Cisco Stealthwatch Review

Increased our incident response rates on the network with less time required to detect threats

What is our primary use case?

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

How has it helped my organization?

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

What is most valuable?

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

What needs improvement?

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

What do I think about the stability of the solution?

The product is stable. We have not had any downtime with it.

What do I think about the scalability of the solution?

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

How are customer service and technical support?

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

If you previously used a different solution, which one did you use and why did you switch?

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

How was the initial setup?

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

What was our ROI?

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly license.

Which other solutions did I evaluate?

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

What other advice do I have?

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email