Cisco Secure Network Analytics Reviews

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

It is stable.

It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

Cisco tech support is very helpful. They have different tech support management options.

Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

We primarily handle the design, implementation, and support for the solution and we also manage collaboration, routing and switching, security products, et cetera.

Overall, the implementation is very good.

The solution offers good security. 

We find the solution is very good at collaborating with other solutions.

We don't really see any limitations on the product. Overall, it's been good.

We would like the solution to make more advances in the way that Extreme Networks has been doing.

We've been using the solution for about two months. It hasn't been too long just yet.

We can handle technical support if our clients run into any issues. It's part of the services we offer.

We also use Extreme Networks. We find it is a bit better than Cisco. We're also partners with Fortinet.

The implementation is very easy and straightforward. 

We implement the solution for our clients. We're Cisco partners, and therefore can manage all kinds of deployments.

We are a Cisco premier partner.

In general, I would rate the solution ten out of ten. We've had very good experiences so far.

My customers buy Stealthwatch for traffic analysis. 

Cisco could improve the administration for the customers.

I have been selling Stealthwatch for one to two years. 

I haven't heard from my customers that they had any problems with stability. 

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

The organization now have a better overview how their traffic is flowing.

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

The stability of this solution is good.

We have three people who are using this solution.

I would rate technical support for this solution highly.

We used Darktrace before.

The initial setup of this solution is complex.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Our primary use case is for it to run our call center 24/7 365 days a year. 

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

So far we've had a good experience with stability. We've run into some issues with the configuration. 

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.    

We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products. 

We had engineers that set it up. There were some problems that Cisco support came to fix. 

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs.