What is our primary use case?
For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.
How has it helped my organization?
Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen.
I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now.
What is most valuable?
The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.
What needs improvement?
We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.
What do I think about the stability of the solution?
The solution is very stable and we haven't had any crashes yet.
What do I think about the scalability of the solution?
Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.
How are customer service and technical support?
I do know we have used the support before and it was good enough to get our problems fixed.
If you previously used a different solution, which one did you use and why did you switch?
We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.
How was the initial setup?
The initial setup was pretty straightforward and sufficient. It's good.
What other advice do I have?
I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on.
Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.
Disclosure: I am a real user, and this review is based on my own experience and opinions.