Cisco Stealthwatch Other Advice

Consulta004b
Consultant at a healthcare company with 1,001-5,000 employees
Come up with a template, then choose a center, choose a region, choose a plant, etc. Figure out how you want the deployment to go, then replicate it. Turn it into some sort of kit. As you stand up more places, or you deploy to other places, it will follow that template, then you are set and done. This also extends to the config file, which is a bit more problematic. Depending on how large you are (we are very large), you do not always have the same model number of router. For example, we could have 1002X, 1001, and 1002X. They do not always align in terms of what that NetFlow configuration looks like. Some people put NetFlow on a switch. Make sure that you are aware of that and you have the best template you can. Get your ducks in a row before you deploy, or else it is going to extend your deployment. Pros: * Visibility is key. * Security is also key. * Being able to drill down into a center's utilization, then create reports based on it. * Ease of deployment, once you get your ducks in a row. Con: Reliance on Java. Get away from that. If they can make this product more web-based, that would be amazing. I do not know the feasibility of that, but it seems like everything is going towards that direction anyway. The sooner Cisco can make use of the app rather than Java, the better. View full review »
Travis Bugh
Senior Director of Architecture and Engineering at Trace3
Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment. The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately. I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.” View full review »
Technicab71a
Technical Consultant at a tech services company with 501-1,000 employees
If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor. Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature. This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand. I would rate this solution a seven out of ten. View full review »
Find out what your peers are saying about Cisco, Darktrace, Vectra AI and others in Intrusion Detection and Prevention Software. Updated: November 2019.
377,556 professionals have used our research since 2012.
NetworkAcb23
Network Administrator at a mining and metals company with 1,001-5,000 employees
One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. View full review »
NetworkE7689
Network Engineer at a government with 1,001-5,000 employees
The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives. The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier. Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly. I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me. The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting. View full review »
Robert Ufer
Network Architect at Henry Ford health system
Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that. Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase. The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams. In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process. On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves. Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on. Deploying the virtual machines made our storage have artifacts. But that was expected. Make sure you resource it correctly because it's going to use more than you expect. View full review »
Directorb5e9
Director Network Services at a consultancy with 1,001-5,000 employees
This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats. The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need. All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one. My advice for anybody implementing this solution is to get training on it before their deployment. I would rate this solution a nine out of ten. View full review »
LeadNetwd213
Lead Network Engineer at a retailer with 1,001-5,000 employees
The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it. In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure. I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more. View full review »
Director9b3e
Director of Networking and Telecom at a healthcare company with 1,001-5,000 employees
I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore. View full review »
Dale Keehan
Network Engineer at UC San Diego Health System
I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want. View full review »
Ken Poteate
Security Analysist at Amwins Group
Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it. View full review »
NetworkSddc6
Network Section Chief at a government with 1,001-5,000 employees
Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower. I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it. Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do. View full review »
Forensic60e5
Forensic Analyst at a pharma/biotech company with 1,001-5,000 employees
I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative. Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration. I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow. Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get. View full review »
Joaquin Quinata
Network Manager Administrator at a financial services firm with 501-1,000 employees
Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner. The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work. I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet. View full review »
NetworkM6238
Network Manager at a financial services firm with 1,001-5,000 employees
My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch. I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices. View full review »
NetworkEd59a
Network Engineer at a tech services company
I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first. View full review »
Rob Hartstone
Network Operations Manager at Philips Electronics
The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on. My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly. I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest. View full review »
Mark Green
Network Operations Manager at a tech company with 10,001+ employees
My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing. The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision. This is a good product, but there are still things that we would like to see. I would rate this solution a nine out of ten. View full review »
Steffen Jensen
IT Network Engineer at a logistics company with 10,001+ employees
Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good. I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined. I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working. View full review »
Finn Kristensen
Architect at Atea A/S
In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure. I would rate this solution an eight out of ten. View full review »
Brian Grainer
Manager of Digital Communications at Memorial Hermann Healthcare System
On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag. The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams. It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole. Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to. View full review »
Director7b47
Director of Operations at a manufacturing company with 1,001-5,000 employees
My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start. The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for. I would rate this solution an eight out of ten. View full review »
Shannon Greim
Engineer at Charter Communications, Inc.
You definitely need something to do flow level analysis. The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data. I would rate this solution as seven out of ten. View full review »
James Stout
Network Engineer at Oracle Corporation
My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up. This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation. I would rate this solution an eight out of ten. View full review »
Chad Koopmeiners
Network Manager at NorthBay HealthCare
My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten. View full review »
Douglas Bentley
Assistant Director of IT at University of Rochester Medical Center
My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools. This is a solid solution, and a necessary tool to add insight into our network. I would rate this solution an eight out of ten. View full review »
SeniorNe4b79
Senior Network Engineer at a comms service provider
I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first. View full review »
ServiceE8f27
Service Engineer at a tech company with 10,001+ employees
I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution. View full review »
NetworkMed21
Network Manager at a healthcare company with 1,001-5,000 employees
I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. View full review »
SeniorCoeaa2
Senior Consultant at a manufacturing company with 10,001+ employees
My advice to anybody implementing this solution is to start with the DevOps, as soon as possible. I would rate this solution a seven out of ten. View full review »
SrNetworbb7a
Sr Network Engineer at a insurance company with 5,001-10,000 employees
On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix. You need a dedicated team to manage all of these products and their integration together. View full review »
JosephSullivan
Manager at Indiana University Health
You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for. I would rate Stealthwatch as seven out of ten. It's easy to use. View full review »
Associat85b7
Associate Director Network Services at a pharma/biotech company with 10,001+ employees
I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market. View full review »
NetworkAe7fe
Network Administrator at a retailer with 1,001-5,000 employees
I would rate it an eight out of ten. Check the vendors and the options out there to see how they can meet your needs. View full review »
Bill Guilford
Senior Information Security Engineer at a transportation company with 10,001+ employees
There is nothing like it. It is a dream to operate. It is very intuitive. Go for it. Also, it is great for a network segmentation project. View full review »
reviewer1151310
Chief Consultant at a tech services company with 11-50 employees
My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment. I would rate this solution an eight out of ten. View full review »
SrNetworab58
Sr. Network Engineer at a tech services company with 10,001+ employees
I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management. View full review »
Toufeik Choukri
PIC for Cyber Security at a university with 51-200 employees
I think that maybe we need more products for our students to try and to master. It's part of their learning. I would rate this solution as nine or ten out of ten. View full review »
Rafael-Garcia
Infosec Manager at a energy/utilities company with 1,001-5,000 employees
I would rate Stealthwatch as an eight or nine out of ten. View full review »
Find out what your peers are saying about Cisco, Darktrace, Vectra AI and others in Intrusion Detection and Prevention Software. Updated: November 2019.
377,556 professionals have used our research since 2012.
Sign Up with Email