Cisco Stealthwatch vs. Splunk User Behavior Analytics

As of June 2019, Cisco Stealthwatch is ranked 1st in Intrusion Detection and Prevention Software with 5 reviews vs Splunk User Behavior Analytics which is ranked 4th in Intrusion Detection and Prevention Software with 5 reviews. The top reviewer of Cisco Stealthwatch writes "You are able to drill down into a center's utilization, then create reports based on it". The top reviewer of Splunk User Behavior Analytics writes "Enables searching through a lot of data, but pricing is problematic - you can't budget for it". Cisco Stealthwatch is most compared with Darktrace, Splunk User Behavior Analytics and FireEye Network Security. Splunk User Behavior Analytics is most compared with Darktrace, Cisco Stealthwatch and Microsoft ATA. See our Cisco Stealthwatch vs. Splunk User Behavior Analytics report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Cisco Stealthwatch vs. Splunk User Behavior Analytics and other solutions. Updated: May 2019.
345,622 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from Netflow-enabled devices to provide a context for network utilization.Able to drill down into a center's utilization, then create reports based on it.Ease of deployment, once you get your ducks in a row.Visibility. The ability to look East and West. To see what is passing through your circuits, where it is coming from, and how big it is.From a security standpoint, it is just seeing pockets as well. Visibility is very key for us.Provides easily identifiable anomalies that you can't see with signature detections.The beginning of any security investigation starts with net flow data.

Read more »

The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus.Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks.The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them.The most valuable feature is the ability to search through a large amount of data.It is a solution that helps test and measure customer satisfaction.

Read more »

Cons
If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.Reliance on Java. Get away from that.If they can make this product more web-based, that would be amazing.One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints.The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure.One update I would like to see is an agent-based client. Currently StealthWatch is network based.

Read more »

The initial setup was complex because some of the configurations that we required needed customization.It could be easier to scale the solution if you are using it on-premise, not in the cloud.There are occasional bugs.

Read more »

Pricing and Cost Advice
Today, we are part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that.NetFlow is very expensive.One of the things which bugs me about Lancope is the licensing. We understand how licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. Somewhere within the purchase and distribution, licensing got mixed up. That is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of our equipment to them. To date, they have never been able to fix it.​Licensing is done by flows per second, not including outside (in traffic).Pricing is much higher compared to other solutions.Licensing is done by flows per second, not including outside>in traffic.

Read more »

There are additional costs associated with the integrator.My biggest complaint is the way they do pricing... You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly.I hope we can increase the free license to be more than 5 gig a day. This would help people who want to introduce a POC or a demo license for the solution.

Read more »

report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software solutions are best for your needs.
345,622 professionals have used our research since 2012.
Ranking
Views
21,792
Comparisons
12,173
Reviews
6
Average Words per Review
608
Avg. Rating
9.7
Views
7,219
Comparisons
4,482
Reviews
5
Average Words per Review
426
Avg. Rating
8.0
Top Comparisons
Compared 24% of the time.
Also Known As
Cisco Stealthwatch Enterprise, Lancope StealthWatchCaspida, Splunk UBA
Learn
Cisco
Splunk
Overview

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics – for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
Offer
Learn more about Cisco Stealthwatch
Learn more about Splunk User Behavior Analytics
Sample Customers
Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia
Top Industries
VISITORS READING REVIEWS
Healthcare Company27%
Media Company19%
Financial Services Firm19%
Comms Service Provider12%
No Data Available
Find out what your peers are saying about Cisco Stealthwatch vs. Splunk User Behavior Analytics and other solutions. Updated: May 2019.
345,622 professionals have used our research since 2012.
We monitor all Intrusion Detection and Prevention Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email