Cisco Secure Network Analytics Reviews

We use this solution for NetFlow statistics.

This solution allows us to be more agile when it comes to troubleshooting our NetFlow and our network systems.

Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before. We have a higher level of visibility for our systems and structures.

It has reduced our incident response time. 

The most valuable feature is the graphical analytics that it provides for mobile data.

The solution's analytics and threat detection capabilities are fantastic.

The initial setup is complex, as there is a lot to configure.

It's a rock-solid solution and we do a lot with it.

We bought the biggest box there is, so it's as big as it's going to get.

Technical support is good, although we haven't had any issues.

We switched solutions because we were doing network segmentation and the Cisco program that we were enrolled in required Stealthwatch to be embedded into our core.

The initial setup of this solution is complex. There is a lot to configure, and we're a big university so there is a lot of work that needed to be done.

We bought this solution through three different resellers and the experience was great.

We evaluated Plixer, but half of our medical center was already very familiar with Stealthwatch so it was an easy transition for us.

The vendors on our shortlist were ePlus and First Light. We split the load between them.

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.

This is a solid solution, and a necessary tool to add insight into our network.

I would rate this solution an eight out of ten.

We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.

We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.

That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.

It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.

The ability to see a real-time picture of the network is the most valuable for us.

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

The product is very stable. No problems at all.

I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.

There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.

I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.

We dealt directly with Cisco for the implementation.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

Our primary use for this solution is to help protect against threats on our network.

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

There are no stability issues with the product.

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

We pay for support costs on a yearly basis.

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.

The solution's ability to detect threats and provide remediation greatly improved our company.

Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.

Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.

It has also reduced false positives by about 5%.

Stealthwatch saves us time, money, and administrative work.

The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.

Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.

Complexity on integration is not so straightforward and you really need an expert to help build it out.

The solution's stability is very good.

Its scalability is pretty good. We're about to roll it out bigger.

I would probably give their technical support a nine out of ten.

We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.

The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.

We used Presidio with actual Cisco people doing the work. We had a very good experience with them.

Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.

On a yearly basis, licensing is somewhere around $30,000.

We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

This solution is very stable.

We're kind of immature, right now, in our implementation, but I see it growing.

We have not used technical support at this point.

We were archaic in terms of reporting.

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

We handled the deployment in-house.

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

The pricing for this solution is good.

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

We haven't had any stability issues so far, but we have only been running it for half a year.

The scalability is good, seen from a license perspective, as well.

We haven't really used the technical support yet, but in general, they are good.

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

We deployed it ourselves.

I don't think we have saved money, to be honest. But you cannot measure security and money.

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.

The network visibility feature opens up a whole new pane of glass that didn't exist before, so when you talk about being able to look into your network and understand what's there for security events, impostering, and everything that Stealthwatch can bring to the table, there's nothing else that a typical customer's going to have installed today that will give them any of that information.

Stealthwatch has definitely increased our threat detection rate. I would say on average probably close to 100%. Especially in the market that we play in, which is largely commercial, a lot of customers are just getting into this, so they literally had nothing and now they have a lot.

It has also reduced our incident response time and the time it takes us to detect and remediate threats, at times by months. In addition, Stealthwatch has helped us reduce false positives.

Stealthwatch helps us save time, money, and administrative work. If you talk about a simple security event that a customer has to react to if they don't have the visibility you don't find out about it until something even worse happens. For example, somebody worked to get into your financial systems and they were somehow siphoning money out, not only did they get in and you didn't detect that, but now money is disappearing out of your account. So the ability to detect that threat immediately and remediate it is the true value of that reliance.

The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco, so while some of the competition may have other products that could be better or provide a better administrative experience, they don't have the breadth that Cisco does. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that.

Stealthwatch has analytics and threat protection capabilities up there with the industry best. It's a super powerful database on the backend, basically giving you access to all the latest and greatest threat detection events that are out there, and they're constantly being updated and monitored, so that's probably the best part about having something like that.

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.

Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.

Stealthwatch seems to be rock solid.

We haven't had any issues with scalability yet.

I would give the technical support seven out of ten. When it first came out, the big problem was Cisco obviously didn't have a giant technical team behind it, but that's true of any new product. Over time it has steadily gotten better, so they can solve most problems in a reasonable amount of time at this point.

On a scale of one to ten, I'd call it a six out of ten. Do you need seasoned engineers to put it in? Yes. Do you need a rocket scientist? No.

We definitely have gotten an ROI. Look at incidents in the security space when customers are hit with malware or anything like that. These are incidents that cost thousands of dollars or potentially millions of dollars, so the first incident that you prevent, it probably just paid for itself.

The solution's time to value is one of those things that depends on what the customer has in their environment. If they have relatively little security strengthening in their environment, this is something that brings near immediate full value of the product directly to the customer's hands. Obviously, if it's part of a bigger support portfolio that the customer has, it just depends on what they already have or don't have in that environment.

The market that we play in there's a lot of value very often because sometimes this is the first product that they're investing in.

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.

The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.

I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.

We recently got a security team. They've been more hands-on. They are not intuitive to networks. 

Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.

The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.

The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector. 

It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. 

I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. 

We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.

As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.

We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading. 

Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector. 

As far as scalability for the one that we purchased, it was not that great.

I haven't had to use their technical support services.

We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.

Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.

Stealthwatch has almost everything we need. There's no reason to evaluate anyone else. 

We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.

The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. 

As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. 

It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.

Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.

I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. 

Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.

The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. 

I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.