Cisco Secure Network Analytics Reviews

We have a number of users that deployed both fixed hubs and satellite sites. Cisco Secure Network Analytics enables us to get full visibility and detect general threats on both types of sites. Regardless of whether a site is deployed overseas or back home, we want one single solution to be able to collect the telemetry, make a decision on it, and report it in a meaningful way. We also want the solution to be able to pipe it to tools that we can use to fight threats.

I think Cisco Secure Network Analytics improved our organization quite a lot. Prior to deploying it, we did not use anything, so, with it, we have gone from nothing to something. This has been a humongous leap in a way. The solution allowed us to not only get gain insight but also start collaborating with other tools. 

Cisco Secure Network Analytics helped our organization save time. I think having things like our automated analysis built into our network means we don't have to do as much threat-hunting. We still need to do a bit of threat hunting, but as long as we got the automated tools, if an alert comes in, then we can focus our activity on it. We would verify it as a false positive or true positive and then do the remediation steps from there. Rather than having to continuously look through just raw data and make the decision ourselves.

We deal with TLS and other forms of encrypted tunnels. The kind of encrypted traffic analysis we receive from Cisco Secure Network Analytics gives us behavior analytics or anomaly detection on those tunnels, which is really insightful. These analytics are particularly important when we can't man in the middle and decrypt to do a deep packet inspection.

The customizability of the UI should improve. With Splunk and other SIEM tools, you have the ability to create custom dashboards and manipulate the data in a way that works for you. Cisco gives you some creative ability, but you are very much locked into their train of thought. It would be helpful if they went more down the Splunk and Elastic route.

We found flaws in Stealthwatch, but thankfully it has the ability to interconnect with Splunk and other such tools. This enabled us to plug the information over where it falls flat and then start working on other platforms. The solution falls down but tries to make up for it.

I would also like to have greater insight into how it works under the hood. I appreciate that that might not be possible due to commercial confidentiality. However, having that greater insight would allow us to covey a level of trust to the people who use it. 

I have been using this solution for about two years now. 

The solution's stability is hard to fault. It sits there and runs without fault. We have had a fair amount of power outages and we get some very dirty power to our site. So there are brownouts and things like that and they cut off at a moment's notice and then come back and there are no configuration issues typically. We are generally quite happy with the stability that we get from the solution.

Cisco Secure Network Analytics is designed to scale well, especially in your SD-WAN solution that is designed specifically for scale. It makes sense that it scales because it is a security product for SD-WAN solutions. I have had no problems scaling. It has been pretty easy for us to scale.

I have not personally had to use Cisco's tech support. 

We did not previously use a different solution. 

I think generally it was quite easy to deploy. It's a virtualized device, so I just put it on the hypervisor and the documentation is good. I think the research environment that we placed it in was an SD-WAN. We had physical IR1001s and they were a little bit more difficult to figure out. The documentation was a little bit all over the place for that specifically. We had to do a lot of cross-referencing. 

We deployed he solution in-house. 

I think we will get a return on investment from this solution. 

From what I've seen when using the Cisco ecosystem, you can get some good value from the licensing. But there are products out there like Cisco Firepower, for which the license is expensive. We are very much trying to move away from Firepower specifically because of the pricing. It's just not good value for us.

When choosing Cisco, we didn't not consider other solutions, but the expertise that we had in-house was central to our decision. We're very much brought into the CCNA and CCMP learning path and therefore we have expertise in Cisco equipment. To buy into the ecosystem of a Cisco competitor like Juniper would be more trouble and costly for us in the long run. Plus, Cisco does a good job.

I've had not necessarily bad experiences with other products, but when it comes to configuring them, I find them a bit more time-consuming than Cisco. Junos, for example, I typically find the commands I have to type in a bit more convoluted and have to look at documentation over and over again because they're very non-logical. Cisco does have a little bit of backwardness in a CLI, but it's much more intuitive. It's easier for me to go to Cisco and do the CLI and configure everything that I need rather than going to Junos.

The key integration we use with Cisco Secure Network Analytics is Splunk outside of the Cisco ecosystem. We have had an internal push to get further into the Cisco ecosystem because Stealthwatch is just detection and has no way of doing your security orchestration but other Cisco solutions do. The idea going forward is that we will be able to buy in a bit further and exploit that integration to do more machine time response.

I think Cisco Secure Network Analytics is quite good when it comes to securing the infrastructure from end to end. This is particularly the case when you are deploying something like the Cisco SD-WAN solution where you've got your controlling data plane. Cisco has thought about this, going back to the encrypted traffic analysis, your Cisco controlling data plane won't stand up unless they're encrypted. Unless I want a man-in-the-middle, which causes other issues, I deploy Stealthwatch. Stealthwatch has that encrypted traffic analysis. I think it's really well thought through.

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.

From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it. 

We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.

ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.

In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.

A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.

I used Cisco Stealthwatch for a 30-day trial.

We didn't notice any bugs or glitches. 

As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it. 

We only needed to contact technical support once. They were very helpful. They walked us through everything. 

It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.

Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.

We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc. 

Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco. 

Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco. 

The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.

The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch. 

The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

I've been using this solution for five years. 

The solution is very stable. 

This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.

Technical support has been good, similar to other areas of Cisco support. 

The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.

This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

I rate this solution an eight out of 10. 

We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.

StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.

There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.

StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market. 

Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.

The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.

We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.

We switched to StealthWatch for the orchestration features. 

Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.

The deployment includes about five engineers—six including me.

We used some integrators, including a consultant from Cisco.

We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs. 

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

It is stable.

It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

Cisco tech support is very helpful. They have different tech support management options.

Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

Positive

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

We're currently using it to figure out what is happening in our network. For example, to see whether there's any incorrect traffic in our network. We are also using it to monitor traffic coming from the internet into our network.

We have about 30,000 end users and about 60,000 end devices in the network. We are located in the capital area and have 30 hospitals and 200 other sites.

Cisco Secure Network Analytics has increased the visibility of what is happening in our network, and I think that's the most important reason to use it. We can see what is really happening instead of just looking at numbers from routers or switches.

The user interface is quite good and helps us to understand what is happening.

Cisco Secure Network Analytics provides better visibility, which has helped free up our IT staff's time.

We have been able to save time as an organization in terms of trouble shooting.

I would like to see interoperability with other Cisco products because we have ThousandEyes, Cisco Prime, and others. The interaction among these is important to us.

I've been using this solution for two months.

It scales well, but the cost is a limiting factor for us.

My experience with Cisco's technical support has been good, and I would give them an eight out of ten.

Positive

I was involved with the initial setup, and it was quite straightforward to implement it into our specific environment. Because we were already using Cisco devices, we just had to configure the devices and direct the traffic to them.

We implemented it with the help of our partner's team, and they did good work.

We chose Cisco Services versus competing services because we have a lot of Cisco devices and wanted a solution that will work with them.

On a scale from one to ten, I'd rate Cisco Secure Network Analytics at eight.