2019-06-17T08:45:00Z

What advice do you have for others considering Cisco Stealthwatch?


If you were talking to someone whose organization is considering Cisco Stealthwatch, what would you say?

How would you rate it and why? Any other tips or advice?

Guest
3636 Answers

author avatar
Consultant

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment. I would rate this solution an eight out of ten.

2019-09-23T06:34:00Z
author avatar
Real User

I would rate it an eight out of ten. Check the vendors and the options out there to see how they can meet your needs.

2019-07-02T06:57:00Z
author avatar
Real User

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it.

2019-07-02T06:57:00Z
author avatar
Top 20Real User

I think that maybe we need more products for our students to try and to master. It's part of their learning. I would rate this solution as nine or ten out of ten.

2019-06-23T09:40:00Z
author avatar
Real User

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch. I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

2019-06-17T08:46:00Z
author avatar
Top 20Real User

I would rate Stealthwatch as an eight or nine out of ten.

2019-06-17T08:46:00Z
author avatar
Top 20Real User

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on. My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly. I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

2019-06-17T08:46:00Z
author avatar
Real User

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten.

2019-06-17T08:46:00Z
author avatar
Real User

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it. In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure. I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

2019-06-17T08:46:00Z
author avatar
Real User

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

2019-06-17T08:46:00Z
author avatar
Real User

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats. The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need. All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one. My advice for anybody implementing this solution is to get training on it before their deployment. I would rate this solution a nine out of ten.

2019-06-17T08:46:00Z
author avatar
Top 20Real User

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

2019-06-17T08:46:00Z
author avatar
Top 20Real User

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure. I would rate this solution an eight out of ten.

2019-06-17T08:46:00Z
author avatar
Consultant

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor. Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature. This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand. I would rate this solution a seven out of ten.

2019-06-17T08:46:00Z
author avatar
Real User

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start. The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for. I would rate this solution an eight out of ten.

2019-06-17T08:46:00Z
author avatar
Real User

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing. The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision. This is a good product, but there are still things that we would like to see. I would rate this solution a nine out of ten.

2019-06-17T08:46:00Z
author avatar
Real User

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

2019-06-17T08:46:00Z
author avatar
Top 20Real User

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools. This is a solid solution, and a necessary tool to add insight into our network. I would rate this solution an eight out of ten.

2019-06-17T08:46:00Z
author avatar
Real User

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

2019-06-17T08:46:00Z
author avatar
Real User

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives. The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier. Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly. I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me. The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

2019-06-17T08:45:00Z
author avatar
Real User

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower. I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it. Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

2019-06-17T08:45:00Z
author avatar
Real User

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag. The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams. It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole. Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

2019-06-17T08:45:00Z
author avatar
Real User

You definitely need something to do flow level analysis. The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data. I would rate this solution as seven out of ten.

2019-06-17T08:45:00Z
author avatar
Real User

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment. The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately. I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

2019-06-17T08:45:00Z
author avatar
Real User

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.

2019-06-17T08:45:00Z
author avatar
Real User

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

2019-06-17T08:45:00Z
author avatar
Top 20Real User

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that. Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase. The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams. In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process. On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves. Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on. Deploying the virtual machines made our storage have artifacts. But that was expected. Make sure you resource it correctly because it's going to use more than you expect.

2019-06-17T08:45:00Z
author avatar
Real User

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

2019-06-17T08:45:00Z
author avatar
Real User

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

2019-06-17T08:45:00Z
author avatar
Top 20Real User

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

2019-06-17T08:45:00Z
author avatar
Real User

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner. The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work. I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

2019-06-17T08:45:00Z
author avatar
Real User

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good. I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined. I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

2019-06-17T08:45:00Z
author avatar
Real User

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up. This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation. I would rate this solution an eight out of ten.

2019-06-17T08:45:00Z
author avatar
Real User

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix. You need a dedicated team to manage all of these products and their integration together.

2019-06-17T08:45:00Z
author avatar
Consultant

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible. I would rate this solution a seven out of ten.

2019-06-17T08:45:00Z
author avatar
Real User

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for. I would rate Stealthwatch as seven out of ten. It's easy to use.

2019-06-17T08:45:00Z
Learn what your peers think about Cisco Stealthwatch. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
439,184 professionals have used our research since 2012.