Cisco Stealthwatch Overview

Cisco Stealthwatch is the #1 ranked solution in our list of Network Traffic Analysis tools. It is most often compared to Darktrace: Cisco Stealthwatch vs Darktrace

What is Cisco Stealthwatch?

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

Cisco Stealthwatch is also known as Cisco Stealthwatch Enterprise, Lancope StealthWatch.

Cisco Stealthwatch Buyer's Guide

Download the Cisco Stealthwatch Buyer's Guide including reviews and more. Updated: January 2021

Cisco Stealthwatch Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF

Cisco Stealthwatch Video

Pricing Advice

What users are saying about Cisco Stealthwatch pricing:
  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
  • "Our fees are approximately $3,000 USD."
  • "We pay for support costs on a yearly basis."

Cisco Stealthwatch Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1467678
Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees
Real User
Jan 18, 2021
Provides valuable security knowledge and helps us improve network performance

What is our primary use case?

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer. We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network. Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or… more »

Pros and Cons

  • "It has definitely helped us improve our mean time to resolution on network issues."
  • "Many of these tools require extensive on-premises hardware to run."

What other advice do I have?

We are using the previous version. Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option. It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space. My advice for anybody who is considering StealthWatch is that if you're going…
Travis Bugh
Senior Director of Architecture and Engineering at Trace3
Real User
Jun 25, 2019
The network visibility feature opens up a whole new pane of glass that didn't exist before but it could be more administrator-friendly

What is our primary use case?

We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.

Pros and Cons

  • "The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that."
  • "I would like Cisco to make it easier for the administrators to use it."

What other advice do I have?

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment. The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately. I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my…
Learn what your peers think about Cisco Stealthwatch. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,301 professionals have used our research since 2012.
reviewer1375737
Manager-TCTSL NGN Security-Practices at a comms service provider with 10,001+ employees
Real User
Top 5Leaderboard
Nov 5, 2020
Stable with good security analysis but difficult to physically scale the product

What is our primary use case?

We are basically using this for our enterprise customers. I am a part of a next-generation network security team. I'm a part of a practice team, which actually does the different POCs for different customers' requirements as per their RFP requirements. StealthWatch, which we are using for a few of our telecom customers, is for threat detection and for ransomware attack or DDoS attack mitigation purposes. Basically, we use it for DDoS purposes, as many of the customers, which we are serving, are telecom customers. They are facing problems with their public network or with their mobile public… more »

Pros and Cons

  • "It's nice that we can integrate and assimilate automation scenarios and use cases for different analysis purposes."
  • "The visualization can be improved. I have seen many open-source platforms that are actually putting out more insightful data, in a better-visualized way than StealthWatch. This could be a great area for improvement."

What other advice do I have?

We're both a partner and a customer. Overall, I'd rate the solution seven out of ten. I'd advise other companies to consider the resolution, especially if they are looking for a solution that offers good, simple security analytics.
Technicab71a
Technical Consultant at a tech services company with 501-1,000 employees
Consultant
Jul 9, 2019
Improves security through better lateral visibility, but better integration with Firepower is needed

What is our primary use case?

We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.

Pros and Cons

  • "The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows."
  • "It would be better to let people know, up front, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed."

What other advice do I have?

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor. Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature. This is a good solution, but Java is still in the…
NetworkAcb23
Network Administrator at a mining and metals company with 1,001-5,000 employees
Real User
Jul 9, 2019
Improved our organization's analytics and threat protection capabilities by catching threats early on

What is our primary use case?

Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.

Pros and Cons

  • "The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of."
  • "One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself."

What other advice do I have?

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten.
NetworkE7689
Network Engineer at a government with 1,001-5,000 employees
Real User
Jun 24, 2019
Makes it easy to pinpoint any network anomalies or any type of suspicious behavior

What is our primary use case?

We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.

Pros and Cons

  • "The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice."
  • "I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI."

What other advice do I have?

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives. The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. It took me a couple of weeks…
Robert Ufer
Network Architect at Henry Ford health system
Real User
Top 20
Jun 26, 2019
Saves us time, money, and administrative work but scaling is a little difficult

What is our primary use case?

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

Pros and Cons

  • "The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now."
  • "Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required."

What other advice do I have?

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that. Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase. The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams. In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year…
Directorb5e9
Director Network Services at a consultancy with 1,001-5,000 employees
Real User
Jul 9, 2019
Provides never-before-seen data and intelligence using the encrypted traffic analysis feature

What is our primary use case?

Our primary use for this solution is to help protect against threats on our network.

Pros and Cons

  • "The most valuable feature is having visibility into the data segments throughout our network."
  • "I would like to see more expansion in artificial intelligence and machine learning features."

What other advice do I have?

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats. The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need. All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one. My advice for anybody implementing this…
See 31 more Cisco Stealthwatch Reviews
Buyer's Guide
Download our free Cisco Stealthwatch Report and get advice and tips from experienced pros sharing their opinions.