Cisco Secure Network Analytics Reviews

We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.

StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.

There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.

StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market. 

Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.

The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.

We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.

We switched to StealthWatch for the orchestration features. 

Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.

The deployment includes about five engineers—six including me.

We used some integrators, including a consultant from Cisco.

We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs. 

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco. 

The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.

The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch. 

The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

I've been using this solution for five years. 

The solution is very stable. 

This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.

Technical support has been good, similar to other areas of Cisco support. 

The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.

This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

I rate this solution an eight out of 10. 

Using Cisco Secure Network Analytics has revolutionized our network security. The integration with SRTIntel provides unparalleled visibility, going beyond imagination. SNA, along with the SMA feature, offers detailed insights and call relations, enabling effective threat detection and response. The combination with endpoint protection gives us precise control over traffic, ensuring a robust defense against cyber threats.

The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration.

Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk. However, with Cisco's recent acquisition of Splunk, it seems this gap will be addressed. If this integration happens quickly, it could complete the circle, making the platform more robust and offering a comprehensive solution for our network security.

I would rate the stability as a seven out of ten.

I would rate the scalability as a seven out of ten. It is most suitable for enterprise businesses.

I have had some issues with the tech support for Cisco Secure Network Analytics in Southeast Asia. They don't seem very familiar with the product, so we usually contact teams in Australia or Europe for help. Thankfully, the support from those regions has helped sort out our technical problems. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of Cisco Secure Network Analytics was quite straightforward and user-friendly. The graphical interface makes it easy for anyone familiar with traffic management to handle the setup without much hassle. Explaining the concept to customers is a breeze, and they quickly grasp the key features. I would rate the easiness of the initial setup as a nine out of ten. The deployment typically takes a relatively short amount of time, from five to six hours.

I would rate Cisco SNA as a nine out of ten in terms of costliness.

I would recommend Cisco Secure Network Analytics to others. Overall, I would rate it as a nine out of ten.

We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

It is stable.

It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

Cisco tech support is very helpful. They have different tech support management options.

Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.

From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it. 

We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.

ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.

In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.

A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.

I used Cisco Stealthwatch for a 30-day trial.

We didn't notice any bugs or glitches. 

As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it. 

We only needed to contact technical support once. They were very helpful. They walked us through everything. 

It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.

Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.

We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc. 

Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco. 

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer.

We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network.

Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or from a performance perspective as well.

It has definitely helped us improve our mean time to resolution on network issues.

From a security perspective, I think they've been good as far as giving us knowledge.

I wouldn't say it's really transformed what we do. It's just another tool that gives us the information we need or helps alarms for us. But it only alarms on a handful of things. I think there are six or eight alerts that we've deemed critical.

Beyond that, it's just mostly the performance where I think it helps out. But that's like any NetFlow performance tool. Having insight into what's going across your network is critical for any huge network to function correctly.

The most valuable feature of this solution is the ability to do TAPs because we have a distributed network.

The ability to set up one tool to stream that data over to us has been helpful because that way, we don't have to have other infrastructure and be really close to where the activity is. 

The security features have been good for helping create some correlation. For example, when you tap in, what else happens from the network perspective. 

Otherwise, just the general network performance monitoring is probably the number one thing that gets used. If we're having slowness issues then it can tell us what the bandwidth and usage are. We can find things like what is using up all the bandwidth and then find out how can we break that apart or route that differently, through a different WAN connection or internet connection.

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

The company has been using Cisco Stealthwatch for a couple of years, but I have only been with the company for less than one year.

I have not been made aware of any stability issues with the tool. 

My understanding is that it has been easy to scale, although I was not around for it. We have not had astronomical growth, but it sounds like it runs stable and there haven't been any performance issues with it.

We have 10 to 20 threat prevention engineers and network engineers of various levels who use it.

I have not been in contact with technical support.

I have not used another similar solution in the past. I think the only thing that would even come close was using Azure Advanced Threat Analytics, but that only really analyzes network traffic coming to the domain. It checks, for example, if there is sketchy network traffic hitting your domain controllers.

In my previous jobs, I used network performance tools, but nothing that was the same as StealthWatch where it combines that performance and security analysis together.

This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it.

I looked at the capabilities of SolarWinds NetFlow and realized that it can't replace our Cisco StealthWatch.

We are using the previous version.

Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

I would rate this solution an eight out of ten.

We use this solution for NetFlow statistics.

This solution allows us to be more agile when it comes to troubleshooting our NetFlow and our network systems.

Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before. We have a higher level of visibility for our systems and structures.

It has reduced our incident response time. 

The most valuable feature is the graphical analytics that it provides for mobile data.

The solution's analytics and threat detection capabilities are fantastic.

The initial setup is complex, as there is a lot to configure.

It's a rock-solid solution and we do a lot with it.

We bought the biggest box there is, so it's as big as it's going to get.

Technical support is good, although we haven't had any issues.

We switched solutions because we were doing network segmentation and the Cisco program that we were enrolled in required Stealthwatch to be embedded into our core.

The initial setup of this solution is complex. There is a lot to configure, and we're a big university so there is a lot of work that needed to be done.

We bought this solution through three different resellers and the experience was great.

We evaluated Plixer, but half of our medical center was already very familiar with Stealthwatch so it was an easy transition for us.

The vendors on our shortlist were ePlus and First Light. We split the load between them.

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.

This is a solid solution, and a necessary tool to add insight into our network.

I would rate this solution an eight out of ten.

We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.

We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.

That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.

It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.

The ability to see a real-time picture of the network is the most valuable for us.

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

The product is very stable. No problems at all.

I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.

There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.

I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.

We dealt directly with Cisco for the implementation.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.