What is our primary use case?
The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.
How has it helped my organization?
Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.
It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.
I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.
It may have reduced the time to detect and remedy threats a little.
It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.
I'm sure Stealthwatch saves us time, money, and administrative work.
What is most valuable?
The ability to send data flow from other places and have them all in one place is very valuable for us.
What needs improvement?
I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.
For how long have I used the solution?
We've had Stealthwatch in production for a year and half.
What do I think about the stability of the solution?
It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.
What do I think about the scalability of the solution?
We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.
How are customer service and technical support?
I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.
What was our ROI?
In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.
I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.
What other advice do I have?
The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.
In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.
I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.
Disclosure: I am a real user, and this review is based on my own experience and opinions.