Cisco Stealthwatch Room for Improvement

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough. When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not. Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life. View full review »

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it. Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that. View full review »

The visualization can be improved. I have seen many open-source platforms that are actually putting out more insightful data, in a better-visualized way than StealthWatch. This could be a great area for improvement. The solution could use a few more APIs with respect to API related support which will definitely help different platforms integrate with this platform. While they already have different APIs for support of different platforms, they should increase them and ensure they can go hand in hand with the different open source systems instead of having their own proprietary architecture. Open source would make it easier for systems integrators. View full review »

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair. Eliminating Java from the SMC would improve this solution. It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not. View full review »

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function. I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. View full review »

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier. View full review »

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required. View full review »

I would like to see more expansion in artificial intelligence and machine learning features. There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists. View full review »

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago. View full review »

The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified. View full review »

We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too. View full review »

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity. View full review »

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product. There's a lot of traffic on our network that we don't see sometimes. View full review »

At my company, we might not be using it enough with other applications that we have that can integrate with it. We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet. View full review »

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices. View full review »

Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use. View full review »

Complexity on integration is not so straightforward and you really need an expert to help build it out. View full review »

There is room for this solution to mature because there are still things that we want to see. The reporting of day-to-day metrics still has room for improvement. View full review »

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view. View full review »

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product. Speed is an issue because the faster you have visibility, the better the solution. View full review »

It is time-consuming to set it up and understand how the tool works. View full review »

We had some trouble with the installation as we migrated from our previous solution. View full review »

The initial setup is complex, as there is a lot to configure. View full review »

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for. View full review »

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently. In terms of the user interface, navigating through the drill down windows needs to be improved. View full review »

They should include Citrix VDIs in the next release. View full review »

I would like to see some improvement when it comes to reporting. View full review »

It's too complicated to install when starting out. Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect. Availability is another issue. You need a couple of days to get it to work. View full review »

We're trying to upgrade to the newest release. We're running a version that's three versions behind. View full review »

The usability of this solution needs to be improved. The initial setup of this solution can be simplified. View full review »

I don't really think we really save time while using this solution. View full review »

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen. View full review »

Stealthwatch needs improvement when it comes to speed. View full review »

Cisco could improve the administration for the customers. View full review »