Cisco Secure Network Analytics Reviews

Our primary use for this solution is to help protect against threats on our network.

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

There are no stability issues with the product.

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

We pay for support costs on a yearly basis.

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.

Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.

It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.

I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.

It may have reduced the time to detect and remedy threats a little.

It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.

I'm sure Stealthwatch saves us time, money, and administrative work.

The ability to send data flow from other places and have them all in one place is very valuable for us.

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.

It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.

We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.

I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.

In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.

I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.

In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.

I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

Our primary use is to monitor our network, especially our remote branches.

Stealthwatch has decreased our troubleshooting steps and also cut down on the amount of time it takes us to resolve an issue.

We're able to map out our environment using Stealthwatch and we can see where our data is going, throughout our network.

Stealthwatch reduced our incident response rate, as well as the amount of time it takes to detect and remediate threats by about 25%.

This solution saves us time, money, and administrative work.

The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems.

In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing.

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.

The solution's very stable. Even through the upgrades after Cisco's acquisition, it has proved to be very stable.

It scales very well.

We haven't had to use it much. When we have, it's been similar to most Cisco technical support, which is very knowledgeable and helpful.

We previously used SolarWinds. The version of SolarWinds that we were using didn't give us the visibility that we needed, so we switched to Stealthwatch.

The initial setup was straightforward.

We have seen a return on investment, from the fact that we now take less time to resolve an issue because we have Stealthwatch. We can capture some data in real time, or we can actually go back in the history base if we have to, to see where the issues may have started, and we also have baselines.

Their time to value is very good. We've upgraded and we just relicensed, so this is definitely a product that we use.

The yearly licensing cost is about $50,000.

We evaluated SolarWinds, WhatsUp Gold, and a couple of others that I can't think of right now.

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.

I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

Our main reason for using Stealthwatch is it gives us visibility.

Stability is the most valuable feature we have seen in this solution.

Stealthwatch needs improvement when it comes to speed.

The solution's stability is good.

I think this solution is okay with scale.

I think their technical support is great.

The initial setup was straightforward.

Time to value is very good for Stealthwatch.

I would rate Stealthwatch as an eight or nine out of ten.

Our primary use case for Cisco Stealthwatch is to ensure net flow.

Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization. 

The most valuable feature of this solution is that it give us insight into what's happening in our network. 

I don't really think we really save time while using this solution.

Cisco Stealthwatch is quite stable.

It all depends on the platform you are using, but I think it is pretty scalable.

The configuration of the solution was quite complex so I won't say that it is straightforward to set everything up.

We used a vendor, Cisco, for implementation. 

I believe ROI will take around a year.

We also look at Red Hat.

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

I never had to use technical support before.

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

We haven't seen ROI.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.

Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen. 

I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now. 

The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.

We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.

The solution is very stable and we haven't had any crashes yet.

Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.

I do know we have used the support before and it was good enough to get our problems fixed.

We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.

The initial setup was pretty straightforward and sufficient. It's good.

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. 

Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

This solution is very stable.

We're kind of immature, right now, in our implementation, but I see it growing.

We have not used technical support at this point.

We were archaic in terms of reporting.

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

We handled the deployment in-house.

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

The pricing for this solution is good.

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.