Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
Trellix Intrusion Prevention System
Score 7.8 out of 10
N/A
Trellix Intrusion Prevention System (replacing the former McAfee Network Security Platform) is an intrusion detection and prevention system (IDPS) for on-prem or virtual networks.
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
McAfee Network Security does do what it promises, and it integrates nicely with other McAfee services my work computer has. Sometimes I do feel though that McAfee does hinder your computer/internet performance, but maybe it's a trade-off that's worth it. I do wish they would refine their threat detection so some websites that I don't think are harmful and want to visit for work purposes aren't blocked. There's been times where I google a question and a website has the answer but McAfee will block it. If you're in a position at a financial company like me, where you're dealing with sensitive/private information, it's important to have this type of software to protect data.
The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you.
