We performed a comparison between Cisco Stealthwatch and Darktrace based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. However, their features slightly differ, and each has its own strengths and weaknesses.
"Great network monitoring, looking at anomaly detection and evaluation."
"From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
"Stability is the most valuable feature we have seen in this solution."
"The solution reduces the amount of time it takes to detect and remediate threats."
"The most valuable feature is NetFlow. The beginning of any security investigation starts with NetFlow data."
"The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives."
"The beginning of any security investigation starts with net flow data."
"The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies."
"Darktrace is very flexible."
"It is autonomous. So, it learns. It uses algorithms and AI to learn the common behavioral patterns on the network, and it is able to identify threats based on abnormal patterns."
"It is a stable solution."
"We are able to detect a lot of things, actually, and see what is happening in our network."
"t was pretty as far as the granularity of what you were getting out of it."
"I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities."
"We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
"The most valuable feature of this solution is that it does not require human intervention to eliminate a threat."
"I would like to see more expansion in artificial intelligence and machine learning features."
"I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI."
"It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."
"One update I would like to see is an agent-based client. Currently StealthWatch is network based."
"The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified."
"The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view."
"The reporting of day-to-day metrics still has room for improvement."
"I would like Cisco to make it easier for the administrators to use it."
"I believe their network monitoring device licensing module could use some improvement."
"Getting logs from different sources can be a challenge."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."
"I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
"In the next version, I'd like to see penetration testing."
"The interface and dashboards could be improved for ease-of-use."
"The interface is too mathematical and it should be simplified."
More Cisco Secure Network Analytics Pricing and Cost Advice →
Cisco Secure Network Analytics is ranked 4th in Network Traffic Analysis (NTA) with 57 reviews while Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 65 reviews. Cisco Secure Network Analytics is rated 8.2, while Darktrace is rated 8.2. The top reviewer of Cisco Secure Network Analytics writes "Increased the visibility of what is happening in our network". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cisco Secure Network Analytics is most compared with Cisco Secure Cloud Analytics, ThousandEyes, Vectra AI, Arista NDR and Gigamon Deep Observability Pipeline, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x). See our Cisco Secure Network Analytics vs. Darktrace report.
See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!
Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.
Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.
Pricing Model per IP´s is pretty usual - but you need flexibility.
Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.
Thank you for your comments...what if the malware does not present as anomalous?
We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.
Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.
In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.