Cisco Secure Network Analytics Reviews

The Cisco IOS is very important because that is what we have to teach our students.

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.

It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.

I think in order to master the network security issues it's complex. The deployment took a week or so.

I think that maybe we need more products for our students to try and to master. It's part of their learning.

I would rate this solution as nine or ten out of ten.

Our primary use case for this solution is security.

We are currently adding test cases for the solution and it is not yet in a live production environment.

The most valuable feature is integration.

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

This solution seems to be stable.

This is a cloud-based solution, so it is very scalable.

We have not used technical support.

We did not use another solution prior to this one.

The initial setup for this solution is complex, at least in the beginning.

It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.

We are still in beta testing.

Because we are still testing, we do not yet know what our licensing fees will be.

We did not evaluate other options.

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

This is a security solution for us and our customers. We use it for port monitoring aggregation and doing captures.

We had some trouble with the installation as we migrated from our previous solution.

It has been pretty stable since we deployed it, and everything seems to be working fine.

That scalability seems to be ok, although we did have some concerns. Potentially, we are going to be looking at 100-gigabit links, and the version of the solution that we deployed does not support that. That is a long-term concern, rather than an immediate one.

We had some technical questions when we were doing the initial deployment, and they were very good in helping us with that.

Prior to this solution, we used an ad-hoc, internal system. We knew that it had to be replaced because it was not passing the audit as per our set standards. Ultimately, that drove us to look for a more standardized solution.

The initial setup for this solution was fairly complex. This was, in part, because of where we placed it in our network and the removal of our old system. It involved mapping it from the old to new so that it will be able to maintain the same functionality in our network.

We used an integrator to assist with the implementation.

Cisco is our biggest primary vendor, so it was an easy go-to for this solution.

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.

This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.

I would rate this solution an eight out of ten.

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.

We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.

The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

Stability is what we're looking for in production. Stability is everything.

The stability of the solution seems fine. It hasn't crashed yet.

Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.

For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.

The customer service has been fine, normal. It meets our expectations.

We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.

We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.

We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early. 

There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

We haven't had any stability issues so far, but we have only been running it for half a year.

The scalability is good, seen from a license perspective, as well.

We haven't really used the technical support yet, but in general, they are good.

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

We deployed it ourselves.

I don't think we have saved money, to be honest. But you cannot measure security and money.

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

Stealthwatch is primarily a network monitoring tool.

Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.

Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.

This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.

Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.

Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.

We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.

It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

Stability is really good. I don't think we ever had an issue with it.

The initial setup was straightforward. It wasn't difficult.

I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

We use Stealthwatch to identify any risk or vulnerabilities in the environment.

Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.

The cognitive analytics really helps us analyze the traffic.

The most valuable feature is its alerts and dashboard.

The solution's analytics and threat detection capabilities are also pretty reasonable.

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.

Their technical support is very good.

The initial setup was complex. Sensor and controller installation was especially complex.

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

We use Cisco Stealthwatch for security and network analytics. The solution saves you time, money, and administrative work. If we have the device support, it means that I don't have to send someone in a car to go to be local on the site and look at whatever the issue is.

Our limitation is that Cisco Stealthwatch doesn't have visibility over everything. When we can use it, it gives us direct information. We use this information not only for analyzing security threats but as well as just for general network performance in the places it has view of.  

The solution affected network visibility in our organization fairly well. Without it, I have almost no visibility. It requires me to send people to different sites to manually get captured or to look at the network.

The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.

The analytics and threat detection capabilities of Cisco Stealthwatch are pretty good. It gives us good visibility of the information. It is easy to use and to the point.

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.

I've never known it to go down or have availability issues.

Cisco Stealthwatch is scalable with money. It's expensive.

I haven't dealt with Cisco customer service directly.

The initial setup was before I was at the company. It was over six years ago.

We used an integrated reseller for the deployment called Set Solutions. Our experience with them was pretty good.

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.

The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.

It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.

Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.