There are two areas of improvement. Firstly, extend the log retrieval limit to at least three months. For example, there is a limit on the number of log messages that can be received. So, I would like to expand the log retrieval limit. And another thing, if we migrate these things to an event or send us an email if there is any critical event, I would like to configure these things on the initial launch. Because if a system is compromised, there will be a lot of data movement from one post to another post to the outside. Then, we should also get an alert on email as well. We have since we have integrated these things. But a direct email for critical alerts should be there. So, I would like to enhance the critical event configuration. If a new user wants to learn how it should work, how policies work, and where we can configure policies, there should be some learning material for this product.
It gives you a whole lot of information, but they can keep on constantly adding to it. When I used to work on it, I just didn't see anything new happening for about a year and a half. Providing newer data and newer reports constantly would help. There should be more classifications and more interesting data.
Cisco Stealthwatch Cloud could improve the graphical user interface. It could be a more user-friendly graphical user interface. so that. Not everybody's a cyber security professional, most of the customers that I deal with are not very skilled. The terms that they use in the solution are quite understandable for a normal CIO. If you're going to sit with a CIO or a CSO to explain to him anything about the solution, most of them are not technical. Their technical skills are approximately 20 to 30 percent. They need to have simple terms, such as some of the other solutions have that they are able to understand. For example, forensic analysis means this. However, that example is a normal word that someone can understand, but some words that they use to describe certain features, are quite hard to understand. Cisco Stealthwatch Cloud for technical people is user-friendly because they already understand how it works. For those people who are less technical and not very good at security, they might have a difficult time trying to work around to understand the solution. If they do not have the support it will make it even more difficult and they will have to do the troubleshooting themself.
BDM at a tech services company with 501-1,000 employees
Real User
Mar 9, 2021
We are in South Africa, and their cloud service is located in the US or the UK. We don't have a local instance in South Africa, and this is still a concern from a customer-experience point of view. We do get some resistance from that point of view. Even though it is only managed in the cloud, people feel that they would prefer a local instance in South Africa, specifically in my region. From a forensics point of view, they can maybe add a little bit more forensic or solid evidence, instead of just doing logs. For example, if there is a lateral-movement attack internally, it can capture the whole path and present that as evidence in a forensic exercise. This is something that could be added at some stage.
Learn what your peers think about Cisco Secure Cloud Analytics [EOL]. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
Cisco Secure Cloud Analytics is a cloud-based security solution that provides visibility and threat detection for cloud environments. It offers software mapping and automation for incident response, forensic analysis, and segmentation of IT architecture. The solution can be used on-premise or on the cloud and is used in various sectors such as insurance and government.
The logs in Cisco Secure Cloud Analytics are valuable for API integration in a team as they provide important...
![Cisco Secure Cloud Analytics [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_40/0dra2w8zbx5vrvwmhkdswx9l90ys.jpg?_a=BACAGSDL){kind=small}
There are two areas of improvement. Firstly, extend the log retrieval limit to at least three months. For example, there is a limit on the number of log messages that can be received. So, I would like to expand the log retrieval limit. And another thing, if we migrate these things to an event or send us an email if there is any critical event, I would like to configure these things on the initial launch. Because if a system is compromised, there will be a lot of data movement from one post to another post to the outside. Then, we should also get an alert on email as well. We have since we have integrated these things. But a direct email for critical alerts should be there. So, I would like to enhance the critical event configuration. If a new user wants to learn how it should work, how policies work, and where we can configure policies, there should be some learning material for this product.
The product's price is high.
It gives you a whole lot of information, but they can keep on constantly adding to it. When I used to work on it, I just didn't see anything new happening for about a year and a half. Providing newer data and newer reports constantly would help. There should be more classifications and more interesting data.
Cisco Stealthwatch Cloud could improve the graphical user interface. It could be a more user-friendly graphical user interface. so that. Not everybody's a cyber security professional, most of the customers that I deal with are not very skilled. The terms that they use in the solution are quite understandable for a normal CIO. If you're going to sit with a CIO or a CSO to explain to him anything about the solution, most of them are not technical. Their technical skills are approximately 20 to 30 percent. They need to have simple terms, such as some of the other solutions have that they are able to understand. For example, forensic analysis means this. However, that example is a normal word that someone can understand, but some words that they use to describe certain features, are quite hard to understand. Cisco Stealthwatch Cloud for technical people is user-friendly because they already understand how it works. For those people who are less technical and not very good at security, they might have a difficult time trying to work around to understand the solution. If they do not have the support it will make it even more difficult and they will have to do the troubleshooting themself.
We are in South Africa, and their cloud service is located in the US or the UK. We don't have a local instance in South Africa, and this is still a concern from a customer-experience point of view. We do get some resistance from that point of view. Even though it is only managed in the cloud, people feel that they would prefer a local instance in South Africa, specifically in my region. From a forensics point of view, they can maybe add a little bit more forensic or solid evidence, instead of just doing logs. For example, if there is a lateral-movement attack internally, it can capture the whole path and present that as evidence in a forensic exercise. This is something that could be added at some stage.
I would like to see more forensic tools or more forensic features.