Cisco Stealthwatch Review

Provides easily identifiable anomalies that you can't see with signature detections

What is our primary use case?

  • ID managers
  • Flow replicators
  • Flow sensors
  • Thick client

How has it helped my organization?

Provides easily identifiable anomalies that you can't see with signature detections. 

What is most valuable?

NetFlow: The beginning of any security investigation starts with NetFlow data. 

What needs improvement?

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How is customer service and technical support?

I have known these guys for a long time. They are completely familiar with their product.

Which solutions did we use previously?

We did not have a previous solution.

How was the initial setup?

The initial setup is very straightforward. 

What about the implementation team?

The vendor helped in every step of the installation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is done by flows per second, not including outside (in traffic). 

Which other solutions did I evaluate?

I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use. 

What other advice do I have?

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email