Cisco Secure Network Analytics Reviews

Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.

Cisco Stealthwatch has improved our organization's analytics and threat protection capabilities by catching threats early on. We are still at the baselining stage, but I can also say that our organization improved dramatically when we found out that a host was constantly talking to an FTP server. It turned out to be an employee that was going to be terminated and he was trying to pull data from the FTP server constantly. He pulled three or four GBs and we caught it with this tool. It saved us a net fortune.

The solution has also increased our threat detection rate dramatically and that gives us time to remediate those threats.

The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all.

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. 

It is extremely stable. I haven't had a crash since installing it.

It is very scalable. You only have to purchase more licensing. As far as I understand, it can become as big as you want it to become and how many net flows you can afford.

The technical support is awesome. Anytime I call Cisco Tech, they call me back within thirty minutes or an hour with an answer to solve the problem. The guides that they have within the product itself are pretty self-explanatory. As long as you're willing to sit down and read it, you don't even need to call tech.

My superior asked what this host was doing within our network, what data he was pulling and why he had it on this PC. We couldn't answer to say that he wasn't pulling data from that server or what data he was in fact pulling. So we had to find a solution to answer those questions. We are a Cisco shop so we kind of just went for this solution.

The initial setup was straightforward. They explained the steps that they were going to do and they had it deployed within about two hours. It didn't take long and now we're just doing the baseline, which takes about three months.

Yes, we used Network Center and they were good.

I can foresee that this solution will save us an immense lot of work in the future. Instead of having 20 people looking at logs and sifting through logs, you could have one individual simply sifting through this. It will be a lot easier and less time-consuming.
So the time to value of this solution is great. For every person you're going to pay about $70 or $80,000 a year, you would now only have to pay one individual instead of 20.

This solution is a little expensive. Open-source is obviously a key to victory in some people's eyes but with open-source, you can't pay anybody. So it could be a little cheaper, but it has great functionality. 

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. 

We provide this solution to our customers to give them visibility into their network.

This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.

It has reduced our incident response time by around forty percent.

It saves time, money and administrative work for our customers.

The most valuable features provided by this solution are visibility and information.

The solution's analytics and threat detection capabilities are good. Network visibility is also really good. 

The encrypted traffic analytics work well, I don't see any problem with it.

The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.

It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

I would say that the stability of this solution could be better.

The scalability is okay.

Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.

Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.

The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.

I performed the deployment myself.

We did not evaluate other options before choosing this solution.

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.

Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.

It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.

I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.

It may have reduced the time to detect and remedy threats a little.

It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.

I'm sure Stealthwatch saves us time, money, and administrative work.

The ability to send data flow from other places and have them all in one place is very valuable for us.

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.

It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.

We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.

I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.

In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.

I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.

In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.

I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

Our primary use is to monitor our network, especially our remote branches.

Stealthwatch has decreased our troubleshooting steps and also cut down on the amount of time it takes us to resolve an issue.

We're able to map out our environment using Stealthwatch and we can see where our data is going, throughout our network.

Stealthwatch reduced our incident response rate, as well as the amount of time it takes to detect and remediate threats by about 25%.

This solution saves us time, money, and administrative work.

The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems.

In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing.

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.

The solution's very stable. Even through the upgrades after Cisco's acquisition, it has proved to be very stable.

It scales very well.

We haven't had to use it much. When we have, it's been similar to most Cisco technical support, which is very knowledgeable and helpful.

We previously used SolarWinds. The version of SolarWinds that we were using didn't give us the visibility that we needed, so we switched to Stealthwatch.

The initial setup was straightforward.

We have seen a return on investment, from the fact that we now take less time to resolve an issue because we have Stealthwatch. We can capture some data in real time, or we can actually go back in the history base if we have to, to see where the issues may have started, and we also have baselines.

Their time to value is very good. We've upgraded and we just relicensed, so this is definitely a product that we use.

The yearly licensing cost is about $50,000.

We evaluated SolarWinds, WhatsUp Gold, and a couple of others that I can't think of right now.

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.

I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

Our main reason for using Stealthwatch is it gives us visibility.

Stability is the most valuable feature we have seen in this solution.

Stealthwatch needs improvement when it comes to speed.

The solution's stability is good.

I think this solution is okay with scale.

I think their technical support is great.

The initial setup was straightforward.

Time to value is very good for Stealthwatch.

I would rate Stealthwatch as an eight or nine out of ten.

Our primary use case for Cisco Stealthwatch is to ensure net flow.

Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization. 

The most valuable feature of this solution is that it give us insight into what's happening in our network. 

I don't really think we really save time while using this solution.

Cisco Stealthwatch is quite stable.

It all depends on the platform you are using, but I think it is pretty scalable.

The configuration of the solution was quite complex so I won't say that it is straightforward to set everything up.

We used a vendor, Cisco, for implementation. 

I believe ROI will take around a year.

We also look at Red Hat.

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

I never had to use technical support before.

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

We haven't seen ROI.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.

Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen. 

I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now. 

The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.

We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.

The solution is very stable and we haven't had any crashes yet.

Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.

I do know we have used the support before and it was good enough to get our problems fixed.

We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.

The initial setup was pretty straightforward and sufficient. It's good.

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. 

Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.