Compare Cisco Stealthwatch vs. FireEye Network Security

Cisco Stealthwatch is ranked 1st in Intrusion Detection and Prevention Software with 39 reviews while FireEye Network Security is ranked 4th in Advanced Threat Protection with 13 reviews. Cisco Stealthwatch is rated 8.0, while FireEye Network Security is rated 7.6. The top reviewer of Cisco Stealthwatch writes "You are able to drill down into a center's utilization, then create reports based on it". On the other hand, the top reviewer of FireEye Network Security writes "It has significantly decreased our mean time in being able to identify and detect malicious threats". Cisco Stealthwatch is most compared with Darktrace, Splunk User Behavior Analytics and Cisco Stealthwatch Cloud, whereas FireEye Network Security is most compared with Palo Alto Networks WildFire, Cisco Stealthwatch and Symantec Advanced Threat Protection.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Cisco, GFI, Darktrace and others in Intrusion Detection and Prevention Software. Updated: October 2019.
372,185 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The most valuable feature is anomaly detection, where it finds things that are not allowed internally.Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before.The most valuable feature about this solution is that it gives me insight of my network.It has improved our internal knowledge of what's going on with the network, and that's helpful.The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure.

Read more »

If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution.The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money.Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams.The most valuable feature is the view into the application.Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities.It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us.The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks.Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening.

Read more »

Cons
The usability of this solution needs to be improved.We've run into some issues with the configuration.They should include Citrix VDIs in the next release.The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified.The initial setup is complex, as there is a lot to configure.It hasn't really improved our direct detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution.I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.It is time-consuming to set it up and understand how the tool works.

Read more »

It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment.As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.A better depth of view, being able to see deeper into the management process, is what I'd like to see.Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier.I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports.The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right.It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning.

Read more »

Pricing and Cost Advice
Our fees are approximately $3,000 USD.Licensing is on a yearly basis.We pay for support costs on a yearly basis.On a yearly basis, licensing is somewhere around $30,000.The yearly licensing cost is about $50,000.The pricing for this solution is good.The licensing costs are outrageous.Today, we are part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that.

Read more »

When I compare this solution to its competitors in the market, I find that it is a little expensive.FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market.We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing.Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold.There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product.The pricing is a little high.Pricing and licensing are reasonable compared to competitors.

Read more »

report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software solutions are best for your needs.
372,185 professionals have used our research since 2012.
Ranking
Views
22,916
Comparisons
13,913
Reviews
39
Average Words per Review
527
Avg. Rating
8.1
Views
10,499
Comparisons
7,596
Reviews
11
Average Words per Review
364
Avg. Rating
7.6
Top Comparisons
Compared 23% of the time.
Also Known As
Cisco Stealthwatch Enterprise, Lancope StealthWatchFireEye
Learn
Cisco
FireEye
Overview

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

FireEye Network Security is an advanced threat protection and breach detection platform that provides industry leading threat visibility and protection against the world’s most sophisticated and damaging attacks. By leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core.

Offer
Learn more about Cisco Stealthwatch
Learn more about FireEye Network Security
Sample Customers
Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREFFFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems
Top Industries
REVIEWERS
Healthcare Company26%
Financial Services Firm11%
Manufacturing Company9%
Retailer6%
VISITORS READING REVIEWS
Comms Service Provider20%
Software R&D Company14%
Media Company8%
Government7%
REVIEWERS
Financial Services Firm36%
University18%
Manufacturing Company18%
Healthcare Company9%
VISITORS READING REVIEWS
Software R&D Company25%
Financial Services Firm20%
Comms Service Provider10%
Media Company9%
Find out what your peers are saying about Cisco, GFI, Darktrace and others in Intrusion Detection and Prevention Software. Updated: October 2019.
372,185 professionals have used our research since 2012.
We monitor all Intrusion Detection and Prevention Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email