Cisco Stealthwatch Review

Provides real-time monitoring to identify peak traffic and possible issues


What is our primary use case?

Stealthwatch is primarily a network monitoring tool.

How has it helped my organization?

Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.

Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.

This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.

Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.

Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.

We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.

What is most valuable?

It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.

What needs improvement?

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

For how long have I used the solution?

My company has been using Stealthwatch for the past four to five years.

What do I think about the stability of the solution?

Stability is really good. I don't think we ever had an issue with it.

How was the initial setup?

The initial setup was straightforward. It wasn't difficult.

What was our ROI?

I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.

What other advice do I have?

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email