Cisco Secure Network Analytics Reviews

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.

We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.

The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

Stability is what we're looking for in production. Stability is everything.

The stability of the solution seems fine. It hasn't crashed yet.

Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.

For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.

The customer service has been fine, normal. It meets our expectations.

We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.

We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.

We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early. 

There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

We haven't had any stability issues so far, but we have only been running it for half a year.

The scalability is good, seen from a license perspective, as well.

We haven't really used the technical support yet, but in general, they are good.

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

We deployed it ourselves.

I don't think we have saved money, to be honest. But you cannot measure security and money.

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

Stealthwatch is primarily a network monitoring tool.

Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.

Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.

This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.

Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.

Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.

We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.

It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

Stability is really good. I don't think we ever had an issue with it.

The initial setup was straightforward. It wasn't difficult.

I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

We use Stealthwatch to identify any risk or vulnerabilities in the environment.

Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.

The cognitive analytics really helps us analyze the traffic.

The most valuable feature is its alerts and dashboard.

The solution's analytics and threat detection capabilities are also pretty reasonable.

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.

Their technical support is very good.

The initial setup was complex. Sensor and controller installation was especially complex.

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

We use Cisco Stealthwatch for security and network analytics. The solution saves you time, money, and administrative work. If we have the device support, it means that I don't have to send someone in a car to go to be local on the site and look at whatever the issue is.

Our limitation is that Cisco Stealthwatch doesn't have visibility over everything. When we can use it, it gives us direct information. We use this information not only for analyzing security threats but as well as just for general network performance in the places it has view of.  

The solution affected network visibility in our organization fairly well. Without it, I have almost no visibility. It requires me to send people to different sites to manually get captured or to look at the network.

The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.

The analytics and threat detection capabilities of Cisco Stealthwatch are pretty good. It gives us good visibility of the information. It is easy to use and to the point.

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.

I've never known it to go down or have availability issues.

Cisco Stealthwatch is scalable with money. It's expensive.

I haven't dealt with Cisco customer service directly.

The initial setup was before I was at the company. It was over six years ago.

We used an integrated reseller for the deployment called Set Solutions. Our experience with them was pretty good.

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.

The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.

It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.

Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.

We recently got a security team. They've been more hands-on. They are not intuitive to networks. 

Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.

The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.

The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector. 

It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. 

I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. 

We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.

As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.

We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading. 

Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector. 

As far as scalability for the one that we purchased, it was not that great.

I haven't had to use their technical support services.

We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.

Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.

Stealthwatch has almost everything we need. There's no reason to evaluate anyone else. 

We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.

The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. 

As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. 

It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.

Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.

I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. 

Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.

The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. 

I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

The product is stable. We have not had any downtime with it.

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

We pay a yearly license.

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

We implemented Stealthwatch Cloud in order to provide our analysts with an additional tool for security monitoring.

This tool provides another method for security analysts to triage security alerts. The artifacts available in the tool provide better information for analyzing network traffic. 

It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.

I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.

If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.

No issues with stability.

No issues with scalability. Collecting NetFlow data is not hard, however, there is a chance you’ll end up with a huge amount of data that needs investigating. It might be a good idea to deploy gradually, by network segment.

Technical support has been excellent. I would not hesitate to work with them again. The engineer I worked with was knowledgeable.

No previous solution.

The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from NetFlow-enabled devices to provide a context for network utilization.

One thing to keep in mind is that pricing is based on flow. If your environment is a Cisco shop, there should be an option to bundle it with certain purchases.

I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.

Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.

I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.

Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.