Cisco Stealthwatch Review

Shows the actual data flow transiting the network but scalability is a concern

What is our primary use case?

We mainly use this solution for diagnostic information.

How has it helped my organization?

Being able to see the actual data flows transiting the network versus what we had planned is a great sanity check for our overall design planning. It is also useful to be able to make sure that we track the load that we anticipate.

The core reason we purchased this product was to increase our visibility of where the traffic sources and destinations were, as opposed to just raw data that is on the interface.

Stealthwatch has also reduced 10% of false positives. We're kind of limited to the deployment of Stealthwatch right now.

It saves us administrative work and design. 

What is most valuable?

Being able to identify specific data closed across the network is invaluable.

Their analytics and threat detection capabilities are good. We're able to pick out the individual traffic flows for specific users and even individual sessions across the network and reconstruct timelines of activity after the fact, if needed, or use the data in real time to plan out network capacity and growth.

What do I think about the stability of the solution?

Stealthwatch is a very stable solution.

What do I think about the scalability of the solution?

We've had problems with element licensing costs so scalability is a concern.

How are customer service and technical support?

The technical support provided is excellent.

Which solution did I use previously and why did I switch?

We used NetFlow before, so Stealthwatch was pretty much the only game in town for getting the level of detail that we were looking for out of the transport network. It was a natural choice.

What about the implementation team?

We used a vendor for the implementation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis, but I have no idea what the costs are.

Which other solutions did I evaluate?

We work very closely with Cisco directly and therefore we really just looked at Stealthwatch, because it was Cisco's product and they said this is what we do.

What other advice do I have?

You definitely need something to do flow level analysis.

The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.

I would rate this solution as seven out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment