Cisco Secure Network Analytics Reviews

Our primary use case for Stealthwatch is endpoint security.

Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.

It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.

The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.

They should include Citrix VDIs in the next release.

It's stable.

It's challenging to scale as big as our environment.

I highly recommend their technical support.

We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.

The setup was of moderate complexity because of the Citrix environment.

We used a reseller for the deployment called Presidio. We had a good deployment with them.

We also looked at FortiGate.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

We are still running it but so far it has been really stable.

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

Although I wasn't involved in the initial setup myself, it looked straightforward. 

We installed the solution ourselves because we are Cisco partners.

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

Our primary uses for this solution are threat management and traffic management.

Our network visibility is pretty significant right now, where we use it within our data centers and even on the OT side of the house. It’s given us pretty good visibility.

This solution has increased our threat detection rate by forty to sixty percent.

Using this solution has helped us to improve threat-remediation timeframe.

It has reduced your incident response time. We use the solution's encrypted traffic analytics. It has significantly improved our capabilities. 

The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure.

It is time-consuming to set it up and understand how the tool works.

In our environment, the way we've implemented in phases, the stability is good.

We're going to be looking at this, and I'm hoping that it is scalable across our environment.

I would rate the technical support for this solution extremely well. The professional services have been really good for us.

We did not use another solution prior to this one, and we choose this solution based on Cisco's recommendation after they reviewed our requirements.

The initial setup of this solution is complex. it wasn't necessarily the tool that was complex, but the environment. It had to do with the way our network is and the requirements that we needed to be implemented. This is where the complexity came from.

We had a partner to assist us with the deployment.

Cisco was the only vendor that we considered for this solution.

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start.

The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for.

I would rate this solution an eight out of ten.

Our primary use case of this solution is for troubleshooting network issues.

This solution has improved my organization because when I have users who are having issues with patching slowness it gives me the ability to be able to proactively troubleshoot and determine what the issue is.

The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use. 

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.

It's very stable. 

Stealthwatch is very scalable.

Their technical support is very good. The turnaround has been great. 

We used them when we had a bug and the data stream was showing us data reports that weren't accurate. The support helped us with that. 

We switched and chose this solution because of the reseller's recommendation. 

The initial setup was straightforward. It was easy, the instructions were there. It was pretty straightforward to operate. Your learning curve could be a little bit difficult, but it's up and coming.

We used a reseller for the deployment called SEBok Limited. 

I have not seen ROI yet. 

Stealthwatch was the only choice. 

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. 

We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.

We are a reseller, and we are able to show demos of this solution pretty quickly. It gets people really excited.

The network visibility has vastly improved for the organizations that I assist with their services. Generally, they do not have lateral visibility into their network. We come in and deploy Cisco ISE, which helps them segment, but they still can’t prove what is going on. Now, with this solution, they have the ability to not only show what a user has tried to do, but they can show where inside of the network it was stopped. From that point, they have verification and can take action.

Our customers are happy with the threat detection rate. I would estimate that it has increased by eighteen to fifty-two percent. This solution definitely improves the incident response time. We always try to help our customers understand this advantage.

It has reduced the amount of time it takes to detect and remediate threats. I’d imagine that it makes it faster for most of our customers. A lot of them spin their wheels trying to get this information out of there, but they don’t actually see the value until they realize that the right search will show the flow immediately. It gets those answers to them quickly.

It helps with the administration. When it comes to creating documentation, you can export those things and paste them onto the back of the report.

I would say that the time to value is approximately a week. It takes this long because the machine learning component has to learn your network first.

The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows.

The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report.

I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning.

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.

Eliminating Java from the SMC would improve this solution.

It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.

This solution is pretty stable for the most part. I don't like Java, so that's the thing that needs to go, but for the most part, it is a great solution.

This is a really scalable solution. We have done some pretty large deployments, and I have seen the scalability.

I haven't needed to contact technical support for this solution. 

We did not use another solution prior to this one. It was like the wild wild west. We set this up in our lab because the internal IT couldn't figure out what everybody was doing. They now have insight into who did what, which is important because we have a lot of intellectual property to protect.

The initial setup is straightforward for me, so when I work with our customers the setup is straightforward for them.

It is a basic, three-tier model that includes flow sensors, flow collectors, and the SMC (Stealthwatch Management Control). These are all named appropriately, so people can understand what is being talked about when they hear it.

After the installation is complete, it takes about a week for the machine learning component to learn your network.

We implement this solution for our customers.

This solution is expensive. Our fees are approximately $3,000 USD.

We did not evaluate other options before choosing this one.

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. 

The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.

Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.

This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.

I would rate this solution a seven out of ten.

Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.

Cisco Stealthwatch has improved our organization's analytics and threat protection capabilities by catching threats early on. We are still at the baselining stage, but I can also say that our organization improved dramatically when we found out that a host was constantly talking to an FTP server. It turned out to be an employee that was going to be terminated and he was trying to pull data from the FTP server constantly. He pulled three or four GBs and we caught it with this tool. It saved us a net fortune.

The solution has also increased our threat detection rate dramatically and that gives us time to remediate those threats.

The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all.

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. 

It is extremely stable. I haven't had a crash since installing it.

It is very scalable. You only have to purchase more licensing. As far as I understand, it can become as big as you want it to become and how many net flows you can afford.

The technical support is awesome. Anytime I call Cisco Tech, they call me back within thirty minutes or an hour with an answer to solve the problem. The guides that they have within the product itself are pretty self-explanatory. As long as you're willing to sit down and read it, you don't even need to call tech.

My superior asked what this host was doing within our network, what data he was pulling and why he had it on this PC. We couldn't answer to say that he wasn't pulling data from that server or what data he was in fact pulling. So we had to find a solution to answer those questions. We are a Cisco shop so we kind of just went for this solution.

The initial setup was straightforward. They explained the steps that they were going to do and they had it deployed within about two hours. It didn't take long and now we're just doing the baseline, which takes about three months.

Yes, we used Network Center and they were good.

I can foresee that this solution will save us an immense lot of work in the future. Instead of having 20 people looking at logs and sifting through logs, you could have one individual simply sifting through this. It will be a lot easier and less time-consuming.
So the time to value of this solution is great. For every person you're going to pay about $70 or $80,000 a year, you would now only have to pay one individual instead of 20.

This solution is a little expensive. Open-source is obviously a key to victory in some people's eyes but with open-source, you can't pay anybody. So it could be a little cheaper, but it has great functionality. 

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. 

We provide this solution to our customers to give them visibility into their network.

This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.

It has reduced our incident response time by around forty percent.

It saves time, money and administrative work for our customers.

The most valuable features provided by this solution are visibility and information.

The solution's analytics and threat detection capabilities are good. Network visibility is also really good. 

The encrypted traffic analytics work well, I don't see any problem with it.

The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.

It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

I would say that the stability of this solution could be better.

The scalability is okay.

Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.

Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.

The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.

I performed the deployment myself.

We did not evaluate other options before choosing this solution.

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.

Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.

It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.

I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.

It may have reduced the time to detect and remedy threats a little.

It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.

I'm sure Stealthwatch saves us time, money, and administrative work.

The ability to send data flow from other places and have them all in one place is very valuable for us.

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.

It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.

We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.

I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.

In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.

I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.

In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.

I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.