Cisco Stealthwatch Review

Dependable solution that is able to pinpoint where we have vulnerabilities if they occur


What is our primary use case?

We use the solution primarily for IDS/IPS.

How has it helped my organization?

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

What is most valuable?

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

What needs improvement?

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

For how long have I used the solution?

We have been using the product for more than six months.

What do I think about the stability of the solution?

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

What do I think about the scalability of the solution?

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

How are customer service and technical support?

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

If you previously used a different solution, which one did you use and why did you switch?

We just immediately went with Stealthwatch and did not have a previous solution.

How was the initial setup?

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

What about the implementation team?

We did not use a vendor team for the deployment.

Which other solutions did I evaluate?

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

What other advice do I have?

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email