Cisco Secure Network Analytics Reviews

We use this solution for NetFlow statistics.

This solution allows us to be more agile when it comes to troubleshooting our NetFlow and our network systems.

Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before. We have a higher level of visibility for our systems and structures.

It has reduced our incident response time. 

The most valuable feature is the graphical analytics that it provides for mobile data.

The solution's analytics and threat detection capabilities are fantastic.

The initial setup is complex, as there is a lot to configure.

It's a rock-solid solution and we do a lot with it.

We bought the biggest box there is, so it's as big as it's going to get.

Technical support is good, although we haven't had any issues.

We switched solutions because we were doing network segmentation and the Cisco program that we were enrolled in required Stealthwatch to be embedded into our core.

The initial setup of this solution is complex. There is a lot to configure, and we're a big university so there is a lot of work that needed to be done.

We bought this solution through three different resellers and the experience was great.

We evaluated Plixer, but half of our medical center was already very familiar with Stealthwatch so it was an easy transition for us.

The vendors on our shortlist were ePlus and First Light. We split the load between them.

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.

This is a solid solution, and a necessary tool to add insight into our network.

I would rate this solution an eight out of ten.

We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.

We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.

That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.

It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.

The ability to see a real-time picture of the network is the most valuable for us.

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

The product is very stable. No problems at all.

I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.

There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.

I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.

We dealt directly with Cisco for the implementation.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

We mainly use this solution for diagnostic information.

Being able to see the actual data flows transiting the network versus what we had planned is a great sanity check for our overall design planning. It is also useful to be able to make sure that we track the load that we anticipate.

The core reason we purchased this product was to increase our visibility of where the traffic sources and destinations were, as opposed to just raw data that is on the interface.

Stealthwatch has also reduced 10% of false positives. We're kind of limited to the deployment of Stealthwatch right now.

It saves us administrative work and design. 

Being able to identify specific data closed across the network is invaluable.

Their analytics and threat detection capabilities are good. We're able to pick out the individual traffic flows for specific users and even individual sessions across the network and reconstruct timelines of activity after the fact, if needed, or use the data in real time to plan out network capacity and growth.

Stealthwatch is a very stable solution.

We've had problems with element licensing costs so scalability is a concern.

The technical support provided is excellent.

We used NetFlow before, so Stealthwatch was pretty much the only game in town for getting the level of detail that we were looking for out of the transport network. It was a natural choice.

We used a vendor for the implementation. 

Licensing is on a yearly basis, but I have no idea what the costs are.

We work very closely with Cisco directly and therefore we really just looked at Stealthwatch, because it was Cisco's product and they said this is what we do.

You definitely need something to do flow level analysis.

The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.

I would rate this solution as seven out of ten.

Our primary use for this solution is to help protect against threats on our network.

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

There are no stability issues with the product.

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

We pay for support costs on a yearly basis.

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.

The solution's ability to detect threats and provide remediation greatly improved our company.

Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.

Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.

It has also reduced false positives by about 5%.

Stealthwatch saves us time, money, and administrative work.

The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.

Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.

Complexity on integration is not so straightforward and you really need an expert to help build it out.

The solution's stability is very good.

Its scalability is pretty good. We're about to roll it out bigger.

I would probably give their technical support a nine out of ten.

We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.

The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.

We used Presidio with actual Cisco people doing the work. We had a very good experience with them.

Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.

On a yearly basis, licensing is somewhere around $30,000.

We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

This solution is very stable.

We're kind of immature, right now, in our implementation, but I see it growing.

We have not used technical support at this point.

We were archaic in terms of reporting.

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

We handled the deployment in-house.

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

The pricing for this solution is good.

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

We use Stealthwatch mainly for security.

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

I would like to see some improvement when it comes to reporting.

The stability of the solution is fair.

Stealthwatch has a good level of scalability.

I would consider their technical support as "fair."

We were using SolarWinds and we are still using SolarWinds, so we use both.

The initial setup was complex, especially as it came to configurations.

We used an integrator for deployment. We had a pretty good experience with them.

The licensing costs are outrageous, but Stealthwatch has a good time to value.

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

We haven't had any stability issues so far, but we have only been running it for half a year.

The scalability is good, seen from a license perspective, as well.

We haven't really used the technical support yet, but in general, they are good.

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

We deployed it ourselves.

I don't think we have saved money, to be honest. But you cannot measure security and money.

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.