Cisco Secure Network Analytics Reviews

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

We primarily handle the design, implementation, and support for the solution and we also manage collaboration, routing and switching, security products, et cetera.

Overall, the implementation is very good.

The solution offers good security. 

We find the solution is very good at collaborating with other solutions.

We don't really see any limitations on the product. Overall, it's been good.

We would like the solution to make more advances in the way that Extreme Networks has been doing.

We've been using the solution for about two months. It hasn't been too long just yet.

We can handle technical support if our clients run into any issues. It's part of the services we offer.

We also use Extreme Networks. We find it is a bit better than Cisco. We're also partners with Fortinet.

The implementation is very easy and straightforward. 

We implement the solution for our clients. We're Cisco partners, and therefore can manage all kinds of deployments.

We are a Cisco premier partner.

In general, I would rate the solution ten out of ten. We've had very good experiences so far.

My customers buy Stealthwatch for traffic analysis. 

Cisco could improve the administration for the customers.

I have been selling Stealthwatch for one to two years. 

I haven't heard from my customers that they had any problems with stability. 

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

The organization now have a better overview how their traffic is flowing.

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

The stability of this solution is good.

We have three people who are using this solution.

I would rate technical support for this solution highly.

We used Darktrace before.

The initial setup of this solution is complex.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Our primary use case is for it to run our call center 24/7 365 days a year. 

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

So far we've had a good experience with stability. We've run into some issues with the configuration. 

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.    

We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products. 

We had engineers that set it up. There were some problems that Cisco support came to fix. 

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs. 

Our primary use case for Stealthwatch is endpoint security.

Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.

It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.

The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.

They should include Citrix VDIs in the next release.

It's stable.

It's challenging to scale as big as our environment.

I highly recommend their technical support.

We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.

The setup was of moderate complexity because of the Citrix environment.

We used a reseller for the deployment called Presidio. We had a good deployment with them.

We also looked at FortiGate.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

We use the solution primarily for IDS/IPS.

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

We just immediately went with Stealthwatch and did not have a previous solution.

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

We did not use a vendor team for the deployment.

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

We are still running it but so far it has been really stable.

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

Although I wasn't involved in the initial setup myself, it looked straightforward. 

We installed the solution ourselves because we are Cisco partners.

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.