We chose Cisco Services versus competing services because we have a lot of Cisco devices and wanted a solution that will work with them.

On a scale from one to ten, I'd rate Cisco Secure Network Analytics at eight.

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.

This is a solid solution, and a necessary tool to add insight into our network.

I would rate this solution an eight out of ten.

The key integration we use with Cisco Secure Network Analytics is Splunk outside of the Cisco ecosystem. We have had an internal push to get further into the Cisco ecosystem because Stealthwatch is just detection and has no way of doing your security orchestration but other Cisco solutions do. The idea going forward is that we will be able to buy in a bit further and exploit that integration to do more machine time response.

I think Cisco Secure Network Analytics is quite good when it comes to securing the infrastructure from end to end. This is particularly the case when you are deploying something like the Cisco SD-WAN solution where you've got your controlling data plane. Cisco has thought about this, going back to the encrypted traffic analysis, your Cisco controlling data plane won't stand up unless they're encrypted. Unless I want a man-in-the-middle, which causes other issues, I deploy Stealthwatch. Stealthwatch has that encrypted traffic analysis. I think it's really well thought through.

Come up with a template, then choose a center, choose a region, choose a plant, etc. Figure out how you want the deployment to go, then replicate it. Turn it into some sort of kit. As you stand up more places, or you deploy to other places, it will follow that template, then you are set and done.

This also extends to the config file, which is a bit more problematic. Depending on how large you are (we are very large), you do not always have the same model number of router. For example, we could have 1002X, 1001, and 1002X. They do not always align in terms of what that NetFlow configuration looks like. Some people put NetFlow on a switch. 

Make sure that you are aware of that and you have the best template you can. Get your ducks in a row before you deploy, or else it is going to extend your deployment.

Pros:

• Visibility is key. 
• Security is also key. 
• Being able to drill down into a center's utilization, then create reports based on it.
• Ease of deployment, once you get your ducks in a row.

Con: Reliance on Java. Get away from that.

If they can make this product more web-based, that would be amazing. I do not know the feasibility of that, but it seems like everything is going towards that direction anyway. The sooner Cisco can make use of the app rather than Java, the better.

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

I rate the solution as a nine. It is very comprehensive and promising in encrypted traffic analysis. It is very well supported and documented as well.

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.

The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.

I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

I would strongly recommend this solution to others. It is user-friendly, with an excellent reporting system. Moreover, it offers seamless integration for mitigation, which is a very valuable feature. Overall, I would rate Cisco Secure Network Analytics as a ten out of ten.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

We are using the previous version.

Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

I would rate this solution an eight out of ten.

I would recommend Cisco Secure Network Analytics to others. Overall, I would rate it as a nine out of ten.

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.

I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.

We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc. 

Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco. 

You definitely need something to do flow level analysis.

The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.

I would rate this solution as seven out of ten.

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. 

The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.

Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.

This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.

I would rate this solution a seven out of ten.

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.

Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.

I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.

Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

I rate this solution an eight out of 10. 

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start.

The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for.

I would rate this solution an eight out of ten.

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.

In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.

I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.

The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. 

As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. 

It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.

Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.

I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. 

Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.

The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. 

I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.

This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.

I would rate this solution an eight out of ten.

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.

The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.

It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.

Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. 

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. 

Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. 

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

I would rate Cisco Stealthwatch a seven out of ten.

I would rate Stealthwatch as an eight or nine out of ten.

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. 

My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

I would recommend Cisco Stealthwatch to others.

The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

I rate Cisco Stealthwatch an eight out of ten.

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs. 

Get it in and see what you can see!

It is a good product. I don't see any matching product with level of detailed information.

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

I think that maybe we need more products for our students to try and to master. It's part of their learning.

I would rate this solution as nine or ten out of ten.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Go for it. Also great for your network segmentation project.

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

We are a Cisco premier partner.

In general, I would rate the solution ten out of ten. We've had very good experiences so far.