Cisco Stealthwatch Review

Can identify down to an IP address of a system that is causing problems


What is our primary use case?

Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.

How has it helped my organization?

The solution's ability to detect threats and provide remediation greatly improved our company.

Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.

Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.

It has also reduced false positives by about 5%.

Stealthwatch saves us time, money, and administrative work.

What is most valuable?

The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.

Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.

What needs improvement?

Complexity on integration is not so straightforward and you really need an expert to help build it out.

What do I think about the stability of the solution?

The solution's stability is very good.

What do I think about the scalability of the solution?

Its scalability is pretty good. We're about to roll it out bigger.

How are customer service and technical support?

I would probably give their technical support a nine out of ten.

If you previously used a different solution, which one did you use and why did you switch?

We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.

How was the initial setup?

The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.

What about the implementation team?

We used Presidio with actual Cisco people doing the work. We had a very good experience with them.

What was our ROI?

Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.

What's my experience with pricing, setup cost, and licensing?

On a yearly basis, licensing is somewhere around $30,000.

Which other solutions did I evaluate?

We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.

What other advice do I have?

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email