Cisco Secure Network Analytics Reviews

We use Stealthwatch to identify any risk or vulnerabilities in the environment.

Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.

The cognitive analytics really helps us analyze the traffic.

The most valuable feature is its alerts and dashboard.

The solution's analytics and threat detection capabilities are also pretty reasonable.

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.

Their technical support is very good.

The initial setup was complex. Sensor and controller installation was especially complex.

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

I never had to use technical support before.

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

We haven't seen ROI.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

• ID managers
• Flow replicators
• Flow sensors
• Thick client

Provides easily identifiable anomalies that you can't see with signature detections. 

NetFlow: The beginning of any security investigation starts with NetFlow data. 

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

More than five years.

No issues.

No issues.

I have known these guys for a long time. They are completely familiar with their product.

We did not have a previous solution.

The initial setup is very straightforward. 

The vendor helped in every step of the installation. 

Licensing is done by flows per second, not including outside (in traffic). 

I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use. 

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

The product is stable. We have not had any downtime with it.

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

We pay a yearly license.

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

On-premises

Our main reason for using Stealthwatch is it gives us visibility.

Stability is the most valuable feature we have seen in this solution.

Stealthwatch needs improvement when it comes to speed.

The solution's stability is good.

I think this solution is okay with scale.

I think their technical support is great.

The initial setup was straightforward.

Time to value is very good for Stealthwatch.

I would rate Stealthwatch as an eight or nine out of ten.

The primary use case for Cisco Stealthwatch is for us to sell it. 

It has improved my organization's network visibility from zero because before we had installed this solution, we weren't doing anything to protect us from threats. I believe this solution has reduced our incident response time. 

The features I find most valuable about Cisco Stealthwatch its integration with the pxGrid and all of our other devices that are tied in with pxGrid, so they can communicate with each other and be able to dynamically change, quarantine a suspicious device, or do whatever necessary in case of a malware attack or similar problem.

Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.

We are currently also using AMP and a few other Cisco products to assist us with threat protection and it's only been running for a couple of months.

This solution is very stable.

I believe there isn't much to scale for it and I think it all depends on how many nodes you're running in the environment. I will say the scalability is fairly decent.

I haven't had to use technical support yet. I've only read through the pages of documentation.

The initial setup was a little complex since I haven't set it up before. 

It is hard to say yet, but at least we can tell customers that we've detected a threat, and it can be stopped in time.

For our organization, it is cheap, but for other customers, it may be fairly expensive. 
As we are resellers of Cisco Stealthwatch, we hope to save time, money, and administrative costs once we start selling more of these solutions.

I am responsible for the security of our organization's devices, so I did look at other options. Since this solution ties into other products, I wanted to use Duo Security and tie that together with StealthWatch.

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. 

My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

The solution has a lot of add-on features available.

Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

I have used Cisco Stealthwatch within the last 12 months.

The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

On-premises