Cisco Secure Network Analytics Reviews

We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.

The network visibility feature opens up a whole new pane of glass that didn't exist before, so when you talk about being able to look into your network and understand what's there for security events, impostering, and everything that Stealthwatch can bring to the table, there's nothing else that a typical customer's going to have installed today that will give them any of that information.

Stealthwatch has definitely increased our threat detection rate. I would say on average probably close to 100%. Especially in the market that we play in, which is largely commercial, a lot of customers are just getting into this, so they literally had nothing and now they have a lot.

It has also reduced our incident response time and the time it takes us to detect and remediate threats, at times by months. In addition, Stealthwatch has helped us reduce false positives.

Stealthwatch helps us save time, money, and administrative work. If you talk about a simple security event that a customer has to react to if they don't have the visibility you don't find out about it until something even worse happens. For example, somebody worked to get into your financial systems and they were somehow siphoning money out, not only did they get in and you didn't detect that, but now money is disappearing out of your account. So the ability to detect that threat immediately and remediate it is the true value of that reliance.

The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco, so while some of the competition may have other products that could be better or provide a better administrative experience, they don't have the breadth that Cisco does. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that.

Stealthwatch has analytics and threat protection capabilities up there with the industry best. It's a super powerful database on the backend, basically giving you access to all the latest and greatest threat detection events that are out there, and they're constantly being updated and monitored, so that's probably the best part about having something like that.

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.

Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.

Stealthwatch seems to be rock solid.

We haven't had any issues with scalability yet.

I would give the technical support seven out of ten. When it first came out, the big problem was Cisco obviously didn't have a giant technical team behind it, but that's true of any new product. Over time it has steadily gotten better, so they can solve most problems in a reasonable amount of time at this point.

On a scale of one to ten, I'd call it a six out of ten. Do you need seasoned engineers to put it in? Yes. Do you need a rocket scientist? No.

We definitely have gotten an ROI. Look at incidents in the security space when customers are hit with malware or anything like that. These are incidents that cost thousands of dollars or potentially millions of dollars, so the first incident that you prevent, it probably just paid for itself.

The solution's time to value is one of those things that depends on what the customer has in their environment. If they have relatively little security strengthening in their environment, this is something that brings near immediate full value of the product directly to the customer's hands. Obviously, if it's part of a bigger support portfolio that the customer has, it just depends on what they already have or don't have in that environment.

The market that we play in there's a lot of value very often because sometimes this is the first product that they're investing in.

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.

The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.

I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

Positive

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

The organization now have a better overview how their traffic is flowing.

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

The stability of this solution is good.

We have three people who are using this solution.

I would rate technical support for this solution highly.

We used Darktrace before.

The initial setup of this solution is complex.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Our primary use case is for it to run our call center 24/7 365 days a year. 

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

So far we've had a good experience with stability. We've run into some issues with the configuration. 

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.    

We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products. 

We had engineers that set it up. There were some problems that Cisco support came to fix. 

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs. 

Our primary use case for Stealthwatch is endpoint security.

Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.

It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.

The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.

They should include Citrix VDIs in the next release.

It's stable.

It's challenging to scale as big as our environment.

I highly recommend their technical support.

We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.

The setup was of moderate complexity because of the Citrix environment.

We used a reseller for the deployment called Presidio. We had a good deployment with them.

We also looked at FortiGate.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

We use the solution primarily for IDS/IPS.

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

We just immediately went with Stealthwatch and did not have a previous solution.

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

We did not use a vendor team for the deployment.

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.