What is our primary use case?
Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco.
How has it helped my organization?
The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.
What is most valuable?
The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch.
What needs improvement?
The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.
How are customer service and technical support?
Technical support has been good, similar to other areas of Cisco support.
How was the initial setup?
The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.
What other advice do I have?
If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment.
I rate this solution an eight out of 10.
Which deployment model are you using for this solution?