IT Central Station is now PeerSpot: Here's why

Cisco Sourcefire SNORT vs Cisco Stealthwatch comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Buyer's Guide
Cisco Sourcefire SNORT vs. Cisco Stealthwatch
January 2020
Find out what your peers are saying about Cisco Sourcefire SNORT vs. Cisco Stealthwatch and other solutions. Updated: January 2020.
610,336 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Cisco Sourcefire SNORT is easy to configure and the reporting is great. It's also very user-friendly.""The solution is rather easy to use.""It is quite an intelligent product."

More Cisco Sourcefire SNORT Pros →

"It has definitely helped us improve our mean time to resolution on network issues.""Great network monitoring, looking at anomaly detection and evaluation.""If you are using Darktrace or NAC solutions you can integrate Stealthwatch.""From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it.""Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.""It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal.""StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.""We find that Stealthwatch can detect the unseen."

More Cisco Stealthwatch Pros →

Cons
"The implementation could be a bit easier.""I did not experience any pain points that required improvement. Maybe a couple of false-positives, but that's about it.""While the alerts they offer are good, it could improve it in the sense that they should be more detailed to make the alerts more useful to us in general. Sometimes the solution will offer up false positives. Due to the fact that the alerts aren't detailed, we have to go dig around to see why is it being blocked. The solution would be infinitely better if there was just a bit more detail in the alert information and logging we receive."

More Cisco Sourcefire SNORT Cons →

"There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.""It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.""It's not great as a standalone solution.""Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.""Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.""We would like the solution to make more advances in the way that Extreme Networks has been doing.""The visualization could be improved, the GUI is not the best.""We determined that Stealthwatch wouldn't provide the machine learning model that we required."

More Cisco Stealthwatch Cons →

Pricing and Cost Advice
Information Not Available
  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
  • "It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want."
  • "There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive"
  • More Cisco Stealthwatch Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
    610,336 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Top Answer:StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect… more »
    Top Answer:We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs.
    Top Answer:There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch… more »
    Ranking
    Views
    3,624
    Comparisons
    2,758
    Reviews
    3
    Average Words per Review
    645
    Rating
    7.7
    Views
    21,953
    Comparisons
    16,326
    Reviews
    10
    Average Words per Review
    585
    Rating
    8.2
    Comparisons
    Also Known As
    Sourcefire SNORT
    Cisco Stealthwatch Enterprise, Lancope StealthWatch
    Learn More
    Overview

    Snort is an open-source, rule-based, intrusion detection and prevention system. It combines the benefits of signature-, protocol-, and anomaly-based inspection methods to deliver flexible protection from malware attacks. Snort gained notoriety for being able to accurately detect threats at high speeds.

    Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

    Offer
    Learn more about Cisco Sourcefire SNORT
    Learn more about Cisco Stealthwatch
    Sample Customers
    CareCore, City of Biel, Dimension Data, LightEdge, Lone Star College System, National Rugby League, Port Aventura, Smart City Networks, Telecom Italia, The Department of Education in Western Australia
    Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
    Top Industries
    VISITORS READING REVIEWS
    Comms Service Provider31%
    Computer Software Company19%
    Government10%
    Financial Services Firm6%
    REVIEWERS
    Healthcare Company22%
    Financial Services Firm17%
    Manufacturing Company7%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Comms Service Provider32%
    Computer Software Company19%
    Government7%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise33%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise16%
    Large Enterprise64%
    REVIEWERS
    Small Business13%
    Midsize Enterprise10%
    Large Enterprise77%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    Buyer's Guide
    Cisco Sourcefire SNORT vs. Cisco Stealthwatch
    January 2020
    Find out what your peers are saying about Cisco Sourcefire SNORT vs. Cisco Stealthwatch and other solutions. Updated: January 2020.
    610,336 professionals have used our research since 2012.

    Cisco Sourcefire SNORT is ranked 14th in Intrusion Detection and Prevention Software (IDPS) with 3 reviews while Cisco Stealthwatch is ranked 4th in Network Traffic Analysis (NTA) with 10 reviews. Cisco Sourcefire SNORT is rated 7.6, while Cisco Stealthwatch is rated 8.2. The top reviewer of Cisco Sourcefire SNORT writes "Intelligent with good threat detection capabilities but could be easier to implement". On the other hand, the top reviewer of Cisco Stealthwatch writes "Provides valuable security knowledge and helps us improve network performance". Cisco Sourcefire SNORT is most compared with Check Point IPS, Palo Alto Networks Threat Prevention, Fortinet FortiGate IPS, Cisco NGIPS and Darktrace, whereas Cisco Stealthwatch is most compared with Darktrace, SolarWinds NetFlow Traffic Analyzer, ThousandEyes, Palo Alto Networks Threat Prevention and Vectra AI. See our Cisco Sourcefire SNORT vs. Cisco Stealthwatch report.

    We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.