We performed a comparison between Cisco Stealthwatch and Darktrace based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. However, their features slightly differ, and each has its own strengths and weaknesses.
"The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies."
"It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal."
"The solution reduces the amount of time it takes to detect and remediate threats."
"There are already many functionalities, so I don't think there is anything to improve."
"Cisco Stealthwatch has reduced the amount of time to detect an immediate threat."
"If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
"The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems."
"The most valuable feature is having visibility into the data segments throughout our network."
"It's a very stable product."
"The most valuable feature of Darktrace is the AI that detects abnormal network activity."
"The most valuable feature of this solution is that it does not require human intervention to eliminate a threat."
"Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
"AI analytics are built directly into the product."
"The most valuable features of Darktrace are its full capabilities. You have visibility of everything."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
"Better integration between Cisco Secure Network Analytics and Cisco Secure Workload would be beneficial."
"There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous."
"Stealthwatch needs improvement when it comes to speed."
"One update I would like to see is an agent-based client. Currently StealthWatch is network based."
"It's too complicated to install, when starting out."
"Complexity on integration is not so straightforward and you really need an expert to help build it out."
"We determined that Stealthwatch wouldn't provide the machine learning model that we required."
"Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product."
"Needs to improve its collaboration with local partners."
"Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"The module can improve so that every time it's more intelligent."
"I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
"I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there."
"I believe their network monitoring device licensing module could use some improvement."
"There is a high ratio of false positive information."
More Cisco Secure Network Analytics Pricing and Cost Advice →
Cisco Secure Network Analytics is ranked 4th in Network Traffic Analysis (NTA) with 57 reviews while Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 65 reviews. Cisco Secure Network Analytics is rated 8.2, while Darktrace is rated 8.2. The top reviewer of Cisco Secure Network Analytics writes "Increased the visibility of what is happening in our network". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cisco Secure Network Analytics is most compared with Cisco Secure Cloud Analytics, ThousandEyes, Vectra AI, Arista NDR and Cisco Cognitive Threat Analytics, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x). See our Cisco Secure Network Analytics vs. Darktrace report.
See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!
Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.
Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.
Pricing Model per IP´s is pretty usual - but you need flexibility.
Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.
Thank you for your comments...what if the malware does not present as anomalous?
We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.
Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.
In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.