Cisco Stealthwatch alternatives and competitors

Awake Security was brought onboard to provide governance over the incident response process, which is a managed service. Challenges were identified, such as, no visibility and no network awareness of what's going on in the environment. Once the network visibility was solved, the decision to look at AI related tools was initiated. 

We will be using its features for compliance as well as threat detection, looking to partner with Awake Security to achieve these goals. Placing their solution in an enterprise financial vertical may allow thinking outside the box, providing additional value in the compliance space.

Right now, they are an on-prem visibility solution. However, we are a cloud-first company.  Awake Security provides the ability to pivot to the cloud and look at what's going on there.

Two compliance use cases: First, we have a new subnet within one of our CSPs, Awake Security will alert when an activity is observed. Second, a new virtual machine has been provisioned and the local endpoint protection is not phoning home. With the correct structured language in place, we will know if the new device has not been seen on the network for longer than five minutes and has not communicated with the update server.

Open communication with the MNDR service has driven down the number of false positives. The current average is five events a week, where four are actionable.

The direction we are heading is moving away from traditional alerts and focusing on entities that pose the highest risk to our environment. With the behind the scenes tuning, this lends to a clearer understanding of what this device does. Awake Security is constantly asking,  "What is the purpose of a device in the environment?" and, "I'll update the LSOP, and we'll get this tuned."

We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network.

Awake Labs managed network detection and response (MNDR) service is its most valuable feature. The Awake Security team find incidents that we didn't realize were happening in the environment. Due to our cloud-first approach and outsourcing to managed services, a Tor beacon was observed by the Awake Security team. Files were being uploaded from one of our MSPs. 

I am impressed with the solution’s EntityIQ, which is its AI-based security knowledge graph, in terms of its ability to identify and profile. We evaluated other vendors and were really poking at the AI. Not everyone does AI or machine learning the same way. Awake Security's model is unique in the way that they do their AI with their entities.

Awake Security markets themselves as a security shop, and that's what they are. However, compliance with our partnership can enhance its capabilities.  

Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better. For anyone searching to outsource a Level 1 or 2 incident response team, it would be prudent to look at Awake Labs. 

We purchased Awake Security a few months back. We made a good choice.

The stability has been rock-solid with no issues. It was sized properly.

The platform was recently upgraded. The upgrade went seamlessly. I have been working with the new interface and like it. 

There is enough overhead. When we start adding additional traffic, like our cloud landing zones, it will be not be a problem.

We will be increasing usage, and it will be geared more towards the compliance around our financial vertical.

Awake Security get high marks for their communications. We speak at least a few times weekly to ensure the system is tuned correctly. High incident tickets are usually accompanied by a phone call. A review of tickets is scheduled on a monthly basis. 

Our experience with the technical support has been great. The department manager receives an intelligence feed about new ransomware observed in the wild. We engage the Awake Security team and request a custom AML signature be written for detection. In one specific example, a request email was sent to Awake Security at 8:30 AM in the morning. By 10 AM, Awake Security's signature was in place. 

We are a start-up company, established within the last two years. We had a bake-off of three AI based network visibility tools, and Awake Security was our selection.

The initial setup was straightforward, not complex, from when the box arrived to when it was installed, 

We are planning to pivot to visibility in our cloud landing zones. That's where we will brainstorm or whiteboard stuff that says, "Here's what we can see," and then what we do is say, "Okay, if this happens, I want to know about it." Afterwards, we'll come back to the Awake Security guys, and say, "Here's the stuff that we want you to alert us on," which is really around the compliance stuff. For example, you're not supposed to egress out Azure's Internet. Everything has to come back to us. But we find people have configured it incorrectly and are sending traffic out to the public Internet through Azure's egress. Once we have network visibility up there, we will get alerted when that stuff happens, stating, "Outbound egress traffic has been seen. Here is the host and where it was going." We can then go back and either stop it or talk to the person who set it up.

I have worked with support from Awake Security, and it was straightforward. We already had architecture network visibility, IP addressing, and interface feeds that were provided beforehand by the Awake Security team. Awake Security shipped the devices with the configurations. We plugged them in, and they worked.

The current legacy service is strictly based off of logs. Incidents are being generated by the rules algorithms. With Awake Security, their approach is different due to the network context. Awake Security has allowed us to focus on other items, not just on incident response.

The pricing and licensing are competitive. 

Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model.

When we pivot to the cloud, in order to capture that data, the additional cost is minimal or non-existent. 

The original project driver was network visibility, as we didn't have any. We brought in Darktrace, Stealthwatch, and Awake Security for a bake-off. Awake Security filled the need for visibility by being augmented with the MNDR service. 

We found other tool interfaces more polished and more cosmetic in nature. Some folks like to look at that stuff, but you're missing the whole point of Awake Security if you look at it from that perspective.

Awake Security sold the MNDR service as part of their solution. So, the direction was: "Come back and tell me what your MNDR guys have found." They did find incidents our managed virtual SOC had not. There was overlap where the Awake Security team found events our current SOC did not. 

We also looked at Arctic Wolf. They're a managed service around incident response. We did an hour demo. It is a good product, but we are happy that we selected Awake Labs.

The Awake Security team does a good job with communication. With the encrypted traffic, you can't see inside the packet. Encrypted traffic was not a hindrance, since most traffic nowadays is encrypted. The Awake Security team does a good job of determining what's wrong, even though they don't have the full view of the content inside the packet.

Awake Security gets a solid nine (out of 10) based on our experience. That's based on their technology, professionalism, and communication. It was their MNDR service that set them apart when we were looking at other technologies.

We are using it for proof of concept purposes. We are using it to monitor all traffic on our network, and it is analyzing the traffic. We have 5,000 users. We are using the latest version.

It is very stable and easy to use.

Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside.

It should also have a better pricing plan because it is an expensive product.

I have been using this solution for a few weeks. 

It is very stable.

Currently, we are working with their pre-sales and technical teams. For POC, there is a dedicated team for us to ask and check what we want, and they have been good. I have not yet contacted their support. When we purchase the solution, we will be directly connected with the support team.

We were using Trend Micro's Deep Discovery Inspector.

It was done in less than half an hour.

We are a system integrator. For its deployment, one cybersecurity specialist would be enough.

It is a very expensive product.

I am comparing Darktrace with other products like Stealthwatch and Vectra, but for now, I find Darktrace as good.

We have been using it for a few weeks. As of now, we plan to keep using it. I would recommend this solution for big companies.

I would rate Darktrace a seven out of ten.

We are partners of Aruba as well as sellers and customers. My job in the company is IP network engineer. 

The roaming is a feature that works very well. In addition, the application control and firewall features are very good. These are all important features and make the product a valuable one. 

There are sometimes issues when it comes to the application control and firewall features. Occasionally we have issues when there are different access points with implementation and this could be improved if the technical support was better. 

I've been using this solution for almost three years. 

I haven't had any issues with the scalability. 

Technical support is unfortunately a little slow. When we need to troubleshoot, it's important to have efficient and reliable technical support. If I compare the technical support of Cisco and the technical support of Aruba, Cisco is better. 

I would rate this solution an eight out of 10.