We just raised a $30M Series A: Read our story

Cisco Stealthwatch OverviewUNIXBusinessApplication

Cisco Stealthwatch is the #3 ranked solution in our list of top Network Detection and Response (NDR) tools. It is most often compared to Darktrace: Cisco Stealthwatch vs Darktrace

What is Cisco Stealthwatch?

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

Cisco Stealthwatch is also known as Cisco Stealthwatch Enterprise, Lancope StealthWatch.

Cisco Stealthwatch Buyer's Guide

Download the Cisco Stealthwatch Buyer's Guide including reviews and more. Updated: October 2021

Cisco Stealthwatch Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF

Cisco Stealthwatch Video

Archived Cisco Stealthwatch Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JH
Chief Consultant at a tech services company with 11-50 employees
Consultant
Good anomaly and malware detection, and highly-rated technical support

Pros and Cons

  • "The most valuable feature is anomaly detection, where it finds things that are not allowed internally."
  • "The usability of this solution needs to be improved."

What is our primary use case?

We are a system integrator and I have implemented this solution for one of our customers.

This solution is normally used for anomaly detection and malware detection.

It is deployed on-premises.

How has it helped my organization?

The organization now have a better overview how their traffic is flowing.

What is most valuable?

The most valuable feature is anomaly detection, where it finds things that are not allowed internally.

What needs improvement?

The usability of this solution needs to be improved.

The initial setup of this solution can be simplified.

For how long have I used the solution?

We have been using this solution for three months.

What do I think about the stability of the solution?

The stability of this solution is good.

What do I think about the scalability of the solution?

We have three people who are using this solution.

How are customer service and technical support?

I would rate technical support for this solution highly.

Which solution did I use previously and why did I switch?

We used Darktrace before.

How was the initial setup?

The initial setup of this solution is complex.

What other advice do I have?

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
SL
Network Administrator at a retailer with 1,001-5,000 employees
Real User
Enables us to run our call center 24/7 and has good tech support engineers

What is our primary use case?

Our primary use case is for it to run our call center 24/7 365 days a year. 

What is most valuable?

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

What needs improvement?

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

What do I think about the stability of the solution?

So far we've had a good experience with stability. We've run into some issues with the configuration. 

What do I think about the scalability of the solution?

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

How are customer service and technical support?

Most of the engineers I've worked with have been really…

What is our primary use case?

Our primary use case is for it to run our call center 24/7 365 days a year. 

What is most valuable?

There's a lot of stuff on the new version we haven't had the chance to work with yet. 

What needs improvement?

We're trying to upgrade to the newest release. We're running a version that's three versions behind. 

What do I think about the stability of the solution?

So far we've had a good experience with stability. We've run into some issues with the configuration. 

What do I think about the scalability of the solution?

It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable. 

How are customer service and technical support?

Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.    

Which solution did I use previously and why did I switch?

We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products. 

What about the implementation team?

We had engineers that set it up. There were some problems that Cisco support came to fix. 

What other advice do I have?

I would rate it an eight out of ten. 

Check the vendors and the options out there to see how they can meet your needs. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Cisco Stealthwatch. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,108 professionals have used our research since 2012.
JM
Sr Network Engineer at a insurance company with 5,001-10,000 employees
Real User
Tracks anomalies in real time but is challenging to scale to the size of our environment

Pros and Cons

  • "Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job."
  • "They should include Citrix VDIs in the next release."

What is our primary use case?

Our primary use case for Stealthwatch is endpoint security.

How has it helped my organization?

Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.

It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.

What is most valuable?

The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.

What needs improvement?

They should include Citrix VDIs in the next release.

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

It's challenging to scale as big as our environment.

How are customer service and technical support?

I highly recommend their technical support.

Which solution did I use previously and why did I switch?

We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.

How was the initial setup?

The setup was of moderate complexity because of the Citrix environment.

What about the implementation team?

We used a reseller for the deployment called Presidio. We had a good deployment with them.

Which other solutions did I evaluate?

We also looked at FortiGate.

What other advice do I have?

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.

You need a dedicated team to manage all of these products and their integration together.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BS
Director of Networking and Telecom at a healthcare company with 1,001-5,000 employees
Real User
Dependable solution that is able to pinpoint where we have vulnerabilities if they occur

Pros and Cons

  • "It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur."
  • "The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified."

What is our primary use case?

We use the solution primarily for IDS/IPS.

How has it helped my organization?

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

What is most valuable?

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

What needs improvement?

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

For how long have I used the solution?

We have been using the product for more than six months.

What do I think about the stability of the solution?

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

What do I think about the scalability of the solution?

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

How are customer service and technical support?

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

Which solution did I use previously and why did I switch?

We just immediately went with Stealthwatch and did not have a previous solution.

How was the initial setup?

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

What about the implementation team?

We did not use a vendor team for the deployment.

Which other solutions did I evaluate?

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

What other advice do I have?

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Douglas Bentley
Assistant Director of IT at University of Rochester Medical Center
Real User
Generates helpful graphical analytics for mobile data

Pros and Cons

  • "Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before."
  • "The initial setup is complex, as there is a lot to configure."

What is our primary use case?

We use this solution for NetFlow statistics.

How has it helped my organization?

This solution allows us to be more agile when it comes to troubleshooting our NetFlow and our network systems.

Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before. We have a higher level of visibility for our systems and structures.

It has reduced our incident response time. 

What is most valuable?

The most valuable feature is the graphical analytics that it provides for mobile data.

The solution's analytics and threat detection capabilities are fantastic.

What needs improvement?

The initial setup is complex, as there is a lot to configure.

What do I think about the stability of the solution?

It's a rock-solid solution and we do a lot with it.

What do I think about the scalability of the solution?

We bought the biggest box there is, so it's as big as it's going to get.

How are customer service and technical support?

Technical support is good, although we haven't had any issues.

Which solution did I use previously and why did I switch?

We switched solutions because we were doing network segmentation and the Cisco program that we were enrolled in required Stealthwatch to be embedded into our core.

How was the initial setup?

The initial setup of this solution is complex. There is a lot to configure, and we're a big university so there is a lot of work that needed to be done.

What about the implementation team?

We bought this solution through three different resellers and the experience was great.

Which other solutions did I evaluate?

We evaluated Plixer, but half of our medical center was already very familiar with Stealthwatch so it was an easy transition for us.

The vendors on our shortlist were ePlus and First Light. We split the load between them.

What other advice do I have?

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools.

This is a solid solution, and a necessary tool to add insight into our network.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RF
Senior Network Engineer at a comms service provider
Real User
Has reduced our incident response time and false positives

Pros and Cons

  • "The most valuable feature about this solution is that it gives me insight of my network."
  • "It hasn't really improved our direct detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution."

What is our primary use case?

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

How has it helped my organization?

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

What is most valuable?

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

What do I think about the stability of the solution?

We are still running it but so far it has been really stable.

What do I think about the scalability of the solution?

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

How was the initial setup?

Although I wasn't involved in the initial setup myself, it looked straightforward. 

What about the implementation team?

We installed the solution ourselves because we are Cisco partners.

Which other solutions did I evaluate?

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

What other advice do I have?

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Ken Poteate
Security Analysist at Amwins Group
Real User
Improved our internal knowledge of what's going on with the network but the reporting should be cleaner

Pros and Cons

  • "It has improved our internal knowledge of what's going on with the network, and that's helpful."
  • "I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity."

What is our primary use case?

We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.

We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.

That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.

How has it helped my organization?

It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.

What is most valuable?

The ability to see a real-time picture of the network is the most valuable for us.

What needs improvement?

I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.

What do I think about the stability of the solution?

The product is very stable. No problems at all.

How are customer service and technical support?

I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.

Which solution did I use previously and why did I switch?

There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.

How was the initial setup?

I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.

What about the implementation team?

We dealt directly with Cisco for the implementation.

What other advice do I have?

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
UN
Director of Operations at a manufacturing company with 1,001-5,000 employees
Real User
Has significantly increased our network visibility and threat detection rate

Pros and Cons

  • "The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure."
  • "It is time-consuming to set it up and understand how the tool works."

What is our primary use case?

Our primary uses for this solution are threat management and traffic management.

How has it helped my organization?

Our network visibility is pretty significant right now, where we use it within our data centers and even on the OT side of the house. It’s given us pretty good visibility.

This solution has increased our threat detection rate by forty to sixty percent.

Using this solution has helped us to improve threat-remediation timeframe.

It has reduced your incident response time. We use the solution's encrypted traffic analytics. It has significantly improved our capabilities. 

What is most valuable?

The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure.

What needs improvement?

It is time-consuming to set it up and understand how the tool works.

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?

In our environment, the way we've implemented in phases, the stability is good.

What do I think about the scalability of the solution?

We're going to be looking at this, and I'm hoping that it is scalable across our environment.

How are customer service and technical support?

I would rate the technical support for this solution extremely well. The professional services have been really good for us.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one, and we choose this solution based on Cisco's recommendation after they reviewed our requirements.

How was the initial setup?

The initial setup of this solution is complex. it wasn't necessarily the tool that was complex, but the environment. It had to do with the way our network is and the requirements that we needed to be implemented. This is where the complexity came from.

What about the implementation team?

We had a partner to assist us with the deployment.

Which other solutions did I evaluate?

Cisco was the only vendor that we considered for this solution.

What other advice do I have?

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start.

The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SD
Network Manager at a healthcare company with 1,001-5,000 employees
Real User
Enables us to proactively troubleshoot and determine what an issue is

Pros and Cons

  • "It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it."
  • "I would like to see better filters."

What is our primary use case?

Our primary use case of this solution is for troubleshooting network issues.

How has it helped my organization?

This solution has improved my organization because when I have users who are having issues with patching slowness it gives me the ability to be able to proactively troubleshoot and determine what the issue is.

What is most valuable?

The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use. 

What needs improvement?

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.

What do I think about the stability of the solution?

It's very stable. 

What do I think about the scalability of the solution?

Stealthwatch is very scalable.

How are customer service and technical support?

Their technical support is very good. The turnaround has been great. 

We used them when we had a bug and the data stream was showing us data reports that weren't accurate. The support helped us with that. 

Which solution did I use previously and why did I switch?

We switched and chose this solution because of the reseller's recommendation. 

How was the initial setup?

The initial setup was straightforward. It was easy, the instructions were there. It was pretty straightforward to operate. Your learning curve could be a little bit difficult, but it's up and coming.

What about the implementation team?

We used a reseller for the deployment called SEBok Limited. 

What was our ROI?

I have not seen ROI yet. 

Which other solutions did I evaluate?

Stealthwatch was the only choice. 

What other advice do I have?

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AR
Technical Consultant at a tech services company with 501-1,000 employees
Consultant
Improves security through better lateral visibility, but better integration with Firepower is needed

Pros and Cons

  • "The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows."
  • "It would be better to let people know, up front, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed."

What is our primary use case?

We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.

How has it helped my organization?

We are a reseller, and we are able to show demos of this solution pretty quickly. It gets people really excited.

The network visibility has vastly improved for the organizations that I assist with their services. Generally, they do not have lateral visibility into their network. We come in and deploy Cisco ISE, which helps them segment, but they still can’t prove what is going on. Now, with this solution, they have the ability to not only show what a user has tried to do, but they can show where inside of the network it was stopped. From that point, they have verification and can take action.

Our customers are happy with the threat detection rate. I would estimate that it has increased by eighteen to fifty-two percent. This solution definitely improves the incident response time. We always try to help our customers understand this advantage.

It has reduced the amount of time it takes to detect and remediate threats. I’d imagine that it makes it faster for most of our customers. A lot of them spin their wheels trying to get this information out of there, but they don’t actually see the value until they realize that the right search will show the flow immediately. It gets those answers to them quickly.

It helps with the administration. When it comes to creating documentation, you can export those things and paste them onto the back of the report.

I would say that the time to value is approximately a week. It takes this long because the machine learning component has to learn your network first.

What is most valuable?

The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows.

The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report.

I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning.

What needs improvement?

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.

Eliminating Java from the SMC would improve this solution.

It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.

What do I think about the stability of the solution?

This solution is pretty stable for the most part. I don't like Java, so that's the thing that needs to go, but for the most part, it is a great solution.

What do I think about the scalability of the solution?

This is a really scalable solution. We have done some pretty large deployments, and I have seen the scalability.

How are customer service and technical support?

I haven't needed to contact technical support for this solution. 

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one. It was like the wild wild west. We set this up in our lab because the internal IT couldn't figure out what everybody was doing. They now have insight into who did what, which is important because we have a lot of intellectual property to protect.

How was the initial setup?

The initial setup is straightforward for me, so when I work with our customers the setup is straightforward for them.

It is a basic, three-tier model that includes flow sensors, flow collectors, and the SMC (Stealthwatch Management Control). These are all named appropriately, so people can understand what is being talked about when they hear it.

After the installation is complete, it takes about a week for the machine learning component to learn your network.

What about the implementation team?

We implement this solution for our customers.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive. Our fees are approximately $3,000 USD.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this one.

What other advice do I have?

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. 

The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.

Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.

This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
SG
Engineer at Charter Communications, Inc.
Real User
Shows the actual data flow transiting the network but scalability is a concern

Pros and Cons

  • "Being able to identify specific date closed across the network is invaluable."
  • "We've had problems with element licensing costs so scalability is a concern."

What is our primary use case?

We mainly use this solution for diagnostic information.

How has it helped my organization?

Being able to see the actual data flows transiting the network versus what we had planned is a great sanity check for our overall design planning. It is also useful to be able to make sure that we track the load that we anticipate.

The core reason we purchased this product was to increase our visibility of where the traffic sources and destinations were, as opposed to just raw data that is on the interface.

Stealthwatch has also reduced 10% of false positives. We're kind of limited to the deployment of Stealthwatch right now.

It saves us administrative work and design. 

What is most valuable?

Being able to identify specific data closed across the network is invaluable.

Their analytics and threat detection capabilities are good. We're able to pick out the individual traffic flows for specific users and even individual sessions across the network and reconstruct timelines of activity after the fact, if needed, or use the data in real time to plan out network capacity and growth.

What do I think about the stability of the solution?

Stealthwatch is a very stable solution.

What do I think about the scalability of the solution?

We've had problems with element licensing costs so scalability is a concern.

How are customer service and technical support?

The technical support provided is excellent.

Which solution did I use previously and why did I switch?

We used NetFlow before, so Stealthwatch was pretty much the only game in town for getting the level of detail that we were looking for out of the transport network. It was a natural choice.

What about the implementation team?

We used a vendor for the implementation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis, but I have no idea what the costs are.

Which other solutions did I evaluate?

We work very closely with Cisco directly and therefore we really just looked at Stealthwatch, because it was Cisco's product and they said this is what we do.

What other advice do I have?

You definitely need something to do flow level analysis.

The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.

I would rate this solution as seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JW
Network Administrator at a mining and metals company with 1,001-5,000 employees
Real User
Improved our organization's analytics and threat protection capabilities by catching threats early on

Pros and Cons

  • "The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of."
  • "One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself."

What is our primary use case?

Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.

How has it helped my organization?

Cisco Stealthwatch has improved our organization's analytics and threat protection capabilities by catching threats early on. We are still at the baselining stage, but I can also say that our organization improved dramatically when we found out that a host was constantly talking to an FTP server. It turned out to be an employee that was going to be terminated and he was trying to pull data from the FTP server constantly. He pulled three or four GBs and we caught it with this tool. It saved us a net fortune.

The solution has also increased our threat detection rate dramatically and that gives us time to remediate those threats.

What is most valuable?

The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all.

What needs improvement?

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. 

What do I think about the stability of the solution?

It is extremely stable. I haven't had a crash since installing it.

What do I think about the scalability of the solution?

It is very scalable. You only have to purchase more licensing. As far as I understand, it can become as big as you want it to become and how many net flows you can afford.

How are customer service and technical support?

The technical support is awesome. Anytime I call Cisco Tech, they call me back within thirty minutes or an hour with an answer to solve the problem. The guides that they have within the product itself are pretty self-explanatory. As long as you're willing to sit down and read it, you don't even need to call tech.

Which solution did I use previously and why did I switch?

My superior asked what this host was doing within our network, what data he was pulling and why he had it on this PC. We couldn't answer to say that he wasn't pulling data from that server or what data he was in fact pulling. So we had to find a solution to answer those questions. We are a Cisco shop so we kind of just went for this solution.

How was the initial setup?

The initial setup was straightforward. They explained the steps that they were going to do and they had it deployed within about two hours. It didn't take long and now we're just doing the baseline, which takes about three months.

What about the implementation team?

Yes, we used Network Center and they were good.

What was our ROI?

I can foresee that this solution will save us an immense lot of work in the future. Instead of having 20 people looking at logs and sifting through logs, you could have one individual simply sifting through this. It will be a lot easier and less time-consuming.
So the time to value of this solution is great. For every person you're going to pay about $70 or $80,000 a year, you would now only have to pay one individual instead of 20.

What's my experience with pricing, setup cost, and licensing?

This solution is a little expensive. Open-source is obviously a key to victory in some people's eyes but with open-source, you can't pay anybody. So it could be a little cheaper, but it has great functionality. 

What other advice do I have?

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Finn Kristensen
Architect at Atea A/S
Real User
Provides important visibility needed to detect and take precautions against threats

Pros and Cons

  • "The most valuable features provided by this solution are visibility and information."
  • "Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it."

What is our primary use case?

We provide this solution to our customers to give them visibility into their network.

How has it helped my organization?

This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.

It has reduced our incident response time by around forty percent.

It saves time, money and administrative work for our customers.

What is most valuable?

The most valuable features provided by this solution are visibility and information.

The solution's analytics and threat detection capabilities are good. Network visibility is also really good. 

The encrypted traffic analytics work well, I don't see any problem with it.

The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.

It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.

What needs improvement?

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

What do I think about the stability of the solution?

I would say that the stability of this solution could be better.

What do I think about the scalability of the solution?

The scalability is okay.

How are customer service and technical support?

Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.

Which solution did I use previously and why did I switch?

Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.

How was the initial setup?

The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.

What about the implementation team?

I performed the deployment myself.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AA
Director Network Services at a consultancy with 1,001-5,000 employees
Real User
Provides never-before-seen data and intelligence using the encrypted traffic analysis feature

Pros and Cons

  • "The most valuable feature is having visibility into the data segments throughout our network."
  • "I would like to see more expansion in artificial intelligence and machine learning features."

What is our primary use case?

Our primary use for this solution is to help protect against threats on our network.

How has it helped my organization?

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

What is most valuable?

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

What needs improvement?

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

What do I think about the stability of the solution?

There are no stability issues with the product.

What do I think about the scalability of the solution?

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

How are customer service and technical support?

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

Which solution did I use previously and why did I switch?

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

How was the initial setup?

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

What about the implementation team?

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

What's my experience with pricing, setup cost, and licensing?

We pay for support costs on a yearly basis.

Which other solutions did I evaluate?

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

What other advice do I have?

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Rob Hartstone
Network Operations Manager at Philips Electronics
Real User
Can identify down to an IP address of a system that is causing problems

Pros and Cons

  • "The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable."
  • "Complexity on integration is not so straightforward and you really need an expert to help build it out."

What is our primary use case?

Our primary use of Stealthwatch is for a secure remediation of systems that are causing problems on our internal network.

How has it helped my organization?

The solution's ability to detect threats and provide remediation greatly improved our company.

Increased network visibility so that we can see where the problems are is great. When we had a virus outbreak internally, we were able to pinpoint where it started.

Stealthwatch doubled our threat detection rate, while halving our incident response time and the time it takes us to detect and remediate threats.

It has also reduced false positives by about 5%.

Stealthwatch saves us time, money, and administrative work.

What is most valuable?

The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable.

Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things.

What needs improvement?

Complexity on integration is not so straightforward and you really need an expert to help build it out.

What do I think about the stability of the solution?

The solution's stability is very good.

What do I think about the scalability of the solution?

Its scalability is pretty good. We're about to roll it out bigger.

How are customer service and technical support?

I would probably give their technical support a nine out of ten.

Which solution did I use previously and why did I switch?

We didn't have a previous solution. We brought Stealthwatch in to audit issues that we needed to remediate with security issues.

How was the initial setup?

The initial setup was complex. There were just a lot of different pieces. We were trying to figure out what was needed to configure the device. We also use IPAM for host integration.

What about the implementation team?

We used Presidio with actual Cisco people doing the work. We had a very good experience with them.

What was our ROI?

Stealthwatch has a good time to value. The cost is expensive, but it pays for itself pretty quickly when you remediate something quicker that causes you less business outage.

What's my experience with pricing, setup cost, and licensing?

On a yearly basis, licensing is somewhere around $30,000.

Which other solutions did I evaluate?

We have some preferred providers, and we chose one of those providers based on support and working with Cisco directly.

What other advice do I have?

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on.

My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly.

I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JC
Lead Network Engineer at a retailer with 1,001-5,000 employees
Real User
Enables us to be proactive with security analysis but the interface is sluggish

Pros and Cons

  • "The ability to send data flow from other places and have them all in one place is very valuable for us."
  • "I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago."

What is our primary use case?

The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.

How has it helped my organization?

Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.

It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.

I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.

It may have reduced the time to detect and remedy threats a little.

It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.

I'm sure Stealthwatch saves us time, money, and administrative work.

What is most valuable?

The ability to send data flow from other places and have them all in one place is very valuable for us.

What needs improvement?

I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.

For how long have I used the solution?

We've had Stealthwatch in production for a year and half.

What do I think about the stability of the solution?

It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.

What do I think about the scalability of the solution?

We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.

How are customer service and technical support?

I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.

What was our ROI?

In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.

I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.

What other advice do I have?

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.

In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.

I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
EF
Network Manager at a financial services firm with 1,001-5,000 employees
Real User
Decreased troubleshooting steps to resolve issues and saves us time, money, and administrative work

Pros and Cons

  • "The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems."
  • "The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices."

What is our primary use case?

Our primary use is to monitor our network, especially our remote branches.

How has it helped my organization?

Stealthwatch has decreased our troubleshooting steps and also cut down on the amount of time it takes us to resolve an issue.

We're able to map out our environment using Stealthwatch and we can see where our data is going, throughout our network.

Stealthwatch reduced our incident response rate, as well as the amount of time it takes to detect and remediate threats by about 25%.

This solution saves us time, money, and administrative work.

What is most valuable?

The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems.

In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing.

What needs improvement?

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.

What do I think about the stability of the solution?

The solution's very stable. Even through the upgrades after Cisco's acquisition, it has proved to be very stable.

What do I think about the scalability of the solution?

It scales very well.

How are customer service and technical support?

We haven't had to use it much. When we have, it's been similar to most Cisco technical support, which is very knowledgeable and helpful.

Which solution did I use previously and why did I switch?

We previously used SolarWinds. The version of SolarWinds that we were using didn't give us the visibility that we needed, so we switched to Stealthwatch.

How was the initial setup?

The initial setup was straightforward.

What was our ROI?

We have seen a return on investment, from the fact that we now take less time to resolve an issue because we have Stealthwatch. We can capture some data in real time, or we can actually go back in the history base if we have to, to see where the issues may have started, and we also have baselines.

Their time to value is very good. We've upgraded and we just relicensed, so this is definitely a product that we use.

What's my experience with pricing, setup cost, and licensing?

The yearly licensing cost is about $50,000.

Which other solutions did I evaluate?

We evaluated SolarWinds, WhatsUp Gold, and a couple of others that I can't think of right now.

What other advice do I have?

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.

I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Rafael-Garcia
Infosec Manager at a energy/utilities company with 1,001-5,000 employees
Real User
Enables us to have visibility but it needs improvement when it comes to speed

What is our primary use case?

Our main reason for using Stealthwatch is it gives us visibility.

What is most valuable?

Stability is the most valuable feature we have seen in this solution.

What needs improvement?

Stealthwatch needs improvement when it comes to speed.

What do I think about the stability of the solution?

The solution's stability is good.

What do I think about the scalability of the solution?

I think this solution is okay with scale.

How are customer service and technical support?

I think their technical support is great.

How was the initial setup?

The initial setup was straightforward.

What was our ROI?

Time to value is very good for Stealthwatch.

What other advice do I have?

I would rate Stealthwatch as an eight or nine out of ten.

What is our primary use case?

Our main reason for using Stealthwatch is it gives us visibility.

What is most valuable?

Stability is the most valuable feature we have seen in this solution.

What needs improvement?

Stealthwatch needs improvement when it comes to speed.

What do I think about the stability of the solution?

The solution's stability is good.

What do I think about the scalability of the solution?

I think this solution is okay with scale.

How are customer service and technical support?

I think their technical support is great.

How was the initial setup?

The initial setup was straightforward.

What was our ROI?

Time to value is very good for Stealthwatch.

What other advice do I have?

I would rate Stealthwatch as an eight or nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RH
Sr. Network Engineer at a tech services company with 10,001+ employees
Real User
We have seen improved network visibility of our organization but the setup is complex

Pros and Cons

  • "Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization."
  • "The configuration of the solution was quite complex."

What is our primary use case?

Our primary use case for Cisco Stealthwatch is to ensure net flow.

How has it helped my organization?

Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization. 

What is most valuable?

The most valuable feature of this solution is that it give us insight into what's happening in our network. 

What needs improvement?

I don't really think we really save time while using this solution.

What do I think about the stability of the solution?

Cisco Stealthwatch is quite stable.

What do I think about the scalability of the solution?

It all depends on the platform you are using, but I think it is pretty scalable.

How was the initial setup?

The configuration of the solution was quite complex so I won't say that it is straightforward to set everything up.

What about the implementation team?

We used a vendor, Cisco, for implementation. 

What was our ROI?

I believe ROI will take around a year.

Which other solutions did I evaluate?

We also look at Red Hat.

What other advice do I have?

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JC
Service Engineer at a tech company with 10,001+ employees
Real User
Our protection rate has doubled and we can monitor our bandwidth or any other issues on our networks

Pros and Cons

  • "Using this solution has helped us to detect and identify viruses or malicious activity in the network early on."
  • "We haven't seen ROI."

What is our primary use case?

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

How has it helped my organization?

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

What do I think about the stability of the solution?

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

What do I think about the scalability of the solution?

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

How are customer service and technical support?

I never had to use technical support before.

How was the initial setup?

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

What was our ROI?

We haven't seen ROI.

What other advice do I have?

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DK
Network Engineer at UC San Diego Health System
Real User
Enables us to detect and remediate threats much faster

Pros and Cons

  • "The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us, because can see what's going on with traffic in one single place."
  • "We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too."

What is our primary use case?

For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.

How has it helped my organization?

Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen. 

I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now. 

What is most valuable?

The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.

What needs improvement?

We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.

What do I think about the stability of the solution?

The solution is very stable and we haven't had any crashes yet.

What do I think about the scalability of the solution?

Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.

How are customer service and technical support?

I do know we have used the support before and it was good enough to get our problems fixed.

Which solution did I use previously and why did I switch?

We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.

How was the initial setup?

The initial setup was pretty straightforward and sufficient. It's good.

What other advice do I have?

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. 

Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MG
Network Operations Manager at a tech company with 10,001+ employees
Real User
Improved network visibility has saved us money and facilitates executive reporting

Pros and Cons

  • "This product alleviates the day-to-day headaches for us, in regards to metrics."
  • "The reporting of day-to-day metrics still has room for improvement."

What is our primary use case?

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

How has it helped my organization?

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

What is most valuable?

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

What needs improvement?

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

What do I think about the stability of the solution?

This solution is very stable.

What do I think about the scalability of the solution?

We're kind of immature, right now, in our implementation, but I see it growing.

How are customer service and technical support?

We have not used technical support at this point.

Which solution did I use previously and why did I switch?

We were archaic in terms of reporting.

How was the initial setup?

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

What about the implementation team?

We handled the deployment in-house.

What was our ROI?

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

What's my experience with pricing, setup cost, and licensing?

The pricing for this solution is good.

Which other solutions did I evaluate?

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

What other advice do I have?

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JS
Manager at Indiana University Health
Real User
Increased our threat detection rate but the reporting needs improvement

Pros and Cons

  • "Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations."
  • "I would like to see some improvement when it comes to reporting."

What is our primary use case?

We use Stealthwatch mainly for security.

How has it helped my organization?

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

What is most valuable?

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

What needs improvement?

I would like to see some improvement when it comes to reporting.

What do I think about the stability of the solution?

The stability of the solution is fair.

What do I think about the scalability of the solution?

Stealthwatch has a good level of scalability.

How are customer service and technical support?

I would consider their technical support as "fair."

Which solution did I use previously and why did I switch?

We were using SolarWinds and we are still using SolarWinds, so we use both.

How was the initial setup?

The initial setup was complex, especially as it came to configurations.

What about the implementation team?

We used an integrator for deployment. We had a pretty good experience with them.

What's my experience with pricing, setup cost, and licensing?

The licensing costs are outrageous, but Stealthwatch has a good time to value.

What other advice do I have?

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
CK
Manager, Network Engineering & Telecommunications at a healthcare company with 1,001-5,000 employees
Real User
Enables us to detects threats early on, ensuring that our network stays secure

Pros and Cons

  • "The solution reduces the amount of time it takes to detect and remediate threats."
  • "The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types."

What is our primary use case?

We use Cisco Stealthwatch mostly for network visibility and security. I believe the solution reduces false-positives by flagging it as potential threats.

How has it helped my organization?

In terms of how this solution has affected network visibility, we're finding devices that junior network engineers, people who don't want to wait for proper channels, have added to the network. This solution enables us to find them and shut them down. 

It has reduced our incident response time. We can now narrow down where incidents are happening, so it very helpful for our organization.

What is most valuable?

The features I find most valuable is the deep level of knowledge that we get on every device as well as what other devices it's talking to. 

Analytics and threat detection capabilities are a little overwhelming. I would say it's about average. 

The solution reduces the amount of time it takes to detect and remediate threats.

For how long have I used the solution?

We've been using this solution for around a year now.

What do I think about the stability of the solution?

So far we haven't had any issues with the stability of the solution. We haven't gone through a major upgrade cycle yet.

What do I think about the scalability of the solution?

Our initial deployment was built out to the right size for our organization.

How are customer service and technical support?

There hasn't been any need to ask for technical support since our initial deployment, where we used a reseller. 

How was the initial setup?

The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types. 

What about the implementation team?

We used a reseller for the deployment, CDW.

Which other solutions did I evaluate?

We evaluated Plixer, but the fact that Stealthwatch was Cisco integrated, sold it for us.

What other advice do I have?

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
LW
Network Engineer at a tech services company
Real User
Offers better network visibility and has reduced incident response time

Pros and Cons

  • "I believe this solution has reduced our incident response time."
  • "I would like to see it better organized when I'm looking at it."

What is our primary use case?

The primary use case for Cisco Stealthwatch is for us to sell it. 

How has it helped my organization?

It has improved my organization's network visibility from zero because before we had installed this solution, we weren't doing anything to protect us from threats. I believe this solution has reduced our incident response time. 

What is most valuable?

The features I find most valuable about Cisco Stealthwatch its integration with the pxGrid and all of our other devices that are tied in with pxGrid, so they can communicate with each other and be able to dynamically change, quarantine a suspicious device, or do whatever necessary in case of a malware attack or similar problem.

What needs improvement?

Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.

For how long have I used the solution?

We are currently also using AMP and a few other Cisco products to assist us with threat protection and it's only been running for a couple of months.

What do I think about the stability of the solution?

This solution is very stable.

What do I think about the scalability of the solution?

I believe there isn't much to scale for it and I think it all depends on how many nodes you're running in the environment. I will say the scalability is fairly decent.

How are customer service and technical support?

I haven't had to use technical support yet. I've only read through the pages of documentation.

How was the initial setup?

The initial setup was a little complex since I haven't set it up before. 

What was our ROI?

It is hard to say yet, but at least we can tell customers that we've detected a threat, and it can be stopped in time.

What's my experience with pricing, setup cost, and licensing?

For our organization, it is cheap, but for other customers, it may be fairly expensive. 
As we are resellers of Cisco Stealthwatch, we hope to save time, money, and administrative costs once we start selling more of these solutions.

Which other solutions did I evaluate?

I am responsible for the security of our organization's devices, so I did look at other options. Since this solution ties into other products, I wanted to use Duo Security and tie that together with StealthWatch.

What other advice do I have?

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. 

My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Toufeik Choukri
PIC for Cyber Security at a university with 51-200 employees
Real User
Scalable and good for training students

What is most valuable?

The Cisco IOS is very important because that is what we have to teach our students.

What needs improvement?

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.

For how long have I used the solution?

We've been using Cisco equipemnt for four or five years.

What do I think about the scalability of the solution?

It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.

How was the initial setup?

I think in order to master the network security issues it's complex. The deployment took a week…

What is most valuable?

The Cisco IOS is very important because that is what we have to teach our students.

What needs improvement?

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.

For how long have I used the solution?

We've been using Cisco equipemnt for four or five years.

What do I think about the scalability of the solution?

It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.

How was the initial setup?

I think in order to master the network security issues it's complex. The deployment took a week or so.

What other advice do I have?

I think that maybe we need more products for our students to try and to master. It's part of their learning.

I would rate this solution as nine or ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AM
Senior Consultant at a manufacturing company with 10,001+ employees
Real User
Integrates well, but the user interface needs refinement

Pros and Cons

  • "The most valuable feature is integration."
  • "I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations."

What is our primary use case?

Our primary use case for this solution is security.

How has it helped my organization?

We are currently adding test cases for the solution and it is not yet in a live production environment.

What is most valuable?

The most valuable feature is integration.

What needs improvement?

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

For how long have I used the solution?

Still implementing and testing.

What do I think about the stability of the solution?

This solution seems to be stable.

What do I think about the scalability of the solution?

This is a cloud-based solution, so it is very scalable.

How are customer service and technical support?

We have not used technical support.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is complex, at least in the beginning.

It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.

What was our ROI?

We are still in beta testing.

What's my experience with pricing, setup cost, and licensing?

Because we are still testing, we do not yet know what our licensing fees will be.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
JS
Network Engineer at Oracle Corporation
Real User
Deploying this solution has shown us how poor our previous network monitoring coverage was

Pros and Cons

  • "It has been pretty stable since we deployed it, and everything seems to be working fine."
  • "We had some trouble with the installation as we migrated from our previous solution."

What is our primary use case?

This is a security solution for us and our customers. We use it for port monitoring aggregation and doing captures.

What needs improvement?

We had some trouble with the installation as we migrated from our previous solution.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

It has been pretty stable since we deployed it, and everything seems to be working fine.

What do I think about the scalability of the solution?

That scalability seems to be ok, although we did have some concerns. Potentially, we are going to be looking at 100-gigabit links, and the version of the solution that we deployed does not support that. That is a long-term concern, rather than an immediate one.

How are customer service and technical support?

We had some technical questions when we were doing the initial deployment, and they were very good in helping us with that.

Which solution did I use previously and why did I switch?

Prior to this solution, we used an ad-hoc, internal system. We knew that it had to be replaced because it was not passing the audit as per our set standards. Ultimately, that drove us to look for a more standardized solution.

How was the initial setup?

The initial setup for this solution was fairly complex. This was, in part, because of where we placed it in our network and the removal of our old system. It involved mapping it from the old to new so that it will be able to maintain the same functionality in our network.

What about the implementation team?

We used an integrator to assist with the implementation.

Which other solutions did I evaluate?

Cisco is our biggest primary vendor, so it was an easy go-to for this solution.

What other advice do I have?

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.

This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Robert Ufer
Network Architect at Henry Ford health system
Real User
Saves us time, money, and administrative work but scaling is a little difficult

Pros and Cons

  • "The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now."
  • "Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required."

What is our primary use case?

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

How has it helped my organization?

The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.

We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.

What is most valuable?

The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.

What needs improvement?

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

What do I think about the stability of the solution?

Stability is what we're looking for in production. Stability is everything.

The stability of the solution seems fine. It hasn't crashed yet.

What do I think about the scalability of the solution?

Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.

For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.

How are customer service and technical support?

The customer service has been fine, normal. It meets our expectations.

Which solution did I use previously and why did I switch?

We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.

How was the initial setup?

We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.

Which other solutions did I evaluate?

We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early. 

There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.

What other advice do I have?

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SJ
IT Network Engineer at a logistics company with 10,001+ employees
Real User
Easy to investigate flow and has improved the processes for mitigating any risks

Pros and Cons

  • "The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic."
  • "The initial setup was complex."

What is our primary use case?

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

How has it helped my organization?

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

What is most valuable?

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

What do I think about the stability of the solution?

We haven't had any stability issues so far, but we have only been running it for half a year.

What do I think about the scalability of the solution?

The scalability is good, seen from a license perspective, as well.

How are customer service and technical support?

We haven't really used the technical support yet, but in general, they are good.

How was the initial setup?

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

What about the implementation team?

We deployed it ourselves.

What was our ROI?

I don't think we have saved money, to be honest. But you cannot measure security and money.

Which other solutions did I evaluate?

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

What other advice do I have?

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JQ
Network Manager Administrator at a financial services firm with 501-1,000 employees
Real User
Provides real-time monitoring to identify peak traffic and possible issues

Pros and Cons

  • "It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused."
  • "At my company, we might not be using it enough with other applications that we have that can integrate with it."

What is our primary use case?

Stealthwatch is primarily a network monitoring tool.

How has it helped my organization?

Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.

Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.

This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.

Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.

Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.

We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.

What is most valuable?

It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.

What needs improvement?

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

For how long have I used the solution?

My company has been using Stealthwatch for the past four to five years.

What do I think about the stability of the solution?

Stability is really good. I don't think we ever had an issue with it.

How was the initial setup?

The initial setup was straightforward. It wasn't difficult.

What was our ROI?

I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.

What other advice do I have?

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AM
Associate Director Network Services at a pharma/biotech company with 10,001+ employees
Real User
Good dashboard but has a complicated installation process

Pros and Cons

  • "The most valuable feature is its alerts and dashboard."
  • "It's too complicated to install, when starting out."

What is our primary use case?

We use Stealthwatch to identify any risk or vulnerabilities in the environment.

How has it helped my organization?

Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.

The cognitive analytics really helps us analyze the traffic.

What is most valuable?

The most valuable feature is its alerts and dashboard.

The solution's analytics and threat detection capabilities are also pretty reasonable.

What needs improvement?

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

What do I think about the stability of the solution?

It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.

How are customer service and technical support?

Their technical support is very good.

How was the initial setup?

The initial setup was complex. Sensor and controller installation was especially complex.

What other advice do I have?

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
TB
Senior Director of Architecture and Engineering at Trace3
Real User
The network visibility feature opens up a whole new pane of glass that didn't exist before but it could be more administrator-friendly

Pros and Cons

  • "The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that."
  • "I would like Cisco to make it easier for the administrators to use it."

What is our primary use case?

We use Stealthwatch primarily to secure customers' endpoint devices, in order to provide more visibility into their security vectors. We determine where they are getting attacked, if they are getting attacked, how to prevent it, how to fight it, etc. We are really trying to take the fight to the administrator and be a little more proactive, as opposed to being so reactive with security events.

How has it helped my organization?

The network visibility feature opens up a whole new pane of glass that didn't exist before, so when you talk about being able to look into your network and understand what's there for security events, impostering, and everything that Stealthwatch can bring to the table, there's nothing else that a typical customer's going to have installed today that will give them any of that information.

Stealthwatch has definitely increased our threat detection rate. I would say on average probably close to 100%. Especially in the market that we play in, which is largely commercial, a lot of customers are just getting into this, so they literally had nothing and now they have a lot.

It has also reduced our incident response time and the time it takes us to detect and remediate threats, at times by months. In addition, Stealthwatch has helped us reduce false positives.

Stealthwatch helps us save time, money, and administrative work. If you talk about a simple security event that a customer has to react to if they don't have the visibility you don't find out about it until something even worse happens. For example, somebody worked to get into your financial systems and they were somehow siphoning money out, not only did they get in and you didn't detect that, but now money is disappearing out of your account. So the ability to detect that threat immediately and remediate it is the true value of that reliance.

What is most valuable?

The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco, so while some of the competition may have other products that could be better or provide a better administrative experience, they don't have the breadth that Cisco does. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that.

Stealthwatch has analytics and threat protection capabilities up there with the industry best. It's a super powerful database on the backend, basically giving you access to all the latest and greatest threat detection events that are out there, and they're constantly being updated and monitored, so that's probably the best part about having something like that.

What needs improvement?

I don't have a specific feature request, but my big push with Cisco has always been to make it easier for the administrators to use it. If you look at other products that they've been really successful within software space like Meraki, it's because a customer can jump right in and use it on day one and feel like they're accomplishing something with it. They don't have to have a Ph.D. Anything that we can do to make the customer experience better makes it easier for them to use it, which is what we want, and it also makes it easier for us to sell it.

Obviously usability, but given the space that it plays in, any way that we can continue to increase the security vector coverage is always going to be a net gain for a product like that.

What do I think about the stability of the solution?

Stealthwatch seems to be rock solid.

What do I think about the scalability of the solution?

We haven't had any issues with scalability yet.

How are customer service and technical support?

I would give the technical support seven out of ten. When it first came out, the big problem was Cisco obviously didn't have a giant technical team behind it, but that's true of any new product. Over time it has steadily gotten better, so they can solve most problems in a reasonable amount of time at this point.

How was the initial setup?

On a scale of one to ten, I'd call it a six out of ten. Do you need seasoned engineers to put it in? Yes. Do you need a rocket scientist? No.

What was our ROI?

We definitely have gotten an ROI. Look at incidents in the security space when customers are hit with malware or anything like that. These are incidents that cost thousands of dollars or potentially millions of dollars, so the first incident that you prevent, it probably just paid for itself.

The solution's time to value is one of those things that depends on what the customer has in their environment. If they have relatively little security strengthening in their environment, this is something that brings near immediate full value of the product directly to the customer's hands. Obviously, if it's part of a bigger support portfolio that the customer has, it just depends on what they already have or don't have in that environment.

The market that we play in there's a lot of value very often because sometimes this is the first product that they're investing in.

What other advice do I have?

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment.

The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately.

I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
BG
Manager of Digital Communications at Memorial Hermann Healthcare System
Real User
Good for analyzing security threats and as a general network performance diagnostic tool

Pros and Cons

  • "The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives."
  • "The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view."

What is our primary use case?

We use Cisco Stealthwatch for security and network analytics. The solution saves you time, money, and administrative work. If we have the device support, it means that I don't have to send someone in a car to go to be local on the site and look at whatever the issue is.

How has it helped my organization?

Our limitation is that Cisco Stealthwatch doesn't have visibility over everything. When we can use it, it gives us direct information. We use this information not only for analyzing security threats but as well as just for general network performance in the places it has view of.  

The solution affected network visibility in our organization fairly well. Without it, I have almost no visibility. It requires me to send people to different sites to manually get captured or to look at the network.

The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.

What is most valuable?

The analytics and threat detection capabilities of Cisco Stealthwatch are pretty good. It gives us good visibility of the information. It is easy to use and to the point.

What needs improvement?

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.

What do I think about the stability of the solution?

I've never known it to go down or have availability issues.

What do I think about the scalability of the solution?

Cisco Stealthwatch is scalable with money. It's expensive.

How are customer service and technical support?

I haven't dealt with Cisco customer service directly.

How was the initial setup?

The initial setup was before I was at the company. It was over six years ago.

What about the implementation team?

We used an integrated reseller for the deployment called Set Solutions. Our experience with them was pretty good.

What other advice do I have?

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.

The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.

It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.

Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
WR
Network Engineer at a government with 1,001-5,000 employees
Real User
Makes it easy to pinpoint any network anomalies or any type of suspicious behavior

Pros and Cons

  • "The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice."
  • "I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI."

What is our primary use case?

We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.

How has it helped my organization?

We recently got a security team. They've been more hands-on. They are not intuitive to networks. 

Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.

What is most valuable?

The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.

The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector. 

It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.

What needs improvement?

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. 

I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. 

We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.

What do I think about the stability of the solution?

As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.

What do I think about the scalability of the solution?

We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading. 

Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector. 

As far as scalability for the one that we purchased, it was not that great.

How are customer service and technical support?

I haven't had to use their technical support services.

Which solution did I use previously and why did I switch?

We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.

How was the initial setup?

Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.

Which other solutions did I evaluate?

Stealthwatch has almost everything we need. There's no reason to evaluate anyone else. 

We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.

What other advice do I have?

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.

The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. 

As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. 

It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.

Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.

I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. 

Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.

The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. 

I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SA
Network Section Chief at a government with 1,001-5,000 employees
Real User
Increased our incident response rates on the network with less time required to detect threats

Pros and Cons

  • "Cisco Stealthwatch has reduced the amount of time to detect an immediate threat."
  • "There's a lot of traffic on our network that we don't see sometimes."

What is our primary use case?

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

How has it helped my organization?

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

What is most valuable?

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

What needs improvement?

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

What do I think about the stability of the solution?

The product is stable. We have not had any downtime with it.

What do I think about the scalability of the solution?

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

How are customer service and technical support?

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

Which solution did I use previously and why did I switch?

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

How was the initial setup?

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

What was our ROI?

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly license.

Which other solutions did I evaluate?

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

What other advice do I have?

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ER
Forensic Analyst at a pharma/biotech company with 1,001-5,000 employees
Real User
Provides holistic view of network traffic, packet analysis; it's easy to identify anomalies without signatures

Pros and Cons

  • "The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies."
  • "The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from Netflow-enabled devices to provide a context for network utilization."
  • "If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses."

What is our primary use case?

We implemented Stealthwatch Cloud in order to provide our analysts with an additional tool for security monitoring.

How has it helped my organization?

This tool provides another method for security analysts to triage security alerts. The artifacts available in the tool provide better information for analyzing network traffic. 

What is most valuable?

It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.

What needs improvement?

I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.

If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. Collecting NetFlow data is not hard, however, there is a chance you’ll end up with a huge amount of data that needs investigating. It might be a good idea to deploy gradually, by network segment.

How are customer service and technical support?

Technical support has been excellent. I would not hesitate to work with them again. The engineer I worked with was knowledgeable.

Which solution did I use previously and why did I switch?

No previous solution.

How was the initial setup?

The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from NetFlow-enabled devices to provide a context for network utilization.

What's my experience with pricing, setup cost, and licensing?

One thing to keep in mind is that pricing is based on flow. If your environment is a Cisco shop, there should be an option to bundle it with certain purchases.

What other advice do I have?

I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.

Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.

I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.

Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RS
Consultant at a healthcare company with 1,001-5,000 employees
Consultant
You are able to drill down into a center's utilization, then create reports based on it

Pros and Cons

  • "Able to drill down into a center's utilization, then create reports based on it."
  • "Ease of deployment, once you get your ducks in a row."
  • "Visibility. The ability to look East and West. To see what is passing through your circuits, where it is coming from, and how big it is."
  • "From a security standpoint, it is just seeing pockets as well. Visibility is very key for us."
  • "Reliance on Java. Get away from that."
  • "If they can make this product more web-based, that would be amazing."

What is our primary use case?

  • Monitoring
  • Security

It is a monitoring solution and network, because many times what we see is circuit oversaturation. Then, we want to know why and where it is coming from.

We were using Stealthwatch before the upgrade, since it came out. We have a good partnership with Cisco. We have NAS engineers. We have a quarterly meeting with Cisco. Generally, when they come out with a new solution, like when Stopwatch first came out, we jump on board. Therefore, we have been with it for awhile.

How has it helped my organization?

Our company is global and has various manufacturing plants over the globe along with branches. What we have found from a productivity policing perspective is we have had some of these locations abuse their on-net circuit. They will put it on Netflix and go watch movies when they are not supposed to, and we could not stop it. Unfortunately, we did not know what was going on. In the past, what we used to do was live and work with it. Thus, the company increased the circuit, and we were spending more, not knowing why. 

When Stealthwatch finally came in, we were able to look into that pocket and  flow, saying, "They are going to Facebook. They are going to YouTube. They are going to Netflix." 

Based on other solutions that we had in place (Sourcefire, etc.), we were able to block the center accessing these type of features and apps. This brought down the circuit utilization significantly, then we were able to recoup costs. It saved a lot of money bringing down the circuit. Now, it is not abused anymore.

What is most valuable?

Visibility. The ability to look East and West. To see what is passing through your circuits, where it is coming from, and how big it is. This is pretty key for us. It is the network. 

From a security standpoint, it is seeing pockets as well. Visibility is very key for us.

What needs improvement?

In the last year or two, we have been working with our Cisco NAS engineers to improve our security posturing. It is more our being proactive rather than reactive. While Stealthwatch and Lancope have this ability to look inside and give you visibility (a great feature), follow-up is the rule. We would like filters that you can put into place to tap onto certain types of behaviors, alerts out, and/or hopefully a block. This is sort of what we are looking for. 

I might be speaking too early, because we are not down this path yet. We know the feature set is there, we just do not know yet how to achieve it. That is proactive rather than more reactive.

For Lancope Stealthwatch, we would like to see it more on the ASA Firewall platform. While this might already be available, this is more a failing of Cisco to inform us if it is there. For example:

  • Are we on the right or wrong version of the code? 
  • What does the code look like? 
  • Are we are really looking at firewalls? Or is it more about the foundation and route switches that we are seeing?

It is about visibility.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It has been pretty stable. The deployment is the SNC which is located in our headquarters. Then, you have collectors and sensors which are sitting out there in our various eye pop points: East and West points out the door. The sensor sits on the standpoint, therefore it sees everything. The collector, you point to it, and it has been pretty stable in that regard. 

Previously, the one thing which drove us crazy about the product was it seemed to be pretty locked on certain versions of Java. Now, it appears to have been improved. Thus, we are very happy with that.

In terms of improvement overall, we would like to see less reliance on Java and possibly a self-contained REST API package, either client or web-based would be nice rather than locally in Java. This would be a nice feature set.

Integration would be nice too. We are a pretty big Cisco shop. From ICE to our WCs. We are growing while we are looking at other products and solutions out there. Those solutions being FireEye or Palo Alto. Is there an integration where maybe East-West Lancope can see this type of traffic, then send updates and work lists with other products to say, "Block this as this is bad," other than the blocking point being Stealthwatch?

I understand Cisco has AMP Threat Grid. This is their ecosystem, and it is supposed to coordinate and work together in making the setup easy. 

Self-pushes to the cloud, as long as your Cisco-based products report to the same cloud point, then you are all sharing data that way. That is still very Cisco-centric. It would be nice to see a little bit more integration with Palo Alto, FireEye, and VScanner, therefore not all being Cisco-based.

What do I think about the scalability of the solution?

For scalability, we probably want to see more NetFlow availability in other infrastructure products. We know it is there in routers, switches, and foundation. We know we can send it to the box. These are our current questions about NetFlow expansion:

  • What about firewalls? Where does Cisco stands today on NetFlow or in the future for firewalls? 
  • Is there NetFlow on SPD? I don't know. 
  • Are we doing NetFlow on ASA today? Our company is not.  

I do not think it is ready yet, or stable, and expanding NetFlow would be huge.

How are customer service and technical support?

Generally, when we do something with Lancope or Stealthwatch, either we play with the interface ourselves or we use our NAS engineer. I do not think there has been a situation where we looked for support on a tech case unless there is something really wrong. We have possibly had to contact them one time because of a bad disc. 

Which solution did I use previously and why did I switch?

We used Riverbed, and it is probably still around as some people can't let go of their old tools.

When we saw what Lancope can do, not just from a visibility perspective, but from a network and security perspective, we jumped on board. Having security tied to the product is what really made it win out. We jumped in all the way. We spent close to a million, because there was a shared infrastructure between two companies. Every eye pop that we bring up or upgrade, Stealthwatch is there. We ensure it is there.

How was the initial setup?

It was pretty straightforward. Once you get the template down, you get to the eye pop or an egress point, then you need one sensor. Deployment is easy.

What's my experience with pricing, setup cost, and licensing?

Today, the company is part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that.

One of the things which bugs me about Lancope is the licensing. We understand how its licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. We bought a ton of product. Somewhere within the purchase and distribution, licensing got mixed up. This is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of ours to them. To date, they have never been able to fix it. We still see this license issue pop up on our screen.

NetFlow is very expensive. 

Which other solutions did I evaluate?

The only other option was the one we were using at the time, which may not even be comparable because of visibility, and that was Riverbed. Riverbed was extremely expensive. 

Stealthwatch came out, and we jumped on board. It was not only cost alone that made us go with it. It was security which pushed us over the edge. The possibility of seeing in the packet these potentially proactive measures; things you can do to see patterns. The features were what won out.

What other advice do I have?

Come up with a template, then choose a center, choose a region, choose a plant, etc. Figure out how you want the deployment to go, then replicate it. Turn it into some sort of kit. As you stand up more places, or you deploy to other places, it will follow that template, then you are set and done.

This also extends to the config file, which is a bit more problematic. Depending on how large you are (we are very large), you do not always have the same model number of router. For example, we could have 1002X, 1001, and 1002X. They do not always align in terms of what that NetFlow configuration looks like. Some people put NetFlow on a switch. 

Make sure that you are aware of that and you have the best template you can. Get your ducks in a row before you deploy, or else it is going to extend your deployment.

Pros:

  • Visibility is key. 
  • Security is also key. 
  • Being able to drill down into a center's utilization, then create reports based on it.
  • Ease of deployment, once you get your ducks in a row.

Con: Reliance on Java. Get away from that.

If they can make this product more web-based, that would be amazing. I do not know the feasibility of that, but it seems like everything is going towards that direction anyway. The sooner Cisco can make use of the app rather than Java, the better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user735195
Senior Information Security Engineer at a transportation company with 10,001+ employees
Real User
Provides easily identifiable anomalies that you can't see with signature detections

Pros and Cons

  • "Provides easily identifiable anomalies that you can't see with signature detections."
  • "The beginning of any security investigation starts with net flow data."
  • "One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints."

What is our primary use case?

  • ID managers
  • Flow replicators
  • Flow sensors
  • Thick client

How has it helped my organization?

Provides easily identifiable anomalies that you can't see with signature detections. 

What is most valuable?

NetFlow: The beginning of any security investigation starts with NetFlow data. 

What needs improvement?

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

I have known these guys for a long time. They are completely familiar with their product.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup is very straightforward. 

What about the implementation team?

The vendor helped in every step of the installation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is done by flows per second, not including outside (in traffic). 

Which other solutions did I evaluate?

I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use. 

What other advice do I have?

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user734160
Senior Technical Consultant
Consultant
​Provides complete network visibility and has made troubleshooting easy

Pros and Cons

  • "Most valuable features are the network maps and server and network response time."
  • "The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure."

What is most valuable?

SMC and FC, though they are components, not features.

Most valuable features are the network maps and server and network response time. Maps is a unique feature which provides logical grouping of different segments of the network with complete visibility and alerting based on a total or protocol base as per defined threshold. So, one can check how many connections to the server and/or on the protocol, and who is consuming the most bandwidth. This is done, while the server and network response time provide quick identification of root cause of slow response from the server.

How has it helped my organization?

Provided complete network visibility and made troubleshooting easy.

For how long have I used the solution?

I have used Cisco Stealthwatch for four to five years: versions 5.0 to 6.22.

What do I think about the stability of the solution?

Yes. The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Very good.

Which solution did I use previously and why did I switch?

No, we did not use a different solution.

How was the initial setup?

Straightforward.

What's my experience with pricing, setup cost, and licensing?

Pricing is much higher compared to other solutions.

Which other solutions did I evaluate?

Yes, SolarWinds.

What other advice do I have?

It is a good product. I don't see any matching product with level of detailed information.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user735216
Highly motivated Security Engineer incident Response, Vuln Mgmt, Malware Analysis, IDS/IPS, DLP, Network Security +more at a transportation company with 10,001+ employees
Vendor
NetFlow data is the beginning of any security investigation, very easy to use

Pros and Cons

  • "The most valuable feature is NetFlow. The beginning of any security investigation starts with NetFlow data."
  • "One update I would like to see is an agent-based client. Currently StealthWatch is network based."

What is most valuable?

There's nothing like it and a dream to operate, very intuitive. The most valuable feature is NetFlow. The beginning of any security investigation starts with NetFlow data.

How has it helped my organization?

Easily identifiable anomalies that you can't see with signature detections.

What needs improvement?

I am so familiar with the product I would say none. Lancope has always listened to customer input for product enhancements. One update I would like to see is an agent-based client. Currently StealthWatch is network based. A local agent could help manage endpoints.

For how long have I used the solution?

12 years.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

I've known those guys for a long time. They are completely familiar with their product.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Very straightforward. They helped in every step of the installation.

What's my experience with pricing, setup cost, and licensing?

Licensing is done by flows per second, not including outside>in traffic.

Which other solutions did I evaluate?

I have tried the Sourcefire solution but StealthWatch wins because of ease of use.

What other advice do I have?

Go for it. Also great for your network segmentation project.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Information Security Analyst at a non-profit with 1,001-5,000 employees
Real User
Enables me to detect devices talking to suspect IPs.

What is most valuable?

I value the feature which enables me to detect devices talking to suspect IPs.

How has it helped my organization?

We can now see what is going on in our network.

What needs improvement?

We need to be able to filter out internal IPs as non-threats.

For how long have I used the solution?

We have been using the product since 2008.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

How are customer service and technical support?

The technical support is good.

Which solution did I use previously and why did I switch?

We did not use any other solution previously.

How was the initial setup?

What is most valuable?

I value the feature which enables me to detect devices talking to suspect IPs.

How has it helped my organization?

We can now see what is going on in our network.

What needs improvement?

We need to be able to filter out internal IPs as non-threats.

For how long have I used the solution?

We have been using the product since 2008.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

How are customer service and technical support?

The technical support is good.

Which solution did I use previously and why did I switch?

We did not use any other solution previously.

How was the initial setup?

The initial setup was relatively easy, though different devices need different configurations for the flow exports.

What's my experience with pricing, setup cost, and licensing?

It is worth the cost.

Which other solutions did I evaluate?

We evaluated Arbor.

What other advice do I have?

Get it in and see what you can see!

Disclosure: I am a real user, and this review is based on my own experience and opinions.