We changed our name from IT Central Station: Here's why
Get our free report covering Darktrace, SolarWinds, Palo Alto Networks, and other competitors of Cisco Stealthwatch. Updated: January 2022.
563,208 professionals have used our research since 2012.

Read reviews of Cisco Stealthwatch alternatives and competitors

Dwayne Samson
Senior Analyst Security and Compliance at a insurance company with 5,001-10,000 employees
Real User
Top 5Leaderboard
Reduced the time my team focused on incident response and provided the visibility we were looking for
Pros and Cons
  • "We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network."
  • "Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."

What is our primary use case?

Awake Security was brought onboard to provide governance over the incident response process, which is a managed service. Challenges were identified, such as, no visibility and no network awareness of what's going on in the environment. Once the network visibility was solved, the decision to look at AI related tools was initiated. 

We will be using its features for compliance as well as threat detection, looking to partner with Awake Security to achieve these goals. Placing their solution in an enterprise financial vertical may allow thinking outside the box, providing additional value in the compliance space.

Right now, they are an on-prem visibility solution. However, we are a cloud-first company.  Awake Security provides the ability to pivot to the cloud and look at what's going on there.

Two compliance use cases: First, we have a new subnet within one of our CSPs, Awake Security will alert when an activity is observed. Second, a new virtual machine has been provisioned and the local endpoint protection is not phoning home. With the correct structured language in place, we will know if the new device has not been seen on the network for longer than five minutes and has not communicated with the update server.

How has it helped my organization?

Open communication with the MNDR service has driven down the number of false positives. The current average is five events a week, where four are actionable.

The direction we are heading is moving away from traditional alerts and focusing on entities that pose the highest risk to our environment. With the behind the scenes tuning, this lends to a clearer understanding of what this device does. Awake Security is constantly asking,  "What is the purpose of a device in the environment?" and, "I'll update the LSOP, and we'll get this tuned."

We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network.

What is most valuable?

Awake Labs managed network detection and response (MNDR) service is its most valuable feature. The Awake Security team find incidents that we didn't realize were happening in the environment. Due to our cloud-first approach and outsourcing to managed services, a Tor beacon was observed by the Awake Security team. Files were being uploaded from one of our MSPs. 

I am impressed with the solution’s EntityIQ, which is its AI-based security knowledge graph, in terms of its ability to identify and profile. We evaluated other vendors and were really poking at the AI. Not everyone does AI or machine learning the same way. Awake Security's model is unique in the way that they do their AI with their entities.

What needs improvement?

Awake Security markets themselves as a security shop, and that's what they are. However, compliance with our partnership can enhance its capabilities.  

Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better. For anyone searching to outsource a Level 1 or 2 incident response team, it would be prudent to look at Awake Labs. 

For how long have I used the solution?

We purchased Awake Security a few months back. We made a good choice.

What do I think about the stability of the solution?

The stability has been rock-solid with no issues. It was sized properly.

The platform was recently upgraded. The upgrade went seamlessly. I have been working with the new interface and like it. 

What do I think about the scalability of the solution?

There is enough overhead. When we start adding additional traffic, like our cloud landing zones, it will be not be a problem.

We will be increasing usage, and it will be geared more towards the compliance around our financial vertical.

How are customer service and technical support?

Awake Security get high marks for their communications. We speak at least a few times weekly to ensure the system is tuned correctly. High incident tickets are usually accompanied by a phone call. A review of tickets is scheduled on a monthly basis. 

Our experience with the technical support has been great. The department manager receives an intelligence feed about new ransomware observed in the wild. We engage the Awake Security team and request a custom AML signature be written for detection. In one specific example, a request email was sent to Awake Security at 8:30 AM in the morning. By 10 AM, Awake Security's signature was in place. 

Which solution did I use previously and why did I switch?

We are a start-up company, established within the last two years. We had a bake-off of three AI based network visibility tools, and Awake Security was our selection.

How was the initial setup?

The initial setup was straightforward, not complex, from when the box arrived to when it was installed, 

We are planning to pivot to visibility in our cloud landing zones. That's where we will brainstorm or whiteboard stuff that says, "Here's what we can see," and then what we do is say, "Okay, if this happens, I want to know about it." Afterwards, we'll come back to the Awake Security guys, and say, "Here's the stuff that we want you to alert us on," which is really around the compliance stuff. For example, you're not supposed to egress out Azure's Internet. Everything has to come back to us. But we find people have configured it incorrectly and are sending traffic out to the public Internet through Azure's egress. Once we have network visibility up there, we will get alerted when that stuff happens, stating, "Outbound egress traffic has been seen. Here is the host and where it was going." We can then go back and either stop it or talk to the person who set it up.

What about the implementation team?

I have worked with support from Awake Security, and it was straightforward. We already had architecture network visibility, IP addressing, and interface feeds that were provided beforehand by the Awake Security team. Awake Security shipped the devices with the configurations. We plugged them in, and they worked.

What was our ROI?

The current legacy service is strictly based off of logs. Incidents are being generated by the rules algorithms. With Awake Security, their approach is different due to the network context. Awake Security has allowed us to focus on other items, not just on incident response.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are competitive. 

Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model.

When we pivot to the cloud, in order to capture that data, the additional cost is minimal or non-existent. 

Which other solutions did I evaluate?

The original project driver was network visibility, as we didn't have any. We brought in Darktrace, Stealthwatch, and Awake Security for a bake-off. Awake Security filled the need for visibility by being augmented with the MNDR service. 

We found other tool interfaces more polished and more cosmetic in nature. Some folks like to look at that stuff, but you're missing the whole point of Awake Security if you look at it from that perspective.

Awake Security sold the MNDR service as part of their solution. So, the direction was: "Come back and tell me what your MNDR guys have found." They did find incidents our managed virtual SOC had not. There was overlap where the Awake Security team found events our current SOC did not. 

We also looked at Arctic Wolf. They're a managed service around incident response. We did an hour demo. It is a good product, but we are happy that we selected Awake Labs.

What other advice do I have?

The Awake Security team does a good job with communication. With the encrypted traffic, you can't see inside the packet. Encrypted traffic was not a hindrance, since most traffic nowadays is encrypted. The Awake Security team does a good job of determining what's wrong, even though they don't have the full view of the content inside the packet.

Awake Security gets a solid nine (out of 10) based on our experience. That's based on their technology, professionalism, and communication. It was their MNDR service that set them apart when we were looking at other technologies.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Networking & Security Specialist at a tech services company with 51-200 employees
Real User
Top 5
Very stable and easy to use, but needs better threat analyzer and pricing and an option to monitor agents
Pros and Cons
  • "It is very stable and easy to use."
  • "Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."

What is our primary use case?

We are using it for proof of concept purposes. We are using it to monitor all traffic on our network, and it is analyzing the traffic. We have 5,000 users. We are using the latest version.

What is most valuable?

It is very stable and easy to use.

What needs improvement?

Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside.

It should also have a better pricing plan because it is an expensive product.

For how long have I used the solution?

I have been using this solution for a few weeks. 

What do I think about the stability of the solution?

It is very stable.

How are customer service and technical support?

Currently, we are working with their pre-sales and technical teams. For POC, there is a dedicated team for us to ask and check what we want, and they have been good. I have not yet contacted their support. When we purchase the solution, we will be directly connected with the support team.

Which solution did I use previously and why did I switch?

We were using Trend Micro's Deep Discovery Inspector.

How was the initial setup?

It was done in less than half an hour.

What about the implementation team?

We are a system integrator. For its deployment, one cybersecurity specialist would be enough.

What's my experience with pricing, setup cost, and licensing?

It is a very expensive product.

Which other solutions did I evaluate?

I am comparing Darktrace with other products like Stealthwatch and Vectra, but for now, I find Darktrace as good.

What other advice do I have?

We have been using it for a few weeks. As of now, we plan to keep using it. I would recommend this solution for big companies.

I would rate Darktrace a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
IP Network Engineer at a comms service provider with 1,001-5,000 employees
Reseller
Top 20
Key features are roaming, application control and the firewall

What is our primary use case?

We are partners of Aruba as well as sellers and customers. My job in the company is IP network engineer. 

What is most valuable?

The roaming is a feature that works very well. In addition, the application control and firewall features are very good. These are all important features and make the product a valuable one. 

What needs improvement?

There are sometimes issues when it comes to the application control and firewall features. Occasionally we have issues when there are different access points with implementation and this could be improved if the technical support was better. 

For how long have I used the solution?

I've been using this solution for almost three years. 

What do I think about the scalability of the solution?

I haven't had…

What is our primary use case?

We are partners of Aruba as well as sellers and customers. My job in the company is IP network engineer. 

What is most valuable?

The roaming is a feature that works very well. In addition, the application control and firewall features are very good. These are all important features and make the product a valuable one. 

What needs improvement?

There are sometimes issues when it comes to the application control and firewall features. Occasionally we have issues when there are different access points with implementation and this could be improved if the technical support was better. 

For how long have I used the solution?

I've been using this solution for almost three years. 

What do I think about the scalability of the solution?

I haven't had any issues with the scalability. 

How are customer service and technical support?

Technical support is unfortunately a little slow. When we need to troubleshoot, it's important to have efficient and reliable technical support. If I compare the technical support of Cisco and the technical support of Aruba, Cisco is better. 

What other advice do I have?

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: partner/reseller
Get our free report covering Darktrace, SolarWinds, Palo Alto Networks, and other competitors of Cisco Stealthwatch. Updated: January 2022.
563,208 professionals have used our research since 2012.