We performed a comparison between Cisco Stealthwatch and Darktrace based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. However, their features slightly differ, and each has its own strengths and weaknesses.
"Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization."
"It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it."
"The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice."
"The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us, because can see what's going on with traffic in one single place."
"The most valuable feature is its alerts and dashboard."
"Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before."
"The most valuable feature is NetFlow. The beginning of any security investigation starts with NetFlow data."
"The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable."
"A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
"We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
"The solution is outstanding from a monitoring perspective."
"It is a stable solution without downtime."
"The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"The customizability of the UI should improve."
"One update I would like to see is an agent-based client. Currently StealthWatch is network based."
"I would like to see it better organized when I'm looking at it."
"Complexity on integration is not so straightforward and you really need an expert to help build it out."
"I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations."
"One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself."
"We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too."
"It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"The cost is a bit on the higher side."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"The module can improve so that every time it's more intelligent."
"The interface is too mathematical and it should be simplified."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
More Cisco Secure Network Analytics Pricing and Cost Advice →
Cisco Secure Network Analytics is ranked 4th in Network Traffic Analysis (NTA) with 7 reviews while Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 32 reviews. Cisco Secure Network Analytics is rated 8.2, while Darktrace is rated 8.2. The top reviewer of Cisco Secure Network Analytics writes "Improved our organization greatly but greater customizability would be beneficial". On the other hand, the top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". Cisco Secure Network Analytics is most compared with Cisco Secure Cloud Analytics, ThousandEyes, Vectra AI, Arista NDR and Gigamon Deep Observability Pipeline, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x). See our Cisco Secure Network Analytics vs. Darktrace report.
See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!
Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.
Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.
Pricing Model per IP´s is pretty usual - but you need flexibility.
Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.
Thank you for your comments...what if the malware does not present as anomalous?
We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.
Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.
In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.