What is our primary use case?
We are basically using this for our enterprise customers. I am a part of a next-generation network security team. I'm a part of a practice team, which actually does the different POCs for different customers' requirements as per their RFP requirements. StealthWatch, which we are using for a few of our telecom customers, is for threat detection and for ransomware attack or DDoS attack mitigation purposes.
Basically, we use it for DDoS purposes, as many of the customers, which we are serving, are telecom customers. They are facing problems with their public network or with their mobile public network. Our major use cases are for detecting ransomware or DDoS attacks.
How has it helped my organization?
StealthWatch allows us to offer a different security product to our customers. StealthWatch is not the only product that I'm supporting for my customers. However, the analytics part of that platform is excellent. It has benefited me and my customers as it reduces the job of L1 engineers and of security operation centers, due to the fact that it analyzes the detection of different attack scenarios or attack vectors. To be able to respond quickly or in an automated way helps keep everyone safe.
What is most valuable?
I can work on different anomalies in order to detect data points and study threat detection techniques. They use different security features that are effective at protecting us and are all provided on that platform.
It has great security analytics features. We have security analytics as one of our product offerings to our customers.
I have a background with a few net languages like Python and BCPL and I like to automate things, which I can do here. I also have experience in and work with different Selenium platforms like Splunk and DNS and presently I am working on ELK Stack. They have their own sims, which actually simulates the different alerts and logs, which are taken from StealthWatch or different security platforms. It's nice that we can integrate and assimilate automation scenarios and use cases for different analysis purposes. There's also great encrypted traffic analytics.
What needs improvement?
The visualization can be improved. I have seen many open-source platforms that are actually putting out more insightful data, in a better-visualized way than StealthWatch. This could be a great area for improvement.
The solution could use a few more APIs with respect to API related support which will definitely help different platforms integrate with this platform. While they already have different APIs for support of different platforms, they should increase them and ensure they can go hand in hand with the different open source systems instead of having their own proprietary architecture. Open source would make it easier for systems integrators.
For how long have I used the solution?
We have been using the solution for two years at this point.
What do I think about the stability of the solution?
The stability is quite good. We haven't had any issues. It's been reliable.
What do I think about the scalability of the solution?
The scalability is dependent on what network you are on or what infrastructure you want to handle using that platform. It will be totally dependent upon how the architecture is. If it is a giant telecom client, then you have to have multiple clusters of these devices to manage the different networks. And so, with respect to physically handling the expansion, the scalability is quite difficult for this platform.
How are customer service and technical support?
As far as support is concerned, Cisco has very good support. Even if there is a relatively small issue, you can book a ticket and you get tech support. If you are partnering with them, then it is very easy to have a Cisco product signal network. The support provided by Cisco is very good.
How was the initial setup?
Most of the projects which I have done are on telecom networks that have their own network. I have to put StealthWatch or any security platform in between it. Therefore, it is always very difficult for me to design or to modify the present architecture and put security controls in between that.
To achieve whatever the customer requirements or the expectations are with respect to their security posture can be difficult. Whatever they have in their mind, with respect to their business goals needs to be achieved. Those are complex projects, as we have many challenges to in terms of putting together different kinds of traffic that need to be analyzed in StealthWatch. Of course, after an analysis of traffic, we have to respond back. That requires integrating different APIs of different platforms.
I have to go into a deep, architectural view of that complete network and I have to design accordingly so that, I can fulfill the different customer's requirements as far as security is concerned.
If all the necessary requirements with respect to IP planning and everything is okay, then it takes approximately one or two days to deploy.
What's my experience with pricing, setup cost, and licensing?
It is still costly for very medium scale business or enterprises. There are different platforms available that are open-source which they can use. Overall, it is expensive.
What other advice do I have?
We're both a partner and a customer.
Overall, I'd rate the solution seven out of ten.
I'd advise other companies to consider the resolution, especially if they are looking for a solution that offers good, simple security analytics.
Which deployment model are you using for this solution?