No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Secure Network Analytics vs Packetbeat comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Secure Network Analytics
Ranking in Network Monitoring Software
32nd
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
63
Ranking in other categories
Network Traffic Analysis (NTA) (4th), Network Detection and Response (NDR) (6th), Cisco Security Portfolio (6th)
Packetbeat
Ranking in Network Monitoring Software
62nd
Average Rating
8.0
Reviews Sentiment
2.5
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Network Monitoring Software category, the mindshare of Cisco Secure Network Analytics is 0.9%, down from 1.2% compared to the previous year. The mindshare of Packetbeat is 0.3%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Monitoring Software Mindshare Distribution
ProductMindshare (%)
Cisco Secure Network Analytics0.9%
Packetbeat0.3%
Other98.8%
Network Monitoring Software
 

Featured Reviews

Akash Das Barman - PeerSpot reviewer
Cyber Security Trainee at DataSpace Academy
Network analytics has reduced investigation time and provides deeper visibility into lateral movement
Several features often look very promising during evaluation or implementation but end up being used only lightly in day-to-day operations. Advanced reporting and scheduled compliance reports look very attractive for audit and compliance teams at implementation time and can generate structured reports for visibility, risk posture, and traffic summaries. In practice, many teams do not rely on it heavily because SIEM tools or GRC platforms already handle reporting better. Built-in threat intelligence feeds represent another area where expectations do not always match usage. The platform includes threat intelligence-based detection and classifications. Initially, teams expect to depend on this heavily, but later SOC teams often prefer their own threat intelligence feeds or correlate intelligence inside SIEM instead. The built-in feeds are used but not as a primary detection source. Automated incident summaries and guided investigation views are designed to simplify triage by automatically grouping related activity into incidents. However, teams often move away from them due to various factors affecting adoption.
Mohammed-Abdelalim - PeerSpot reviewer
Assistant Vice President at QualityKiosk Technologies Pvt. Ltd.
Network analytics have delivered lightweight, integrated visibility for search, observability, and security
Packetbeat analyzes specific protocols and is not suitable for full capture of all network traffic and network flows. I recall that Packetbeat can cover a limited number of protocols including ICMP, but not as deeply as other solutions. It covers NetFlows and these types of flows, but not at the level of a deep packet capture that you can find in the market where it taps every single packet in the network. Packetbeat is more about bringing statistics about the packets, but it doesn't capture these packets. The development intention of Packetbeat appears to be to provide a window for application monitoring and performance analytics, and for that purpose, it is doing sufficiently well. However, if the vendor has another goal to build a similar network monitoring solution that exists in the market, which is outside of Elastic's business nature, Packetbeat is a sensor that needs to be improved to the level of deep packet capture where it loses no packets in the network. That improvement would take Elastic to another level.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
"The solution reduces the amount of time it takes to detect and remediate threats."
"There's nothing like it and a dream to operate, very intuitive."
"I believe this solution has reduced our incident response time."
"If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
"Another notable feature of Cisco Secure Network Analytics is its Layer 7 visibility, which allows us to monitor and analyze network communications at the application layer."
"Most valuable features are the network maps and server and network response time."
"Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it."
"The beauty of Packetbeat is that it is easy, free, and lightweight, while other solutions are expensive and will accumulate a huge amount of data."
"Elastic's scalability, in terms of cluster robustness, is definitely the most valuable feature."
 

Cons

"The expensive nature of the tool is an area of concern where improvements are required."
"Better integration between Cisco Secure Network Analytics and Cisco Secure Workload would be beneficial."
"The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices."
"We had some trouble with the installation as we migrated from our previous solution."
"One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints."
"We've had problems with element licensing costs so scalability is a concern."
"This is an expensive solution and the license is expensive."
"It is time-consuming to set it up and understand how the tool works."
"The scalability of the agent itself could be improved."
"Packetbeat analyzes specific protocols and is not suitable for full capture of all network traffic and network flows."
 

Pricing and Cost Advice

"On a yearly basis, licensing is somewhere around $30,000."
"It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want."
"Licensing is done by flows per second, not including outside>in traffic."
"This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
"Pricing is much higher compared to other solutions."
"One of the things which bugs me about Lancope is the licensing. We understand how licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. Somewhere within the purchase and distribution, licensing got mixed up. That is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of our equipment to them. To date, they have never been able to fix it."
"Today, we are part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that."
"The solution is expensive. It costs several hundred thousand dollars per year (depending on how many flows you are collecting)."
Information not available
report
Use our free recommendation engine to learn which Network Monitoring Software solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Manufacturing Company
10%
Construction Company
8%
Government
8%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise7
Large Enterprise52
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cisco Stealthwatch?
Regarding cost, for the Bangladesh context, Cisco Secure Network Analytics is a little bit high-priced because we are a developing country, making it tough to manage affordable solutions. However, ...
What needs improvement with Cisco Stealthwatch?
Several features often look very promising during evaluation or implementation but end up being used only lightly in day-to-day operations. Advanced reporting and scheduled compliance reports look ...
What is your primary use case for Cisco Stealthwatch?
My main use case for Cisco Secure Network Analytics has been network visibility and anomaly-based threat detection within the enterprise environment. In security operations and VAPT-related activit...
What is your experience regarding pricing and costs for Packetbeat?
Elastic is pretty cheap for large enterprises but unaffordable for small ones.
What needs improvement with Packetbeat?
Packetbeat analyzes specific protocols and is not suitable for full capture of all network traffic and network flows. I recall that Packetbeat can cover a limited number of protocols including ICMP...
What is your primary use case for Packetbeat?
I have dealt with all of them: Elasticsearch, Kibana, Logstash, Beats, Elastic Agent, and Fleet, because I need to use all of them to achieve a solution for customers. These solutions are typically...
 

Also Known As

Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch
No data available
 

Overview

 

Sample Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
Information Not Available
Find out what your peers are saying about Cisco Secure Network Analytics vs. Packetbeat and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.