Cisco Secure Network Analytics Reviews

We primarily handle the design, implementation, and support for the solution and we also manage collaboration, routing and switching, security products, et cetera.

Overall, the implementation is very good.

The solution offers good security. 

We find the solution is very good at collaborating with other solutions.

We don't really see any limitations on the product. Overall, it's been good.

We would like the solution to make more advances in the way that Extreme Networks has been doing.

We've been using the solution for about two months. It hasn't been too long just yet.

We can handle technical support if our clients run into any issues. It's part of the services we offer.

We also use Extreme Networks. We find it is a bit better than Cisco. We're also partners with Fortinet.

The implementation is very easy and straightforward. 

We implement the solution for our clients. We're Cisco partners, and therefore can manage all kinds of deployments.

We are a Cisco premier partner.

In general, I would rate the solution ten out of ten. We've had very good experiences so far.

My customers buy Stealthwatch for traffic analysis. 

Cisco could improve the administration for the customers.

I have been selling Stealthwatch for one to two years. 

I haven't heard from my customers that they had any problems with stability. 

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

The organization now have a better overview how their traffic is flowing.

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

The stability of this solution is good.

We have three people who are using this solution.

I would rate technical support for this solution highly.

We used Darktrace before.

The initial setup of this solution is complex.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Our primary use case is for it to run our call center 24/7 365 days a year. 

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

So far we've had a good experience with stability. We've run into some issues with the configuration. 

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.    

We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products. 

We had engineers that set it up. There were some problems that Cisco support came to fix. 

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs. 

Our primary use case for Stealthwatch is endpoint security.

Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.

It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.

The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.

They should include Citrix VDIs in the next release.

It's stable.

It's challenging to scale as big as our environment.

I highly recommend their technical support.

We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.

The setup was of moderate complexity because of the Citrix environment.

We used a reseller for the deployment called Presidio. We had a good deployment with them.

We also looked at FortiGate.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

We use the solution primarily for IDS/IPS.

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

We just immediately went with Stealthwatch and did not have a previous solution.

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

We did not use a vendor team for the deployment.

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

We are still running it but so far it has been really stable.

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

Although I wasn't involved in the initial setup myself, it looked straightforward. 

We installed the solution ourselves because we are Cisco partners.

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.

We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.

That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.

It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.

The ability to see a real-time picture of the network is the most valuable for us.

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

The product is very stable. No problems at all.

I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.

There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.

I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.

We dealt directly with Cisco for the implementation.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.