We are a system integrator and I have implemented this solution for one of our customers.
This solution is normally used for anomaly detection and malware detection.
It is deployed on-premises.
Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.
Cisco Stealthwatch was previously known as Cisco Stealthwatch Enterprise, Lancope StealthWatch.
Download the Cisco Stealthwatch Buyer's Guide including reviews and more. Updated: December 2021
Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
We are a system integrator and I have implemented this solution for one of our customers.
This solution is normally used for anomaly detection and malware detection.
It is deployed on-premises.
The organization now have a better overview how their traffic is flowing.
The most valuable feature is anomaly detection, where it finds things that are not allowed internally.
The usability of this solution needs to be improved.
The initial setup of this solution can be simplified.
The stability of this solution is good.
We have three people who are using this solution.
I would rate technical support for this solution highly.
We used Darktrace before.
The initial setup of this solution is complex.
My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.
I would rate this solution an eight out of ten.
Our primary use case is for it to run our call center 24/7 365 days a year.
There's a lot of stuff on the new version we haven't had the chance to work with yet.
We're trying to upgrade to the newest release. We're running a version that's three versions behind.
So far we've had a good experience with stability. We've run into some issues with the configuration.
It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable.
Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.
We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products.
We had engineers that set it up. There were some problems that Cisco support came to fix.
I would rate it an eight out of ten.
Check the vendors and the options out there to see how they can meet your needs.
Our primary use case for Stealthwatch is endpoint security.
Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.
It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.
The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.
They should include Citrix VDIs in the next release.
It's challenging to scale as big as our environment.
I highly recommend their technical support.
We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.
The setup was of moderate complexity because of the Citrix environment.
We used a reseller for the deployment called Presidio. We had a good deployment with them.
We also looked at FortiGate.
On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.
You need a dedicated team to manage all of these products and their integration together.
We use the solution primarily for IDS/IPS.
It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.
Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us.
The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified.
We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.
We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.
I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.
We just immediately went with Stealthwatch and did not have a previous solution.
The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.
We did not use a vendor team for the deployment.
We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.
I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready.
We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.
We use this solution for NetFlow statistics.
This solution allows us to be more agile when it comes to troubleshooting our NetFlow and our network systems.
Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before. We have a higher level of visibility for our systems and structures.
It has reduced our incident response time.
The most valuable feature is the graphical analytics that it provides for mobile data.
The solution's analytics and threat detection capabilities are fantastic.
The initial setup is complex, as there is a lot to configure.
It's a rock-solid solution and we do a lot with it.
We bought the biggest box there is, so it's as big as it's going to get.
Technical support is good, although we haven't had any issues.
We switched solutions because we were doing network segmentation and the Cisco program that we were enrolled in required Stealthwatch to be embedded into our core.
The initial setup of this solution is complex. There is a lot to configure, and we're a big university so there is a lot of work that needed to be done.
We bought this solution through three different resellers and the experience was great.
We evaluated Plixer, but half of our medical center was already very familiar with Stealthwatch so it was an easy transition for us.
The vendors on our shortlist were ePlus and First Light. We split the load between them.
My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.
This is a solid solution, and a necessary tool to add insight into our network.
I would rate this solution an eight out of ten.
Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.
This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives.
The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.
When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.
We are still running it but so far it has been really stable.
We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.
Although I wasn't involved in the initial setup myself, it looked straightforward.
We installed the solution ourselves because we are Cisco partners.
The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend.
I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.
We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.
We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.
That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.
It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.
The ability to see a real-time picture of the network is the most valuable for us.
I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.
The product is very stable. No problems at all.
I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.
There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.
I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.
We dealt directly with Cisco for the implementation.
Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.
Our primary uses for this solution are threat management and traffic management.
Our network visibility is pretty significant right now, where we use it within our data centers and even on the OT side of the house. It’s given us pretty good visibility.
This solution has increased our threat detection rate by forty to sixty percent.
Using this solution has helped us to improve threat-remediation timeframe.
It has reduced your incident response time. We use the solution's encrypted traffic analytics. It has significantly improved our capabilities.
The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure.
It is time-consuming to set it up and understand how the tool works.
In our environment, the way we've implemented in phases, the stability is good.
We're going to be looking at this, and I'm hoping that it is scalable across our environment.
I would rate the technical support for this solution extremely well. The professional services have been really good for us.
We did not use another solution prior to this one, and we choose this solution based on Cisco's recommendation after they reviewed our requirements.
The initial setup of this solution is complex. it wasn't necessarily the tool that was complex, but the environment. It had to do with the way our network is and the requirements that we needed to be implemented. This is where the complexity came from.
We had a partner to assist us with the deployment.
Cisco was the only vendor that we considered for this solution.
My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start.
The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for.
I would rate this solution an eight out of ten.
Our primary use case of this solution is for troubleshooting network issues.
This solution has improved my organization because when I have users who are having issues with patching slowness it gives me the ability to be able to proactively troubleshoot and determine what the issue is.
The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use.
I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.
It's very stable.
Stealthwatch is very scalable.
Their technical support is very good. The turnaround has been great.
We used them when we had a bug and the data stream was showing us data reports that weren't accurate. The support helped us with that.
We switched and chose this solution because of the reseller's recommendation.
The initial setup was straightforward. It was easy, the instructions were there. It was pretty straightforward to operate. Your learning curve could be a little bit difficult, but it's up and coming.
We used a reseller for the deployment called SEBok Limited.
I have not seen ROI yet.
Stealthwatch was the only choice.
I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it.
We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.
We are a reseller, and we are able to show demos of this solution pretty quickly. It gets people really excited.
The network visibility has vastly improved for the organizations that I assist with their services. Generally, they do not have lateral visibility into their network. We come in and deploy Cisco ISE, which helps them segment, but they still can’t prove what is going on. Now, with this solution, they have the ability to not only show what a user has tried to do, but they can show where inside of the network it was stopped. From that point, they have verification and can take action.
Our customers are happy with the threat detection rate. I would estimate that it has increased by eighteen to fifty-two percent. This solution definitely improves the incident response time. We always try to help our customers understand this advantage.
It has reduced the amount of time it takes to detect and remediate threats. I’d imagine that it makes it faster for most of our customers. A lot of them spin their wheels trying to get this information out of there, but they don’t actually see the value until they realize that the right search will show the flow immediately. It gets those answers to them quickly.
It helps with the administration. When it comes to creating documentation, you can export those things and paste them onto the back of the report.
I would say that the time to value is approximately a week. It takes this long because the machine learning component has to learn your network first.
The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows.
The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report.
I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning.
I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.
Eliminating Java from the SMC would improve this solution.
It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.
This solution is pretty stable for the most part. I don't like Java, so that's the thing that needs to go, but for the most part, it is a great solution.
This is a really scalable solution. We have done some pretty large deployments, and I have seen the scalability.
I haven't needed to contact technical support for this solution.
We did not use another solution prior to this one. It was like the wild wild west. We set this up in our lab because the internal IT couldn't figure out what everybody was doing. They now have insight into who did what, which is important because we have a lot of intellectual property to protect.
The initial setup is straightforward for me, so when I work with our customers the setup is straightforward for them.
It is a basic, three-tier model that includes flow sensors, flow collectors, and the SMC (Stealthwatch Management Control). These are all named appropriately, so people can understand what is being talked about when they hear it.
After the installation is complete, it takes about a week for the machine learning component to learn your network.
We implement this solution for our customers.
This solution is expensive. Our fees are approximately $3,000 USD.
We did not evaluate other options before choosing this one.
If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this.
The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.
Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.
This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.
I would rate this solution a seven out of ten.
We mainly use this solution for diagnostic information.
Being able to see the actual data flows transiting the network versus what we had planned is a great sanity check for our overall design planning. It is also useful to be able to make sure that we track the load that we anticipate.
The core reason we purchased this product was to increase our visibility of where the traffic sources and destinations were, as opposed to just raw data that is on the interface.
Stealthwatch has also reduced 10% of false positives. We're kind of limited to the deployment of Stealthwatch right now.
It saves us administrative work and design.
Being able to identify specific data closed across the network is invaluable.
Their analytics and threat detection capabilities are good. We're able to pick out the individual traffic flows for specific users and even individual sessions across the network and reconstruct timelines of activity after the fact, if needed, or use the data in real time to plan out network capacity and growth.
Stealthwatch is a very stable solution.
We've had problems with element licensing costs so scalability is a concern.
The technical support provided is excellent.
We used NetFlow before, so Stealthwatch was pretty much the only game in town for getting the level of detail that we were looking for out of the transport network. It was a natural choice.
We used a vendor for the implementation.
Licensing is on a yearly basis, but I have no idea what the costs are.
We work very closely with Cisco directly and therefore we really just looked at Stealthwatch, because it was Cisco's product and they said this is what we do.
You definitely need something to do flow level analysis.
The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.
I would rate this solution as seven out of ten.
Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.
Cisco Stealthwatch has improved our organization's analytics and threat protection capabilities by catching threats early on. We are still at the baselining stage, but I can also say that our organization improved dramatically when we found out that a host was constantly talking to an FTP server. It turned out to be an employee that was going to be terminated and he was trying to pull data from the FTP server constantly. He pulled three or four GBs and we caught it with this tool. It saved us a net fortune.
The solution has also increased our threat detection rate dramatically and that gives us time to remediate those threats.
The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all.
One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard.
It is extremely stable. I haven't had a crash since installing it.
It is very scalable. You only have to purchase more licensing. As far as I understand, it can become as big as you want it to become and how many net flows you can afford.
The technical support is awesome. Anytime I call Cisco Tech, they call me back within thirty minutes or an hour with an answer to solve the problem. The guides that they have within the product itself are pretty self-explanatory. As long as you're willing to sit down and read it, you don't even need to call tech.
My superior asked what this host was doing within our network, what data he was pulling and why he had it on this PC. We couldn't answer to say that he wasn't pulling data from that server or what data he was in fact pulling. So we had to find a solution to answer those questions. We are a Cisco shop so we kind of just went for this solution.
The initial setup was straightforward. They explained the steps that they were going to do and they had it deployed within about two hours. It didn't take long and now we're just doing the baseline, which takes about three months.
Yes, we used Network Center and they were good.
I can foresee that this solution will save us an immense lot of work in the future. Instead of having 20 people looking at logs and sifting through logs, you could have one individual simply sifting through this. It will be a lot easier and less time-consuming.
So the time to value of this solution is great. For every person you're going to pay about $70 or $80,000 a year, you would now only have to pay one individual instead of 20.
This solution is a little expensive. Open-source is obviously a key to victory in some people's eyes but with open-source, you can't pay anybody. So it could be a little cheaper, but it has great functionality.
One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten.
We provide this solution to our customers to give them visibility into their network.
This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.
It has reduced our incident response time by around forty percent.
It saves time, money and administrative work for our customers.
The most valuable features provided by this solution are visibility and information.
The solution's analytics and threat detection capabilities are good. Network visibility is also really good.
The encrypted traffic analytics work well, I don't see any problem with it.
The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.
It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.
Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.
Speed is an issue because the faster you have visibility, the better the solution.
I would say that the stability of this solution could be better.
The scalability is okay.
Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.
Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.
The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.
I performed the deployment myself.
We did not evaluate other options before choosing this solution.
In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.
I would rate this solution an eight out of ten.
Our primary use for this solution is to help protect against threats on our network.
This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.
Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.
In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.
It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.
The most valuable feature is having visibility into the data segments throughout our network.
Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.
There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.
I would like to see more expansion in artificial intelligence and machine learning features.
There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.
There are no stability issues with the product.
I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.
We have not yet had to scale the solution.
Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.
We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.
Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.
We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.
We pay for support costs on a yearly basis.
We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.
This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.
The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.
All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.
My advice for anybody implementing this solution is to get training on it before their deployment.
I would rate this solution a nine out of ten.
Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.
The solution's ability to detect threats and provide remediation greatly improved our company.
Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.
Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.
It has also reduced false positives by about 5%.
Stealthwatch saves us time, money, and administrative work.
The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.
Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.
Complexity on integration is not so straightforward and you really need an expert to help build it out.
The solution's stability is very good.
Its scalability is pretty good. We're about to roll it out bigger.
I would probably give their technical support a nine out of ten.
We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.
The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.
We used Presidio with actual Cisco people doing the work. We had a very good experience with them.
Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.
On a yearly basis, licensing is somewhere around $30,000.
We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.
The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.
My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.
I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.
The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.
Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.
It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.
I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.
It may have reduced the time to detect and remedy threats a little.
It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.
I'm sure Stealthwatch saves us time, money, and administrative work.
The ability to send data flow from other places and have them all in one place is very valuable for us.
I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.
It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.
We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.
I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.
In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.
I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.
The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.
In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.
I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.
Our primary use is to monitor our network, especially our remote branches.
Stealthwatch has decreased our troubleshooting steps and also cut down on the amount of time it takes us to resolve an issue.
We're able to map out our environment using Stealthwatch and we can see where our data is going, throughout our network.
Stealthwatch reduced our incident response rate, as well as the amount of time it takes to detect and remediate threats by about 25%.
This solution saves us time, money, and administrative work.
The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems.
In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing.
The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.
The solution's very stable. Even through the upgrades after Cisco's acquisition, it has proved to be very stable.
It scales very well.
We haven't had to use it much. When we have, it's been similar to most Cisco technical support, which is very knowledgeable and helpful.
We previously used SolarWinds. The version of SolarWinds that we were using didn't give us the visibility that we needed, so we switched to Stealthwatch.
The initial setup was straightforward.
We have seen a return on investment, from the fact that we now take less time to resolve an issue because we have Stealthwatch. We can capture some data in real time, or we can actually go back in the history base if we have to, to see where the issues may have started, and we also have baselines.
Their time to value is very good. We've upgraded and we just relicensed, so this is definitely a product that we use.
The yearly licensing cost is about $50,000.
We evaluated SolarWinds, WhatsUp Gold, and a couple of others that I can't think of right now.
My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.
I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.
Our main reason for using Stealthwatch is it gives us visibility.
Stability is the most valuable feature we have seen in this solution.
Stealthwatch needs improvement when it comes to speed.
The solution's stability is good.
I think this solution is okay with scale.
I think their technical support is great.
The initial setup was straightforward.
Time to value is very good for Stealthwatch.
I would rate Stealthwatch as an eight or nine out of ten.
Our primary use case for Cisco Stealthwatch is to ensure net flow.
Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization.
The most valuable feature of this solution is that it give us insight into what's happening in our network.
I don't really think we really save time while using this solution.
Cisco Stealthwatch is quite stable.
It all depends on the platform you are using, but I think it is pretty scalable.
The configuration of the solution was quite complex so I won't say that it is straightforward to set everything up.
We used a vendor, Cisco, for implementation.
I believe ROI will take around a year.
We also look at Red Hat.
I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.
We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.
Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate.
Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.
I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.
The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.
I never had to use technical support before.
The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great.
We haven't seen ROI.
I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.
For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.
Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen.
I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now.
The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.
We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.
The solution is very stable and we haven't had any crashes yet.
Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.
I do know we have used the support before and it was good enough to get our problems fixed.
We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.
The initial setup was pretty straightforward and sufficient. It's good.
I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on.
Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.
Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.
This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.
This savings brought about by implementing this solution has allowed us to cut one position.
It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent.
The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.
There is room for this solution to mature because there are still things that we want to see.
The reporting of day-to-day metrics still has room for improvement.
This solution is very stable.
We're kind of immature, right now, in our implementation, but I see it growing.
We have not used technical support at this point.
We were archaic in terms of reporting.
I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.
It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.
We handled the deployment in-house.
The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.
The pricing for this solution is good.
We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.
My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.
The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.
This is a good product, but there are still things that we would like to see.
I would rate this solution a nine out of ten.
We use Stealthwatch mainly for security.
Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.
It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.
The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.
I would like to see some improvement when it comes to reporting.
The stability of the solution is fair.
Stealthwatch has a good level of scalability.
I would consider their technical support as "fair."
We were using SolarWinds and we are still using SolarWinds, so we use both.
The initial setup was complex, especially as it came to configurations.
We used an integrator for deployment. We had a pretty good experience with them.
The licensing costs are outrageous, but Stealthwatch has a good time to value.
You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.
I would rate Stealthwatch as seven out of ten. It's easy to use.
We use Cisco Stealthwatch mostly for network visibility and security. I believe the solution reduces false-positives by flagging it as potential threats.
In terms of how this solution has affected network visibility, we're finding devices that junior network engineers, people who don't want to wait for proper channels, have added to the network. This solution enables us to find them and shut them down.
It has reduced our incident response time. We can now narrow down where incidents are happening, so it very helpful for our organization.
The features I find most valuable is the deep level of knowledge that we get on every device as well as what other devices it's talking to.
Analytics and threat detection capabilities are a little overwhelming. I would say it's about average.
The solution reduces the amount of time it takes to detect and remediate threats.
So far we haven't had any issues with the stability of the solution. We haven't gone through a major upgrade cycle yet.
Our initial deployment was built out to the right size for our organization.
There hasn't been any need to ask for technical support since our initial deployment, where we used a reseller.
The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types.
We used a reseller for the deployment, CDW.
We evaluated Plixer, but the fact that Stealthwatch was Cisco integrated, sold it for us.
My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.
The primary use case for Cisco Stealthwatch is for us to sell it.
It has improved my organization's network visibility from zero because before we had installed this solution, we weren't doing anything to protect us from threats. I believe this solution has reduced our incident response time.
The features I find most valuable about Cisco Stealthwatch its integration with the pxGrid and all of our other devices that are tied in with pxGrid, so they can communicate with each other and be able to dynamically change, quarantine a suspicious device, or do whatever necessary in case of a malware attack or similar problem.
Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.
This solution is very stable.
I believe there isn't much to scale for it and I think it all depends on how many nodes you're running in the environment. I will say the scalability is fairly decent.
I haven't had to use technical support yet. I've only read through the pages of documentation.
The initial setup was a little complex since I haven't set it up before.
It is hard to say yet, but at least we can tell customers that we've detected a threat, and it can be stopped in time.
For our organization, it is cheap, but for other customers, it may be fairly expensive.
As we are resellers of Cisco Stealthwatch, we hope to save time, money, and administrative costs once we start selling more of these solutions.
I am responsible for the security of our organization's devices, so I did look at other options. Since this solution ties into other products, I wanted to use Duo Security and tie that together with StealthWatch.
I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout.
My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.
The Cisco IOS is very important because that is what we have to teach our students.
There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.
It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.
I think in order to master the network security issues it's complex. The deployment took a week or so.
I think that maybe we need more products for our students to try and to master. It's part of their learning.
I would rate this solution as nine or ten out of ten.
Our primary use case for this solution is security.
We are currently adding test cases for the solution and it is not yet in a live production environment.
The most valuable feature is integration.
I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.
In terms of the user interface, navigating through the drill down windows needs to be improved.
This solution seems to be stable.
This is a cloud-based solution, so it is very scalable.
We have not used technical support.
We did not use another solution prior to this one.
The initial setup for this solution is complex, at least in the beginning.
It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.
We are still in beta testing.
Because we are still testing, we do not yet know what our licensing fees will be.
We did not evaluate other options.
My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.
I would rate this solution a seven out of ten.
This is a security solution for us and our customers. We use it for port monitoring aggregation and doing captures.
We had some trouble with the installation as we migrated from our previous solution.
It has been pretty stable since we deployed it, and everything seems to be working fine.
That scalability seems to be ok, although we did have some concerns. Potentially, we are going to be looking at 100-gigabit links, and the version of the solution that we deployed does not support that. That is a long-term concern, rather than an immediate one.
We had some technical questions when we were doing the initial deployment, and they were very good in helping us with that.
Prior to this solution, we used an ad-hoc, internal system. We knew that it had to be replaced because it was not passing the audit as per our set standards. Ultimately, that drove us to look for a more standardized solution.
The initial setup for this solution was fairly complex. This was, in part, because of where we placed it in our network and the removal of our old system. It involved mapping it from the old to new so that it will be able to maintain the same functionality in our network.
We used an integrator to assist with the implementation.
Cisco is our biggest primary vendor, so it was an easy go-to for this solution.
My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.
This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.
I would rate this solution an eight out of ten.
We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.
The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.
We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.
The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.
Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.
Stability is what we're looking for in production. Stability is everything.
The stability of the solution seems fine. It hasn't crashed yet.
Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.
For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.
The customer service has been fine, normal. It meets our expectations.
We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.
We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.
We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early.
There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.
Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.
Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.
The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.
In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.
On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work.
A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.
Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.
Deploying the virtual machines made our storage have artifacts. But that was expected.
Make sure you resource it correctly because it's going to use more than you expect.
Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.
It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.
This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.
Stealthwatch increased the threat detection rate, but not our incident response time.
It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.
The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.
Their analytics and threat detection capabilities are good, too.
We haven't had any stability issues so far, but we have only been running it for half a year.
The scalability is good, seen from a license perspective, as well.
We haven't really used the technical support yet, but in general, they are good.
The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.
We deployed it ourselves.
I don't think we have saved money, to be honest. But you cannot measure security and money.
We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.
Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.
I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.
I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.
Stealthwatch is primarily a network monitoring tool.
Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.
Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.
This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.
Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.
Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.
We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.
It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.
At my company, we might not be using it enough with other applications that we have that can integrate with it.
We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.
Stability is really good. I don't think we ever had an issue with it.
The initial setup was straightforward. It wasn't difficult.
I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.
Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.
The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.
I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.
We use Stealthwatch to identify any risk or vulnerabilities in the environment.
Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.
The cognitive analytics really helps us analyze the traffic.
The most valuable feature is its alerts and dashboard.
The solution's analytics and threat detection capabilities are also pretty reasonable.
It's too complicated to install when starting out.
Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.
Availability is another issue. You need a couple of days to get it to work.
It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.
Their technical support is very good.
The initial setup was complex. Sensor and controller installation was especially complex.
I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.
We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.
The network visibility feature opens up a whole new pane of glass that didn't exist before, so when you talk about being able to look into your network and understand what's there for security events, impostering, and everything that Stealthwatch can bring to the table, there's nothing else that a typical customer's going to have installed today that will give them any of that information.
Stealthwatch has definitely increased our threat detection rate. I would say on average probably close to 100%. Especially in the market that we play in, which is largely commercial, a lot of customers are just getting into this, so they literally had nothing and now they have a lot.
It has also reduced our incident response time and the time it takes us to detect and remediate threats, at times by months. In addition, Stealthwatch has helped us reduce false positives.
Stealthwatch helps us save time, money, and administrative work. If you talk about a simple security event that a customer has to react to if they don't have the visibility you don't find out about it until something even worse happens. For example, somebody worked to get into your financial systems and they were somehow siphoning money out, not only did they get in and you didn't detect that, but now money is disappearing out of your account. So the ability to detect that threat immediately and remediate it is the true value of that reliance.
The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco, so while some of the competition may have other products that could be better or provide a better administrative experience, they don't have the breadth that Cisco does. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that.
Stealthwatch has analytics and threat protection capabilities up there with the industry best. It's a super powerful database on the backend, basically giving you access to all the latest and greatest threat detection events that are out there, and they're constantly being updated and monitored, so that's probably the best part about having something like that.
I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.
Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.
Stealthwatch seems to be rock solid.
We haven't had any issues with scalability yet.
I would give the technical support seven out of ten. When it first came out, the big problem was Cisco obviously didn't have a giant technical team behind it, but that's true of any new product. Over time it has steadily gotten better, so they can solve most problems in a reasonable amount of time at this point.
On a scale of one to ten, I'd call it a six out of ten. Do you need seasoned engineers to put it in? Yes. Do you need a rocket scientist? No.
We definitely have gotten an ROI. Look at incidents in the security space when customers are hit with malware or anything like that. These are incidents that cost thousands of dollars or potentially millions of dollars, so the first incident that you prevent, it probably just paid for itself.
The solution's time to value is one of those things that depends on what the customer has in their environment. If they have relatively little security strengthening in their environment, this is something that brings near immediate full value of the product directly to the customer's hands. Obviously, if it's part of a bigger support portfolio that the customer has, it just depends on what they already have or don't have in that environment.
The market that we play in there's a lot of value very often because sometimes this is the first product that they're investing in.
Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.
The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.
I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”
We use Cisco Stealthwatch for security and network analytics. The solution saves you time, money, and administrative work. If we have the device support, it means that I don't have to send someone in a car to go to be local on the site and look at whatever the issue is.
Our limitation is that Cisco Stealthwatch doesn't have visibility over everything. When we can use it, it gives us direct information. We use this information not only for analyzing security threats but as well as just for general network performance in the places it has view of.
The solution affected network visibility in our organization fairly well. Without it, I have almost no visibility. It requires me to send people to different sites to manually get captured or to look at the network.
The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.
The analytics and threat detection capabilities of Cisco Stealthwatch are pretty good. It gives us good visibility of the information. It is easy to use and to the point.
The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.
I've never known it to go down or have availability issues.
Cisco Stealthwatch is scalable with money. It's expensive.
I haven't dealt with Cisco customer service directly.
The initial setup was before I was at the company. It was over six years ago.
We used an integrated reseller for the deployment called Set Solutions. Our experience with them was pretty good.
On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.
The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.
It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.
Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.
We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.
We recently got a security team. They've been more hands-on. They are not intuitive to networks.
Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.
The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.
The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector.
It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.
We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security.
I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI.
We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.
As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.
We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading.
Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector.
As far as scalability for the one that we purchased, it was not that great.
I haven't had to use their technical support services.
We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.
Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.
Stealthwatch has almost everything we need. There's no reason to evaluate anyone else.
We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.
The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.
The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes.
As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need.
It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.
Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.
I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it.
Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.
The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12.
I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.
We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.
We're still deploying it across our enterprise. A lot of our data analytics are still in the making.
The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.
Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.
We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.
There's a lot of traffic on our network that we don't see sometimes.
The product is stable. We have not had any downtime with it.
Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances.
We would like to license the product across all of the different hardware we have.
Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do.
Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.
We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things.
We've got Cisco guys onsite and we talk with those guys all the time.
Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.
The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.
We try to find ROI but sometimes, but it's just not there. It's all about the security posture.
We pay a yearly license.
Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.
Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.
I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.
Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.
We implemented Stealthwatch Cloud in order to provide our analysts with an additional tool for security monitoring.
This tool provides another method for security analysts to triage security alerts. The artifacts available in the tool provide better information for analyzing network traffic.
It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.
I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.
If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.
No issues with stability.
No issues with scalability. Collecting NetFlow data is not hard, however, there is a chance you’ll end up with a huge amount of data that needs investigating. It might be a good idea to deploy gradually, by network segment.
Technical support has been excellent. I would not hesitate to work with them again. The engineer I worked with was knowledgeable.
No previous solution.
The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from NetFlow-enabled devices to provide a context for network utilization.
One thing to keep in mind is that pricing is based on flow. If your environment is a Cisco shop, there should be an option to bundle it with certain purchases.
I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.
Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.
I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.
Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.
It is a monitoring solution and network, because many times what we see is circuit oversaturation. Then, we want to know why and where it is coming from.
We were using Stealthwatch before the upgrade, since it came out. We have a good partnership with Cisco. We have NAS engineers. We have a quarterly meeting with Cisco. Generally, when they come out with a new solution, like when Stopwatch first came out, we jump on board. Therefore, we have been with it for awhile.
Our company is global and has various manufacturing plants over the globe along with branches. What we have found from a productivity policing perspective is we have had some of these locations abuse their on-net circuit. They will put it on Netflix and go watch movies when they are not supposed to, and we could not stop it. Unfortunately, we did not know what was going on. In the past, what we used to do was live and work with it. Thus, the company increased the circuit, and we were spending more, not knowing why.
When Stealthwatch finally came in, we were able to look into that pocket and flow, saying, "They are going to Facebook. They are going to YouTube. They are going to Netflix."
Based on other solutions that we had in place (Sourcefire, etc.), we were able to block the center accessing these type of features and apps. This brought down the circuit utilization significantly, then we were able to recoup costs. It saved a lot of money bringing down the circuit. Now, it is not abused anymore.
Visibility. The ability to look East and West. To see what is passing through your circuits, where it is coming from, and how big it is. This is pretty key for us. It is the network.
From a security standpoint, it is seeing pockets as well. Visibility is very key for us.
In the last year or two, we have been working with our Cisco NAS engineers to improve our security posturing. It is more our being proactive rather than reactive. While Stealthwatch and Lancope have this ability to look inside and give you visibility (a great feature), follow-up is the rule. We would like filters that you can put into place to tap onto certain types of behaviors, alerts out, and/or hopefully a block. This is sort of what we are looking for.
I might be speaking too early, because we are not down this path yet. We know the feature set is there, we just do not know yet how to achieve it. That is proactive rather than more reactive.
For Lancope Stealthwatch, we would like to see it more on the ASA Firewall platform. While this might already be available, this is more a failing of Cisco to inform us if it is there. For example:
It is about visibility.
It has been pretty stable. The deployment is the SNC which is located in our headquarters. Then, you have collectors and sensors which are sitting out there in our various eye pop points: East and West points out the door. The sensor sits on the standpoint, therefore it sees everything. The collector, you point to it, and it has been pretty stable in that regard.
Previously, the one thing which drove us crazy about the product was it seemed to be pretty locked on certain versions of Java. Now, it appears to have been improved. Thus, we are very happy with that.
In terms of improvement overall, we would like to see less reliance on Java and possibly a self-contained REST API package, either client or web-based would be nice rather than locally in Java. This would be a nice feature set.
Integration would be nice too. We are a pretty big Cisco shop. From ICE to our WCs. We are growing while we are looking at other products and solutions out there. Those solutions being FireEye or Palo Alto. Is there an integration where maybe East-West Lancope can see this type of traffic, then send updates and work lists with other products to say, "Block this as this is bad," other than the blocking point being Stealthwatch?
I understand Cisco has AMP Threat Grid. This is their ecosystem, and it is supposed to coordinate and work together in making the setup easy.
Self-pushes to the cloud, as long as your Cisco-based products report to the same cloud point, then you are all sharing data that way. That is still very Cisco-centric. It would be nice to see a little bit more integration with Palo Alto, FireEye, and VScanner, therefore not all being Cisco-based.
For scalability, we probably want to see more NetFlow availability in other infrastructure products. We know it is there in routers, switches, and foundation. We know we can send it to the box. These are our current questions about NetFlow expansion:
I do not think it is ready yet, or stable, and expanding NetFlow would be huge.
Generally, when we do something with Lancope or Stealthwatch, either we play with the interface ourselves or we use our NAS engineer. I do not think there has been a situation where we looked for support on a tech case unless there is something really wrong. We have possibly had to contact them one time because of a bad disc.
We used Riverbed, and it is probably still around as some people can't let go of their old tools.
When we saw what Lancope can do, not just from a visibility perspective, but from a network and security perspective, we jumped on board. Having security tied to the product is what really made it win out. We jumped in all the way. We spent close to a million, because there was a shared infrastructure between two companies. Every eye pop that we bring up or upgrade, Stealthwatch is there. We ensure it is there.
It was pretty straightforward. Once you get the template down, you get to the eye pop or an egress point, then you need one sensor. Deployment is easy.
Today, the company is part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that.
One of the things which bugs me about Lancope is the licensing. We understand how its licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. We bought a ton of product. Somewhere within the purchase and distribution, licensing got mixed up. This is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of ours to them. To date, they have never been able to fix it. We still see this license issue pop up on our screen.
NetFlow is very expensive.
The only other option was the one we were using at the time, which may not even be comparable because of visibility, and that was Riverbed. Riverbed was extremely expensive.
Stealthwatch came out, and we jumped on board. It was not only cost alone that made us go with it. It was security which pushed us over the edge. The possibility of seeing in the packet these potentially proactive measures; things you can do to see patterns. The features were what won out.
Come up with a template, then choose a center, choose a region, choose a plant, etc. Figure out how you want the deployment to go, then replicate it. Turn it into some sort of kit. As you stand up more places, or you deploy to other places, it will follow that template, then you are set and done.
This also extends to the config file, which is a bit more problematic. Depending on how large you are (we are very large), you do not always have the same model number of router. For example, we could have 1002X, 1001, and 1002X. They do not always align in terms of what that NetFlow configuration looks like. Some people put NetFlow on a switch.
Make sure that you are aware of that and you have the best template you can. Get your ducks in a row before you deploy, or else it is going to extend your deployment.
Con: Reliance on Java. Get away from that.
If they can make this product more web-based, that would be amazing. I do not know the feasibility of that, but it seems like everything is going towards that direction anyway. The sooner Cisco can make use of the app rather than Java, the better.
Provides easily identifiable anomalies that you can't see with signature detections.
NetFlow: The beginning of any security investigation starts with NetFlow data.
One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints.
I have known these guys for a long time. They are completely familiar with their product.
We did not have a previous solution.
The initial setup is very straightforward.
The vendor helped in every step of the installation.
Licensing is done by flows per second, not including outside (in traffic).
I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use.
There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.
Also, it is great for a network segmentation project.
SMC and FC, though they are components, not features.
Most valuable features are the network maps and server and network response time. Maps is a unique feature which provides logical grouping of different segments of the network with complete visibility and alerting based on a total or protocol base as per defined threshold. So, one can check how many connections to the server and/or on the protocol, and who is consuming the most bandwidth. This is done, while the server and network response time provide quick identification of root cause of slow response from the server.
Provided complete network visibility and made troubleshooting easy.
I have used Cisco Stealthwatch for four to five years: versions 5.0 to 6.22.
Yes. The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure.
No, we did not use a different solution.
Pricing is much higher compared to other solutions.
It is a good product. I don't see any matching product with level of detailed information.
There's nothing like it and a dream to operate, very intuitive. The most valuable feature is NetFlow. The beginning of any security investigation starts with NetFlow data.
Easily identifiable anomalies that you can't see with signature detections.
I am so familiar with the product I would say none. Lancope has always listened to customer input for product enhancements. One update I would like to see is an agent-based client. Currently StealthWatch is network based. A local agent could help manage endpoints.
I've known those guys for a long time. They are completely familiar with their product.
Very straightforward. They helped in every step of the installation.
Licensing is done by flows per second, not including outside>in traffic.
I have tried the Sourcefire solution but StealthWatch wins because of ease of use.
Go for it. Also great for your network segmentation project.
I value the feature which enables me to detect devices talking to suspect IPs.
We can now see what is going on in our network.
We need to be able to filter out internal IPs as non-threats.
We have been using the product since 2008.
We did not encounter any issues with stability.
We did not encounter any issues with scalability.
The technical support is good.
We did not use any other solution previously.
The initial setup was relatively easy, though different devices need different configurations for the flow exports.
It is worth the cost.
We evaluated Arbor.
Get it in and see what you can see!