We have a number of users that deployed both fixed hubs and satellite sites. Cisco Secure Network Analytics enables us to get full visibility and detect general threats on both types of sites. Regardless of whether a site is deployed overseas or back home, we want one single solution to be able to collect the telemetry, make a decision on it, and report it in a meaningful way. We also want the solution to be able to pipe it to tools that we can use to fight threats.
Cisco Secure Network Analytics OverviewUNIXBusinessApplicationPrice:
Cisco Secure Network Analytics Buyer's Guide
Download the Cisco Secure Network Analytics Buyer's Guide including reviews and more. Updated: June 2023
What is Cisco Secure Network Analytics?
Cisco Secure Network Analytics is a highly effective network traffic analysis (NTA) solution that enables users to find threats in their network traffic even if those threats are encrypted. It turns an organization’s network telemetry into a tool that creates a complete field of vision for the organization’s administrators. Users can find threats that may have infiltrated their systems and stop them before they can do irreparable harm.
Cisco Secure Network Analytics Benefits
A few ways that organizations can benefit by choosing to deploy Cisco Secure Network Analytics include:
- Security scaling. Secure Network Analytics makes it easy for organizations to scale up their level of network protection to match the growth that their business is experiencing. It can be deployed on whatever type of system is necessary. Users will have their growth needs met at every stage of their business journey because the solution offers users the ability to use it on-premises or in the cloud and it can be consumed as a SaaS-based or license-based solution. Whenever any kind of device is added, Secure Network Analytics can automatically classify that device so that it is seamlessly integrated into its network protection system.
- Detects threats as they appear. Users gain the ability to scan their network traffic for even the most advanced threats at all times. Secure Network Analytics easily identifies the early warning signs that are typically initiated before attacks are conducted by bad actors. Once these signs are found, users are warned so that they can take steps to prevent those threats from escalating. This also enables users to determine the source of the threat and whether it might have spread further than initially thought.
- Eliminate blind spots. Organizations that use Secure Network Analytics can view their network traffic across both private networks and public cloud environments. The scanning power of the solution allows users to gain complete visibility with a fewer number of sensors than their competitors require to achieve a similar level of protection.
Cisco Secure Network Analytics Features
Some of the many features that Cisco Secure Network Analytics offers include:
- Centralized security management. Secure Network Analytics’ Identity Services Engine feature enables users to control their network from a single graphical user interface. Administrators can simplify their jobs by controlling profiler, posture, guest, authentication, and authorization services from a single pane of glass.
- Machine learning tools. Secure Network Analytics uses machine learning to generate alerts when malicious or suspicious activity is detected. It also analyzes the threat so that users gain insight into the nature of the dangers that confront them. Additionally, it examines the threats to determine whether they are actual threats or false alarms. This significantly reduces the number of false alarms that administrators have to spend time attempting to resolve.
- Automation. Users can automate routine tasks that users would otherwise have to handle manually. This automation feature frees administrators and employees to handle other more critical tasks.
Reviews from Real Users
Cisco Secure Network Analytics is a solution that stands out even when compared to many other comparable products. Two major advantages that it offers are the way that it enables users to define the threshold at which the solution will issue a warning to administrators and the predefined alerts that it offers straight out of the box.
Gerald J., the information technology operations supervisor at Aboitiz Equity Ventures, Inc., writes, “StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.”
A senior security engineer at a tech services company, says, “Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.”
Cisco Secure Network Analytics was previously known as Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch.
Cisco Secure Network Analytics Customers
Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
Cisco Secure Network Analytics Pricing Advice
What users are saying about Cisco Secure Network Analytics pricing:
Cisco Secure Network Analytics Reviews
Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
- Date
- Highest Rating
- Lowest Rating
- Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Cyber Scientist at a government with 10,001+ employees
Improved our organization greatly but greater customizability would be beneficial
Pros and Cons
- "The solution allowed us to not only get gain insight but also start collaborating with other tools."
- "The customizability of the UI should improve."
What is our primary use case?
How has it helped my organization?
I think Cisco Secure Network Analytics improved our organization quite a lot. Prior to deploying it, we did not use anything, so, with it, we have gone from nothing to something. This has been a humongous leap in a way. The solution allowed us to not only get gain insight but also start collaborating with other tools.
Cisco Secure Network Analytics helped our organization save time. I think having things like our automated analysis built into our network means we don't have to do as much threat-hunting. We still need to do a bit of threat hunting, but as long as we got the automated tools, if an alert comes in, then we can focus our activity on it. We would verify it as a false positive or true positive and then do the remediation steps from there. Rather than having to continuously look through just raw data and make the decision ourselves.
What is most valuable?
We deal with TLS and other forms of encrypted tunnels. The kind of encrypted traffic analysis we receive from Cisco Secure Network Analytics gives us behavior analytics or anomaly detection on those tunnels, which is really insightful. These analytics are particularly important when we can't man in the middle and decrypt to do a deep packet inspection.
What needs improvement?
The customizability of the UI should improve. With Splunk and other SIEM tools, you have the ability to create custom dashboards and manipulate the data in a way that works for you. Cisco gives you some creative ability, but you are very much locked into their train of thought. It would be helpful if they went more down the Splunk and Elastic route.
We found flaws in Stealthwatch, but thankfully it has the ability to interconnect with Splunk and other such tools. This enabled us to plug the information over where it falls flat and then start working on other platforms. The solution falls down but tries to make up for it.
I would also like to have greater insight into how it works under the hood. I appreciate that that might not be possible due to commercial confidentiality. However, having that greater insight would allow us to covey a level of trust to the people who use it.
Buyer's Guide
Cisco Secure Network Analytics
June 2023

Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,544 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for about two years now.
What do I think about the stability of the solution?
The solution's stability is hard to fault. It sits there and runs without fault. We have had a fair amount of power outages and we get some very dirty power to our site. So there are brownouts and things like that and they cut off at a moment's notice and then come back and there are no configuration issues typically. We are generally quite happy with the stability that we get from the solution.
What do I think about the scalability of the solution?
Cisco Secure Network Analytics is designed to scale well, especially in your SD-WAN solution that is designed specifically for scale. It makes sense that it scales because it is a security product for SD-WAN solutions. I have had no problems scaling. It has been pretty easy for us to scale.
How are customer service and support?
I have not personally had to use Cisco's tech support.
Which solution did I use previously and why did I switch?
We did not previously use a different solution.
How was the initial setup?
I think generally it was quite easy to deploy. It's a virtualized device, so I just put it on the hypervisor and the documentation is good. I think the research environment that we placed it in was an SD-WAN. We had physical IR1001s and they were a little bit more difficult to figure out. The documentation was a little bit all over the place for that specifically. We had to do a lot of cross-referencing.
What about the implementation team?
We deployed he solution in-house.
What was our ROI?
I think we will get a return on investment from this solution.
What's my experience with pricing, setup cost, and licensing?
From what I've seen when using the Cisco ecosystem, you can get some good value from the licensing. But there are products out there like Cisco Firepower, for which the license is expensive. We are very much trying to move away from Firepower specifically because of the pricing. It's just not good value for us.
Which other solutions did I evaluate?
When choosing Cisco, we didn't not consider other solutions, but the expertise that we had in-house was central to our decision. We're very much brought into the CCNA and CCMP learning path and therefore we have expertise in Cisco equipment. To buy into the ecosystem of a Cisco competitor like Juniper would be more trouble and costly for us in the long run. Plus, Cisco does a good job.
I've had not necessarily bad experiences with other products, but when it comes to configuring them, I find them a bit more time-consuming than Cisco. Junos, for example, I typically find the commands I have to type in a bit more convoluted and have to look at documentation over and over again because they're very non-logical. Cisco does have a little bit of backwardness in a CLI, but it's much more intuitive. It's easier for me to go to Cisco and do the CLI and configure everything that I need rather than going to Junos.
What other advice do I have?
The key integration we use with Cisco Secure Network Analytics is Splunk outside of the Cisco ecosystem. We have had an internal push to get further into the Cisco ecosystem because Stealthwatch is just detection and has no way of doing your security orchestration but other Cisco solutions do. The idea going forward is that we will be able to buy in a bit further and exploit that integration to do more machine time response.
I think Cisco Secure Network Analytics is quite good when it comes to securing the infrastructure from end to end. This is particularly the case when you are deploying something like the Cisco SD-WAN solution where you've got your controlling data plane. Cisco has thought about this, going back to the encrypted traffic analysis, your Cisco controlling data plane won't stand up unless they're encrypted. Unless I want a man-in-the-middle, which causes other issues, I deploy Stealthwatch. Stealthwatch has that encrypted traffic analysis. I think it's really well thought through.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Feb 27, 2023
Flag as inappropriate
Senior Security Engineer at a tech services company with 501-1,000 employees
Plenty of add-ons, helpful support, and beneficial network visibility
Pros and Cons
- "Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box."
- "Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product."
What is our primary use case?
We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.
How has it helped my organization?
Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.
We have a better understanding of the network which allows us to tweak our security policies from the information we receive.
What is most valuable?
Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.
The solution has a lot of add-on features available.
What needs improvement?
Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.
For how long have I used the solution?
I have used Cisco Stealthwatch within the last 12 months.
What do I think about the stability of the solution?
The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.
What do I think about the scalability of the solution?
The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.
Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.
How are customer service and support?
We haven't had any issues with somebody from Cisco assisting us with any technical needs. We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.
Which solution did I use previously and why did I switch?
We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.
How was the initial setup?
The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.
What about the implementation team?
We did the implementation of the solution ourselves. We did not need any assistance from any integrator.
One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person.
What's my experience with pricing, setup cost, and licensing?
The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.
We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.
There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.
What other advice do I have?
I would recommend Cisco Stealthwatch to others.
The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.
I rate Cisco Stealthwatch an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Cisco Secure Network Analytics
June 2023

Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,544 professionals have used our research since 2012.
Airway Transportation Service Specialist at Federal Aviation Administration
Allowed us to effectively monitor network traffic and analyze anomalies
Pros and Cons
- "From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
- "We determined that Stealthwatch wouldn't provide the machine learning model that we required."
What is our primary use case?
Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.
What is most valuable?
From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it.
What needs improvement?
We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.
ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.
In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.
A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.
For how long have I used the solution?
I used Cisco Stealthwatch for a 30-day trial.
What do I think about the stability of the solution?
We didn't notice any bugs or glitches.
What do I think about the scalability of the solution?
As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it.
How are customer service and technical support?
We only needed to contact technical support once. They were very helpful. They walked us through everything.
How was the initial setup?
It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.
What other advice do I have?
Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.
We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc.
Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Technology Officer at a tech services company with 51-200 employees
Excellent network monitoring for anomaly detection and evaluation
Pros and Cons
- "Great network monitoring, looking at anomaly detection and evaluation."
- "The visualization could be improved, the GUI is not the best."
What is our primary use case?
Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco.
How has it helped my organization?
The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.
What is most valuable?
The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch.
What needs improvement?
The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.
How are customer service and technical support?
Technical support has been good, similar to other areas of Cisco support.
How was the initial setup?
The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.
What other advice do I have?
If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment.
I rate this solution an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT Operations Supervisor at Aboitiz Equity Ventures, Inc.
I can set thresholds to detect sudden changes and the alarms go through the PLC parts
Pros and Cons
- "StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk."
- "There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous."
What is our primary use case?
We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.
What is most valuable?
StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.
What needs improvement?
There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.
For how long have I used the solution?
We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.
What do I think about the stability of the solution?
StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market.
Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.
What do I think about the scalability of the solution?
The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.
How are customer service and support?
We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.
Which solution did I use previously and why did I switch?
We switched to StealthWatch for the orchestration features.
How was the initial setup?
Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.
The deployment includes about five engineers—six including me.
What about the implementation team?
We used some integrators, including a consultant from Cisco.
What's my experience with pricing, setup cost, and licensing?
We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs.
What other advice do I have?
I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.
Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end.
If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PMO Department at a comms service provider with 1,001-5,000 employees
Good visibility, good integration with the Cisco switching platform, and helpful support
Pros and Cons
- "It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform."
- "Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks."
What is our primary use case?
We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.
It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.
What is most valuable?
It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.
What needs improvement?
Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.
How are customer service and support?
Cisco tech support is very helpful. They have different tech support management options.
How was the initial setup?
Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.
What's my experience with pricing, setup cost, and licensing?
It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.
What other advice do I have?
Cisco Stealthwatch is a good product. I would rate it an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Network and Security with 10,001+ employees
Reliable, easy to expand, and offers good integration capabilities
Pros and Cons
- "If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
- "It's not great as a standalone solution."
What is our primary use case?
We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.
Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.
What is most valuable?
I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE.
If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others.
The solution is stable.
It's scalable.
What needs improvement?
I can't speak to any missing features. It works well for us overall.
It's not great as a standalone solution.
For how long have I used the solution?
I've been using the solution for approximately seven years.
What do I think about the stability of the solution?
The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
It is a product that can scale as needed.
We have three people using it in our company right now.
How are customer service and support?
We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.
Typically, it takes one week to deploy the solution and get it up and running.
What's my experience with pricing, setup cost, and licensing?
The solution is moderately priced. It's not overly expensive or too cheap.
What other advice do I have?
We're a Cisco Gold partner.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Development Manager at a healthcare company with 10,001+ employees
Increased the visibility of what is happening in our network
Pros and Cons
- "Cisco Secure Network Analytics has increased the visibility of what is happening in our network, and I think that's the most important reason to use it. We can see what is really happening instead of just looking at numbers from routers or switches."
- "I would like to see interoperability with other Cisco products because we have ThousandEyes, Cisco Prime, and others. The interaction among these is important to us."
What is our primary use case?
We're currently using it to figure out what is happening in our network. For example, to see whether there's any incorrect traffic in our network. We are also using it to monitor traffic coming from the internet into our network.
We have about 30,000 end users and about 60,000 end devices in the network. We are located in the capital area and have 30 hospitals and 200 other sites.
How has it helped my organization?
Cisco Secure Network Analytics has increased the visibility of what is happening in our network, and I think that's the most important reason to use it. We can see what is really happening instead of just looking at numbers from routers or switches.
What is most valuable?
The user interface is quite good and helps us to understand what is happening.
Cisco Secure Network Analytics provides better visibility, which has helped free up our IT staff's time.
We have been able to save time as an organization in terms of trouble shooting.
What needs improvement?
I would like to see interoperability with other Cisco products because we have ThousandEyes, Cisco Prime, and others. The interaction among these is important to us.
For how long have I used the solution?
I've been using this solution for two months.
What do I think about the scalability of the solution?
It scales well, but the cost is a limiting factor for us.
How are customer service and support?
My experience with Cisco's technical support has been good, and I would give them an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
I was involved with the initial setup, and it was quite straightforward to implement it into our specific environment. Because we were already using Cisco devices, we just had to configure the devices and direct the traffic to them.
What about the implementation team?
We implemented it with the help of our partner's team, and they did good work.
What other advice do I have?
We chose Cisco Services versus competing services because we have a lot of Cisco devices and wanted a solution that will work with them.
On a scale from one to ten, I'd rate Cisco Secure Network Analytics at eight.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Feb 28, 2023
Flag as inappropriate
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2023
Product Categories
Network Traffic Analysis (NTA) Network Detection and Response (NDR) Cisco Security PortfolioPopular Comparisons
ThousandEyes
Cisco Secure Cloud Analytics
SolarWinds NetFlow Traffic Analyzer
Palo Alto Networks Threat Prevention
Cisco Cognitive Threat Analytics
Gigamon Deep Observability Pipeline
ExtraHop Reveal(x)
LiveAction LiveNX
Splunk User Behavior Analytics
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Any recommendations for Network Traffic Analysis (NTA) tools?
- Which Network Analyzer and Network Configuration Manager do you recommend?
- When evaluating Network Traffic Analysis, what aspect do you think is the most important to look for?
- What is the future of the Network Operation Center (NOC)?
- How is AI security improving cybersecurity?
- What is the best network traffic analysis tool for a large enterprise?
- Which device do you recommend to use for traffic shaping & bandwidth optimization between P2P links?
- What are some questions to ask vendors when researching network traffic analysis tools?
- What are your top considerations when choosing a Network Traffic Analysis tool?