Cisco Stealthwatch Review

Provides holistic view of network traffic, packet analysis; it's easy to identify anomalies without signatures

What is our primary use case?

We implemented Stealthwatch Cloud in order to provide our analysts with an additional tool for security monitoring.

How has it helped my organization?

This tool provides another method for security analysts to triage security alerts. The artifacts available in the tool provide better information for analyzing network traffic. 

What is most valuable?

It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.

What needs improvement?

I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.

If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. Collecting NetFlow data is not hard, however, there is a chance you’ll end up with a huge amount of data that needs investigating. It might be a good idea to deploy gradually, by network segment.

How is customer service and technical support?

Technical support has been excellent. I would not hesitate to work with them again. The engineer I worked with was knowledgeable.

Which solutions did we use previously?

No previous solution.

How was the initial setup?

The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from NetFlow-enabled devices to provide a context for network utilization.

What's my experience with pricing, setup cost, and licensing?

One thing to keep in mind is that pricing is based on flow. If your environment is a Cisco shop, there should be an option to bundle it with certain purchases.

What other advice do I have?

I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.

Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.

I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.

Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email