Cisco Secure Network Analytics Reviews

Our primary use for this solution is to help protect against threats on our network.

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

There are no stability issues with the product.

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

We pay for support costs on a yearly basis.

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.

The solution's ability to detect threats and provide remediation greatly improved our company.

Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.

Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.

It has also reduced false positives by about 5%.

Stealthwatch saves us time, money, and administrative work.

The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.

Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.

Complexity on integration is not so straightforward and you really need an expert to help build it out.

The solution's stability is very good.

Its scalability is pretty good. We're about to roll it out bigger.

I would probably give their technical support a nine out of ten.

We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.

The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.

We used Presidio with actual Cisco people doing the work. We had a very good experience with them.

Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.

On a yearly basis, licensing is somewhere around $30,000.

We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

This solution is very stable.

We're kind of immature, right now, in our implementation, but I see it growing.

We have not used technical support at this point.

We were archaic in terms of reporting.

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

We handled the deployment in-house.

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

The pricing for this solution is good.

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.

The network visibility feature opens up a whole new pane of glass that didn't exist before, so when you talk about being able to look into your network and understand what's there for security events, impostering, and everything that Stealthwatch can bring to the table, there's nothing else that a typical customer's going to have installed today that will give them any of that information.

Stealthwatch has definitely increased our threat detection rate. I would say on average probably close to 100%. Especially in the market that we play in, which is largely commercial, a lot of customers are just getting into this, so they literally had nothing and now they have a lot.

It has also reduced our incident response time and the time it takes us to detect and remediate threats, at times by months. In addition, Stealthwatch has helped us reduce false positives.

Stealthwatch helps us save time, money, and administrative work. If you talk about a simple security event that a customer has to react to if they don't have the visibility you don't find out about it until something even worse happens. For example, somebody worked to get into your financial systems and they were somehow siphoning money out, not only did they get in and you didn't detect that, but now money is disappearing out of your account. So the ability to detect that threat immediately and remediate it is the true value of that reliance.

The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco, so while some of the competition may have other products that could be better or provide a better administrative experience, they don't have the breadth that Cisco does. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that.

Stealthwatch has analytics and threat protection capabilities up there with the industry best. It's a super powerful database on the backend, basically giving you access to all the latest and greatest threat detection events that are out there, and they're constantly being updated and monitored, so that's probably the best part about having something like that.

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.

Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.

Stealthwatch seems to be rock solid.

We haven't had any issues with scalability yet.

I would give the technical support seven out of ten. When it first came out, the big problem was Cisco obviously didn't have a giant technical team behind it, but that's true of any new product. Over time it has steadily gotten better, so they can solve most problems in a reasonable amount of time at this point.

On a scale of one to ten, I'd call it a six out of ten. Do you need seasoned engineers to put it in? Yes. Do you need a rocket scientist? No.

We definitely have gotten an ROI. Look at incidents in the security space when customers are hit with malware or anything like that. These are incidents that cost thousands of dollars or potentially millions of dollars, so the first incident that you prevent, it probably just paid for itself.

The solution's time to value is one of those things that depends on what the customer has in their environment. If they have relatively little security strengthening in their environment, this is something that brings near immediate full value of the product directly to the customer's hands. Obviously, if it's part of a bigger support portfolio that the customer has, it just depends on what they already have or don't have in that environment.

The market that we play in there's a lot of value very often because sometimes this is the first product that they're investing in.

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.

The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.

I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

Positive

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

The organization now have a better overview how their traffic is flowing.

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

The stability of this solution is good.

We have three people who are using this solution.

I would rate technical support for this solution highly.

We used Darktrace before.

The initial setup of this solution is complex.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.