Cisco Secure Network Analytics Room for Improvement

JT
Development Manager at a healthcare company with 10,001+ employees

I would like to see interoperability with other Cisco products because we have ThousandEyes, Cisco Prime, and others. The interaction among these is important to us.

View full review »
DB
Assistant Director of IT at University of Rochester Medical Center

The initial setup is complex, as there is a lot to configure.

View full review »
Richard Payne - PeerSpot reviewer
Senior Cyber Scientist at a government with 10,001+ employees

The customizability of the UI should improve. With Splunk and other SIEM tools, you have the ability to create custom dashboards and manipulate the data in a way that works for you. Cisco gives you some creative ability, but you are very much locked into their train of thought. It would be helpful if they went more down the Splunk and Elastic route.

We found flaws in Stealthwatch, but thankfully it has the ability to interconnect with Splunk and other such tools. This enabled us to plug the information over where it falls flat and then start working on other platforms. The solution falls down but tries to make up for it.

I would also like to have greater insight into how it works under the hood. I appreciate that that might not be possible due to commercial confidentiality. However, having that greater insight would allow us to covey a level of trust to the people who use it. 

View full review »
Buyer's Guide
Network Monitoring Software
March 2024
Find out what your peers are saying about Cisco, SolarWinds, NETSCOUT and others in Network Monitoring Software. Updated: March 2024.
765,234 professionals have used our research since 2012.
Rainier S. - PeerSpot reviewer
Head of Integration Engineering / Enterprise Technology & Innovation at a healthcare company with 10,001+ employees

In the last year or two, we have been working with our Cisco NAS engineers to improve our security posturing. It is more our being proactive rather than reactive. While Stealthwatch and Lancope have this ability to look inside and give you visibility (a great feature), follow-up is the rule. We would like filters that you can put into place to tap onto certain types of behaviors, alerts out, and/or hopefully a block. This is sort of what we are looking for. 

I might be speaking too early, because we are not down this path yet. We know the feature set is there, we just do not know yet how to achieve it. That is proactive rather than more reactive.

For Lancope Stealthwatch, we would like to see it more on the ASA Firewall platform. While this might already be available, this is more a failing of Cisco to inform us if it is there. For example:

  • Are we on the right or wrong version of the code? 
  • What does the code look like? 
  • Are we are really looking at firewalls? Or is it more about the foundation and route switches that we are seeing?

It is about visibility.

View full review »
RH
Network Operations Manager at Philips Electronics

Complexity on integration is not so straightforward and you really need an expert to help build it out.

View full review »
JT
Former Employee of Orange Business Services as Head of Security Engineering at a comms service provider with 5,001-10,000 employees

The solution's cost could be better. Also, its granularity for RBAC roles-based access control needs improvement.

View full review »
Gerald Jimenez - PeerSpot reviewer
IT Operations Supervisor at Aboitiz Equity Ventures, Inc.

There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

View full review »
TB
Senior Director of Architecture and Engineering at Trace3

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.

Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.

View full review »
JS
Manager at Indiana University Health

I would like to see some improvement when it comes to reporting.

View full review »
SK
Senior Operations Consultant at NNIT

There is room for improvement in mitigation and reporting, and better integration between Cisco Secure Network Analytics and Cisco Secure Workload would be beneficial.

View full review »
AA
Director Network Services at a consultancy with 1,001-5,000 employees

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

View full review »
BS
Director of Network and Telecom Services at a healthcare company with 10,001+ employees

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

View full review »
JD
Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

View full review »
AK
Sales director at Future Point Technologies

Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk. However, with Cisco's recent acquisition of Splunk, it seems this gap will be addressed. If this integration happens quickly, it could complete the circle, making the platform more robust and offering a comprehensive solution for our network security.

View full review »
EF
Network Manager at a financial services firm with 1,001-5,000 employees

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.

View full review »
ML
Airway Transportation Service Specialist at Federal Aviation Administration

We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.

ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.

In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.

A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.

View full review »
AR
Technical Consultant at a tech services company with 501-1,000 employees

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.

Eliminating Java from the SMC would improve this solution.

It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.

View full review »
AM
Senior Consultant at a manufacturing company with 10,001+ employees

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

View full review »
RU
Network Architect at Henry Ford health system

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

View full review »
ER
Forensic Analyst at a pharma/biotech company with 1,001-5,000 employees

I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.

If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.

View full review »
JC
Chief Technology Officer at a tech services company with 51-200 employees

The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

View full review »
UN
Director of Operations at a manufacturing company with 1,001-5,000 employees

It is time-consuming to set it up and understand how the tool works.

View full review »
FK
Architect at Atea A/S

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

View full review »
MG
Network Operations Manager at a tech company with 10,001+ employees

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

View full review »
KP
Security Analysist at Amwins Group

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

View full review »
JC
Lead Network Engineer at a retailer with 1,001-5,000 employees

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.

View full review »
WR
Network Engineer at a government with 1,001-5,000 employees

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. 

I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. 

We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.

View full review »
VS
Network and Security with 10,001+ employees

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

View full review »
JS
Network Engineer at Oracle Corporation

We had some trouble with the installation as we migrated from our previous solution.

View full review »
BG
Manager of Digital Communications at Memorial Hermann Healthcare System

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.

View full review »
JM
Sr Network Engineer at a insurance company with 5,001-10,000 employees

They should include Citrix VDIs in the next release.

View full review »
SD
Network Manager at a healthcare company with 1,001-5,000 employees

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.

View full review »
JQ
Network Manager Administrator at a financial services firm with 501-1,000 employees

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

View full review »
MM
PMO Department at a comms service provider with 1,001-5,000 employees

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

View full review »
DK
Network Engineer at UC San Diego Health System

We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.

View full review »
JW
Network Administrator at a mining and metals company with 1,001-5,000 employees

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. 

View full review »
AM
Associate Director Network Services at a pharma/biotech company with 10,001+ employees

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

View full review »
MP
Senior Security Engineer at a tech services company with 501-1,000 employees

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

View full review »
it_user735195 - PeerSpot reviewer
Senior Information Security Engineer at a transportation company with 10,001+ employees

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

View full review »
SA
Network Section Chief at a government with 1,001-5,000 employees

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

View full review »
ML
National Offering Lead - Security Practice at a computer software company with 501-1,000 employees

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

View full review »
RG
Infosec Manager at a energy/utilities company with 1,001-5,000 employees

Stealthwatch needs improvement when it comes to speed.

View full review »
LW
Network Engineer at a tech services company

Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.

View full review »
SL
Network Administrator at a retailer with 1,001-5,000 employees

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

View full review »
it_user631224 - PeerSpot reviewer
Information Security Analyst at a non-profit with 1,001-5,000 employees

We need to be able to filter out internal IPs as non-threats.

View full review »
RH
Sr. Network Engineer at a tech services company with 10,001+ employees

I don't really think we really save time while using this solution.

View full review »
it_user983178 - PeerSpot reviewer
PIC for Cyber Security at a university with 51-200 employees

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.

View full review »
JH
Chief Consultant at a tech services company with 11-50 employees

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

View full review »
it_user735216 - PeerSpot reviewer
Highly motivated Security Engineer incident Response, Vuln Mgmt, Malware Analysis, IDS/IPS, DLP, Network Security +more at a transportation company with 10,001+ employees

I am so familiar with the product I would say none. Lancope has always listened to customer input for product enhancements. One update I would like to see is an agent-based client. Currently StealthWatch is network based. A local agent could help manage endpoints.

View full review »
it_user1107381 - PeerSpot reviewer
Senior Security Consultant at a tech services company with 51-200 employees

Cisco could improve the administration for the customers.

View full review »
JB
Ingenieria at a tech services company with 11-50 employees

We don't really see any limitations on the product. Overall, it's been good.

We would like the solution to make more advances in the way that Extreme Networks has been doing.

View full review »
Buyer's Guide
Network Monitoring Software
March 2024
Find out what your peers are saying about Cisco, SolarWinds, NETSCOUT and others in Network Monitoring Software. Updated: March 2024.
765,234 professionals have used our research since 2012.