Cisco Secure Network Analytics vs Darktrace comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Aug 25, 2022

We performed a comparison between Cisco Stealthwatch and Darktrace based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions say the deployment is easy.
  • Features: Users of both solutions are happy with the products’ stability and scalability.

    Cisco Stealthwatch users say the solution has good security, a lot of add-on features, good performance, and great network monitoring. Users mention that the interface could be improved and that it would be good to have better integration capabilities.

    Darktrace users like the solution’s AI feature and that it is easy to use and has a great interface. They would like to see some endpoint protection for remote workers and more accurate alerts.
  • Pricing: Cisco Stealthwatch users express mixed reviews on the solution’s pricing. Darktrace users consider the solution to be expensive.
  • Service and Support: Users of both solutions find the technical support to be good.

Comparison Results: The two solutions are very comparable. However, their features slightly differ, and each has its own strengths and weaknesses.

To learn more, read our detailed Cisco Secure Network Analytics vs. Darktrace Report (Updated: March 2024).
763,955 professionals have used our research since 2012.
Q&A Highlights
Question: I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
Answer: I that feel there are two old problems still there in the market: 1-Vendors don't talk to each other. 2-Whoever is focusing on endpoint is missing the network and human side and the opposite is also true. I love, for example, what Darktrace is doing in the network side and the playback option to know what happened in my network during a long holiday, for example, things will never be caught by a second-generation AV but I need to have a solid 2nd gen. AV besides the total high cost of Darktrace which by the way is worth it for IT pros but not for business owners. We need to have something like virus total but for risks and threats beyond viruses where all vendors work on this and all endpoint customers with different vendors connect to it to be secured.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable features provided by this solution are visibility and information.""We find that Stealthwatch can detect the unseen.""The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from Netflow-enabled devices to provide a context for network utilization.""Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before.""The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.""The most valuable features of this solution are its reporting and mitigation capabilities.""The most valuable feature is integration.""Stability is the most valuable feature we have seen in this solution."

More Cisco Secure Network Analytics Pros →

"Provides great network protection.""The AI-based pattern is the most valuable feature.""Ability to see events and exactly what traffic or website the device had tried to connect to that raised the alert or issue.""The NDR is good in their solution and they have NTG for email.""We have found the product to be stable and issue-free.""It is a stable solution without downtime.""It is very stable and easy to use.""The solution is outstanding from a monitoring perspective."

More Darktrace Pros →

Cons
"Complexity on integration is not so straightforward and you really need an expert to help build it out.""Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it.""Many of these tools require extensive on-premises hardware to run.""Stealthwatch needs improvement when it comes to speed.""The visualization could be improved, the GUI is not the best.""Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.""It would be better to let people know, up front, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed.""We would like the solution to make more advances in the way that Extreme Networks has been doing."

More Cisco Secure Network Analytics Cons →

"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.""I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there.""The initial setup is more complex and time-consuming than some solutions.""The pricing model is a little too high and could be more flexible.""I would like to see some additional enhancements.""Darktrace could improve by being more user-friendly.""Getting logs from different sources can be a challenge.""The interface and dashboards could be improved for ease-of-use."

More Darktrace Cons →

Pricing and Cost Advice
  • "It is worth the cost."
  • "Licensing is done by flows per second, not including outside>in traffic."
  • "Pricing is much higher compared to other solutions."
  • "​Licensing is done by flows per second, not including outside (in traffic)."
  • "Today, we are part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that."
  • "NetFlow is very expensive."
  • "One of the things which bugs me about Lancope is the licensing. We understand how licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. Somewhere within the purchase and distribution, licensing got mixed up. That is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of our equipment to them. To date, they have never been able to fix it."
  • "The licensing costs are outrageous."
  • More Cisco Secure Network Analytics Pricing and Cost Advice →

  • "It is inexpensive considering what it can do and the competition."
  • "The pricing is a little high compared to the competition."
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."
  • More Darktrace Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    763,955 professionals have used our research since 2012.
    Answers from the Community
    Cara Wolf
    C.J. Oosthuizen - PeerSpot reviewerC.J. Oosthuizen
    Reseller

    CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.

    reviewer973458 - PeerSpot reviewerreviewer973458 (CEO & Founder at a tech services company with 1-10 employees)
    Real User

    Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.

    Jürgen Weiss - PeerSpot reviewerJürgen Weiss
    User

    The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!

    Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.

    Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.

    Pricing Model per IP´s is pretty usual - but you need flexibility.

    Cara Wolf - PeerSpot reviewerCara Wolf
    User

    Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.

    Cara Wolf - PeerSpot reviewerCara Wolf
    User

    Thank you for your comments...what if the malware does not present as anomalous?

    MarkBarrett - PeerSpot reviewerMarkBarrett
    User

    We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.

    Cara Wolf - PeerSpot reviewerCara Wolf
    User

    Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.

    Gerald Ostrofsky - PeerSpot reviewerGerald Ostrofsky
    MSP

    In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.

    Questions from the Community
    Top Answer:The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration.
    Top Answer:I would rate Cisco SNA as a nine out of ten in terms of costliness.
    Top Answer:Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk. However, with Cisco's recent acquisition of Splunk, it seems this gap will be addressed. If this integration happens… more »
    Top Answer:Both of these products perform similarly and have many outstanding attributes CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
    Ranking
    Views
    4,668
    Comparisons
    3,637
    Reviews
    8
    Average Words per Review
    528
    Rating
    8.4
    Views
    11,713
    Comparisons
    6,859
    Reviews
    30
    Average Words per Review
    407
    Rating
    8.2
    Comparisons
    Also Known As
    Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch
    Learn More
    Cisco
    Video Not Available
    Overview

    Cisco Secure Network Analytics is a highly effective network traffic analysis (NTA) solution that enables users to find threats in their network traffic even if those threats are encrypted. It turns an organization’s network telemetry into a tool that creates a complete field of vision for the organization’s administrators. Users can find threats that may have infiltrated their systems and stop them before they can do irreparable harm.

    Cisco Secure Network Analytics Benefits

    A few ways that organizations can benefit by choosing to deploy Cisco Secure Network Analytics include:

    • Security scaling. Secure Network Analytics makes it easy for organizations to scale up their level of network protection to match the growth that their business is experiencing. It can be deployed on whatever type of system is necessary. Users will have their growth needs met at every stage of their business journey because the solution offers users the ability to use it on-premises or in the cloud and it can be consumed as a SaaS-based or license-based solution. Whenever any kind of device is added, Secure Network Analytics can automatically classify that device so that it is seamlessly integrated into its network protection system.
    • Detects threats as they appear. Users gain the ability to scan their network traffic for even the most advanced threats at all times. Secure Network Analytics easily identifies the early warning signs that are typically initiated before attacks are conducted by bad actors. Once these signs are found, users are warned so that they can take steps to prevent those threats from escalating. This also enables users to determine the source of the threat and whether it might have spread further than initially thought.
    • Eliminate blind spots. Organizations that use Secure Network Analytics can view their network traffic across both private networks and public cloud environments. The scanning power of the solution allows users to gain complete visibility with a fewer number of sensors than their competitors require to achieve a similar level of protection.

    Cisco Secure Network Analytics Features

    Some of the many features that Cisco Secure Network Analytics offers include:

    • Centralized security management. Secure Network Analytics’ Identity Services Engine feature enables users to control their network from a single graphical user interface. Administrators can simplify their jobs by controlling profiler, posture, guest, authentication, and authorization services from a single pane of glass.
    • Machine learning tools. Secure Network Analytics uses machine learning to generate alerts when malicious or suspicious activity is detected. It also analyzes the threat so that users gain insight into the nature of the dangers that confront them. Additionally, it examines the threats to determine whether they are actual threats or false alarms. This significantly reduces the number of false alarms that administrators have to spend time attempting to resolve.
    • Automation. Users can automate routine tasks that users would otherwise have to handle manually. This automation feature frees administrators and employees to handle other more critical tasks.

    Reviews from Real Users

    Cisco Secure Network Analytics is a solution that stands out even when compared to many other comparable products. Two major advantages that it offers are the way that it enables users to define the threshold at which the solution will issue a warning to administrators and the predefined alerts that it offers straight out of the box.

    Gerald J., the information technology operations supervisor at Aboitiz Equity Ventures, Inc., writes, “StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.”

    A senior security engineer at a tech services company, says, “Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.”

    Darktrace is a leading cybersecurity solution that leverages artificial intelligence and machine learning to provide advanced threat detection, response, and risk management capabilities. Many reviewers find Darktrace's AI and machine-learning capabilities to be valuable. They appreciate its ability to detect anomalies and threats that might go unnoticed by traditional security tools. Overall, the general sentiment towards Darktrace from reviewers is positive. Users seem to appreciate its scalability, stability, AI capabilities, visibility, and ease of use.

    Darktrace offers a proactive and intelligent approach to cybersecurity. It utilizes AI algorithms to learn and understand the 'pattern of life' for every user and device within a network. This understanding enables it to detect anomalies that could signify a cyber threat, from subtle insider threats to more obvious ransomware attacks.

    Its adaptability, autonomous response features, and comprehensive network visibility make it a top-tier solution for different sizes of organizations and across many industries. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021 and protects over 8,800 organizations globally from advanced cyber threats.

    Darktrace Cyber AI Loop

    The Darktrace Cyber AI Loop introduces an advanced artificial intelligence-based system for cybersecurity, designed to build a self-improving defense mechanism. This system functions like a closed loop, where each stage feeds information and insights into the next, amplifying the overall effectiveness of the platform.

    The key components of the loop are:

    • DETECT - An AI engine that monitors your network and endpoints for anomalous activity, constantly learning the normal behavior of your users and devices. It identifies suspicious patterns and potential threats in real-time, even from never-before-seen attacks.
    • PREVENT - This proactive arm analyzes vulnerabilities and identifies weaknesses in your IT infrastructure. It prioritizes patching and configuration changes to harden defenses before attackers can exploit those vulnerabilities.
    • RESPOND - When DETECT identifies a threat, RESPOND takes immediate action to contain and neutralize it. This can involve isolating compromised devices, disrupting attacker activity, and automatically escalating critical incidents to human analysts.
    • HEAL - This newest addition to the loop focuses on post-incident recovery. It automatically restores compromised systems, cleans infected files, and helps to prevent the attack from spreading further.

    Darktrace's AI algorithms can identify threats that traditional security tools might miss. It continuously learns and updates its understanding of what is normal for each environment, ensuring that it can quickly detect and respond to unusual activities that could indicate a breach. Darktrace's Antigena module can autonomously respond to threats in real time. This is particularly crucial in containing fast-moving threats like ransomware, where every second counts. 

      Darktrace's solution provides unparalleled visibility into all parts of the network, including cloud services, IoT devices, and industrial control systems. This comprehensive coverage ensures that no part of the network is left unprotected. However, while the Darktrace Cyber AI Loop offers a robust solution, it is not a complete cure-all and requires careful implementation and integration with existing security frameworks.Darktrace offers a comprehensive and unified approach to cybersecurity. It provides continuous protection against known and unknown threats, regardless of where they emerge. Darktrace's solutions provide visibility into your cloud infrastructure, continuous monitoring of application usage and communication patterns (e.g., identification of suspicious actions like unauthorized data access), comprehensive email security that goes beyond traditional spam and phishing filters, real-time protection for endpoints, and continuous monitoring of network traffic and device activity.

      Darktrace also provides specialized coverage to secure your zero-trust architecture. Identifies compromised identities, unauthorized access attempts, and risky data exfiltration within a least-privilege environment. Finally, it has a dedicated solution for safeguarding industrial control systems and critical infrastructure. Monitors communication patterns, device behavior, and physical access within OT environments, protecting against operational disruptions and cyberattacks.

      Sample Customers
      Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
      Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
      Top Industries
      REVIEWERS
      Healthcare Company23%
      Financial Services Firm16%
      Comms Service Provider9%
      Manufacturing Company7%
      VISITORS READING REVIEWS
      Computer Software Company27%
      Financial Services Firm11%
      Government9%
      Manufacturing Company5%
      REVIEWERS
      Financial Services Firm19%
      Computer Software Company13%
      Healthcare Company6%
      Manufacturing Company6%
      VISITORS READING REVIEWS
      Computer Software Company16%
      Financial Services Firm8%
      Government7%
      Comms Service Provider7%
      Company Size
      REVIEWERS
      Small Business15%
      Midsize Enterprise9%
      Large Enterprise76%
      VISITORS READING REVIEWS
      Small Business17%
      Midsize Enterprise10%
      Large Enterprise73%
      REVIEWERS
      Small Business51%
      Midsize Enterprise20%
      Large Enterprise29%
      VISITORS READING REVIEWS
      Small Business30%
      Midsize Enterprise19%
      Large Enterprise52%
      Buyer's Guide
      Cisco Secure Network Analytics vs. Darktrace
      March 2024
      Find out what your peers are saying about Cisco Secure Network Analytics vs. Darktrace and other solutions. Updated: March 2024.
      763,955 professionals have used our research since 2012.

      Cisco Secure Network Analytics is ranked 4th in Network Traffic Analysis (NTA) with 7 reviews while Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 32 reviews. Cisco Secure Network Analytics is rated 8.2, while Darktrace is rated 8.2. The top reviewer of Cisco Secure Network Analytics writes "Improved our organization greatly but greater customizability would be beneficial". On the other hand, the top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". Cisco Secure Network Analytics is most compared with Cisco Secure Cloud Analytics, ThousandEyes, Vectra AI, Arista NDR and Gigamon Deep Observability Pipeline, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x). See our Cisco Secure Network Analytics vs. Darktrace report.

      See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

      We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.