Cisco Stealthwatch Competitors and Alternatives
Read reviews of Cisco Stealthwatch competitors and alternatives
Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Reduces the times between an alert and a ticket coming up
What is our primary use case?The original use case was because we had some legacy stuff that doesn't do encryption at rest. Compliancy-wise, we had to put in some additional mitigating actions to protect it. That was the start of it. Then, we extended it to check other devices/servers within our network as well. We are on the latest version.
Pros and Cons
- "It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
- "We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
What other advice do I have?Start small and simple. Work with the Vectra support team. The solution’s ability to reduce false positives and help us focus on the highest-risk threats is the tricky part because we are still doing the filtering. The things it sees are out of the ordinary and anomalous. In our company, we have a lot of anomalous behavior, so it's not the tool. Vectra is doing what it's supposed to do, but we need to figure out whether that anomalous behavior is normal for our company. The majority of the findings are misconfigurations of servers and applications. That's the majority of things that I'm…
Senior Analyst Security and Compliance at a insurance company with 5,001-10,000 employees
Reduced the time my team focused on incident response and provided the visibility we were looking for
What is our primary use case?Awake Security was brought onboard to provide governance over the incident response process, which is a managed service. Challenges were identified, such as, no visibility and no network awareness of what's going on in the environment. Once the network visibility was solved, the decision to look at AI related tools was initiated. We will be using its features for compliance as well as threat detection, looking to partner with Awake Security to achieve these goals. Placing their solution in an enterprise financial vertical may allow thinking outside the box, providing additional value in the… more »
Pros and Cons
- "We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network."
- "Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."
What other advice do I have?The Awake Security team does a good job with communication. With the encrypted traffic, you can't see inside the packet. Encrypted traffic was not a hindrance, since most traffic nowadays is encrypted. The Awake Security team does a good job of determining what's wrong, even though they don't have the full view of the content inside the packet. Awake Security gets a solid nine (out of 10) based on our experience. That's based on their technology, professionalism, and communication. It was their MNDR service that set them apart when we were looking at other technologies.
Director at Baverianvine
Aug 25, 2019
A great solution for threat detection that intelligently and immediately responds to attacks across your enterprise system
What is our primary use case?We use it to deploy to enterprise customers to provide them with a complete, reliable and intelligent threat detection and response system.
Pros and Cons
- "A simple, powerful AI solution that just does all the work for you when you turn it on."
- "It could build in integrations for some complementary products, but it has an assistant plugin so this is not really a big deal."
What other advice do I have?My advice to people and organizations considering this as a solution is: go buy it. They shouldn't waste their time fussing and looking around at other solutions. It works. I've done administrating for several years, and this is the one solution that works. It complements what you have, whatever that is. It is like a plug-and-play component. There is no solution that does what it does. You even have some excellent systems like Cisco's Stealthwatch — these are just the three packet analysis technologies. Darktrace is actually DPI (Deep Packet Inspection), which in my markets is now called the…
Network Engineer at a healthcare company with 1,001-5,000 employees
Jan 13, 2020
Helps us determine what is going on with our Internet
What is our primary use case?Our primary use case is monitoring bandwidth and being able to go back and look at bandwidth issues. We are on the latest version.
Pros and Cons
- "It helps us determine what is going on with our Internet and who is hogging it all up. If we get a real high throughput or a throughput that's going over and getting dropped fairly quickly, we can tell who (or what device) is consuming that traffic."
- "I wish the reporting side was easier to work with, but it does a decent job. I also wish the reporting side was a little more intuitive or they offered more reporting examples."
What other advice do I have?I would rate it an eight (out of 10).
Security Analyst at IT Convergence
Mar 19, 2019
The IPS has proven that it can find events and items, which previously went under the radar
What is our primary use case?We use it to enhance security on our EDGE network in all of our remote offices, as well as our data centers
Pros and Cons
- "The ability to centrally manage all the IPS sensors, track the different security events generated by it, and customize the different policies, depending on their location."
- "The Network Security Managers could be more stable, agile, and work faster. When it comes to instability, there is room for improvement."