monitoring, detecting insider threats, and correlating network events. Vectra AI captures and enriches network metadata, provides detailed dashboards, reduces false positives, and supports cross-environment behavioral analysis to enhance threat detection and prioritization. While valued for its high accuracy and alert aggregation, it has room for improvement in UI/UX, packet management, and integration with SIEMs and other tools. It is noted for expensive pricing and limited proactive threat response features.

What are Vectra AI's most valuable features?
  • High accuracy in identifying threat locations
  • Aggregation of alerts into single incidents
  • 24/7 threat detection
  • Visibility into the entire attack lifecycle
  • Risk score aggregation
  • Effective triaging of alerts
  • Integration with other tools
What benefits or ROI should users look for?
  • Enhanced threat detection and prioritization
  • Comprehensive network visibility
  • Reduction in false positives
  • Better incident response capabilities
  • Improved compliance monitoring

In specific industries, Vectra AI is deployed to monitor complex networks and alleviate challenges in threat detection. It is particularly effective in sectors requiring stringent compliance and security measures, offering insights and capabilities crucial for protecting sensitive data and maintaining operational integrity.

Vectra AI
 

Sample Customers

CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Buyer's Guide
Cisco Sourcefire SNORT vs. Vectra AI
March 2025
Free Report: Cisco Sourcefire SNORT vs. Vectra AI
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Vectra AI and other solutions. Updated: March 2025.
DOWNLOAD NOW
845,406 professionals have used our research since 2012.
See our Cisco Sourcefire SNORT vs. Vectra AI report.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.