Cisco Stealthwatch OverviewUNIXBusinessApplication

Cisco Stealthwatch is the #3 ranked solution in our list of top Network Detection and Response (NDR) tools. It is most often compared to Darktrace: Cisco Stealthwatch vs Darktrace

What is Cisco Stealthwatch?

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

Cisco Stealthwatch is also known as Cisco Stealthwatch Enterprise, Lancope StealthWatch.

Cisco Stealthwatch Buyer's Guide

Download the Cisco Stealthwatch Buyer's Guide including reviews and more. Updated: September 2021

Cisco Stealthwatch Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF

Cisco Stealthwatch Video

Pricing Advice

What users are saying about Cisco Stealthwatch pricing:
  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JD
Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees
Real User
Top 10
Provides valuable security knowledge and helps us improve network performance

What is our primary use case?

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer. We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network. Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or… more »

Pros and Cons

  • "It has definitely helped us improve our mean time to resolution on network issues."
  • "Many of these tools require extensive on-premises hardware to run."

What other advice do I have?

We are using the previous version. Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option. It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space. My advice for anybody who is considering StealthWatch is that if you're going…
Mark Lavine
Airway Transportation Service Specialist at Federal Aviation Administration
Real User
Top 20
Allowed us to effectively monitor network traffic and analyze anomalies

What is our primary use case?

Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.

Pros and Cons

  • "From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
  • "We determined that Stealthwatch wouldn't provide the machine learning model that we required."

What other advice do I have?

Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion. We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some…
Learn what your peers think about Cisco Stealthwatch. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,057 professionals have used our research since 2012.
JC
Chief Technology Officer at a tech services company with 51-200 employees
MSP
Top 20
Excellent network monitoring for anomaly detection and evaluation

What is our primary use case?

Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco.

Pros and Cons

  • "Great network monitoring, looking at anomaly detection and evaluation."
  • "The visualization could be improved, the GUI is not the best."

What other advice do I have?

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. I rate this solution an eight out of 10.
ML
National Offering Lead - Security Practice at a computer software company with 501-1,000 employees
MSP
Top 20
Good detection capabilities but integration with Cisco ISE would improve it considerably

What is our primary use case?

We are resellers, we provide solutions for our clients. We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

Pros and Cons

  • "We find that Stealthwatch can detect the unseen."
  • "It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."

What other advice do I have?

I would rate Cisco Stealthwatch a seven out of ten.
JB
Ingenieria at a tech services company with 11-50 employees
Real User
Top 20
Good routing and switching with an easy implementation

What is our primary use case?

We primarily handle the design, implementation, and support for the solution and we also manage collaboration, routing and switching, security products, et cetera.

Pros and Cons

  • "Overall, the implementation is very good."
  • "We would like the solution to make more advances in the way that Extreme Networks has been doing."

What other advice do I have?

We are a Cisco premier partner. In general, I would rate the solution ten out of ten. We've had very good experiences so far.
JH
Chief Consultant at a tech services company with 11-50 employees
Consultant
Good anomaly and malware detection, and highly-rated technical support

What is our primary use case?

We are a system integrator and I have implemented this solution for one of our customers. This solution is normally used for anomaly detection and malware detection. It is deployed on-premises.

Pros and Cons

  • "The most valuable feature is anomaly detection, where it finds things that are not allowed internally."
  • "The usability of this solution needs to be improved."

What other advice do I have?

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment. I would rate this solution an eight out of ten.
JS
Senior Security Consultant at a tech services company with 51-200 employees
Real User
Top 20
Easy to set up and has good stability

What is our primary use case?

My customers buy Stealthwatch for traffic analysis. 

What needs improvement?

Cisco could improve the administration for the customers.

For how long have I used the solution?

I have been selling Stealthwatch for one to two years. 

What do I think about the stability of the solution?

I haven't heard from my customers that they had any problems with stability. 

How was the initial setup?

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

What other advice do I have?

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

Which deployment model are you using for this solution?

On-premises
Buyer's Guide
Download our free Cisco Stealthwatch Report and get advice and tips from experienced pros sharing their opinions.