Cisco Secure Network Analytics Reviews

Our main use case for Cisco Secure Network Analytics is its ability to monitor encrypted traffic without requiring decryption. This is a unique selling point, allowing us to analyze encrypted traffic securely. While this capability is highlighted by Cisco, it's not exclusive to their solution, as other vendors also offer similar functionalities for monitoring encrypted traffic.

Another notable feature of Cisco Secure Network Analytics is its Layer 7 visibility, which allows us to monitor and analyze network communications at the application layer. This provides insights into which protocols are being used and how they communicate within the environment. To achieve this level of visibility, we integrate a flow sensor component within the Cisco SNA solution, which gathers traffic data and forwards it to the Cisco collectors for analysis. This integration enhances our overall security posture and helps us gain deeper insights into our network traffic.

One area that could be improved in SNA is the integration with Cisco ISE for user and session details, which currently requires additional setup.

The stability of the solution has been good, with minimal downtime or issues encountered during operation.

The scalability of Cisco SNA is impressive, allowing for seamless expansion and handling of large volumes of network traffic. 

I worked with a vendor team, and their level of expertise was satisfactory. Customer service and support from Cisco have been responsive and helpful.

Positive

My experience with setting up SNA was straightforward as I followed Cisco's guidelines and instructions. Additionally, I compared SNA with FortiNDR as per my customer's request to understand the differences between the two solutions.

ROI has been positive due to improved network visibility and security incident detection.

I would rate Cisco Secure Network Analytics around eight out of 10. It provides a smooth experience with minimal bugs, yet there are some features, such as username and session details integration, that could be enhanced in future iterations.

We use Stealthwatch mainly for security.

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

I would like to see some improvement when it comes to reporting.

The stability of the solution is fair.

Stealthwatch has a good level of scalability.

I would consider their technical support as "fair."

We were using SolarWinds and we are still using SolarWinds, so we use both.

The initial setup was complex, especially as it came to configurations.

We used an integrator for deployment. We had a pretty good experience with them.

The licensing costs are outrageous, but Stealthwatch has a good time to value.

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

Our primary use for this solution is to help protect against threats on our network.

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

There are no stability issues with the product.

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

We pay for support costs on a yearly basis.

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

We use the solution primarily for IDS/IPS.

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

We just immediately went with Stealthwatch and did not have a previous solution.

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

We did not use a vendor team for the deployment.

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer.

We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network.

Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or from a performance perspective as well.

It has definitely helped us improve our mean time to resolution on network issues.

From a security perspective, I think they've been good as far as giving us knowledge.

I wouldn't say it's really transformed what we do. It's just another tool that gives us the information we need or helps alarms for us. But it only alarms on a handful of things. I think there are six or eight alerts that we've deemed critical.

Beyond that, it's just mostly the performance where I think it helps out. But that's like any NetFlow performance tool. Having insight into what's going across your network is critical for any huge network to function correctly.

The most valuable feature of this solution is the ability to do TAPs because we have a distributed network.

The ability to set up one tool to stream that data over to us has been helpful because that way, we don't have to have other infrastructure and be really close to where the activity is. 

The security features have been good for helping create some correlation. For example, when you tap in, what else happens from the network perspective. 

Otherwise, just the general network performance monitoring is probably the number one thing that gets used. If we're having slowness issues then it can tell us what the bandwidth and usage are. We can find things like what is using up all the bandwidth and then find out how can we break that apart or route that differently, through a different WAN connection or internet connection.

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

The company has been using Cisco Stealthwatch for a couple of years, but I have only been with the company for less than one year.

I have not been made aware of any stability issues with the tool. 

My understanding is that it has been easy to scale, although I was not around for it. We have not had astronomical growth, but it sounds like it runs stable and there haven't been any performance issues with it.

We have 10 to 20 threat prevention engineers and network engineers of various levels who use it.

I have not been in contact with technical support.

I have not used another similar solution in the past. I think the only thing that would even come close was using Azure Advanced Threat Analytics, but that only really analyzes network traffic coming to the domain. It checks, for example, if there is sketchy network traffic hitting your domain controllers.

In my previous jobs, I used network performance tools, but nothing that was the same as StealthWatch where it combines that performance and security analysis together.

This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it.

I looked at the capabilities of SolarWinds NetFlow and realized that it can't replace our Cisco StealthWatch.

We are using the previous version.

Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

I would rate this solution an eight out of ten.

Using Cisco Secure Network Analytics has revolutionized our network security. The integration with SRTIntel provides unparalleled visibility, going beyond imagination. SNA, along with the SMA feature, offers detailed insights and call relations, enabling effective threat detection and response. The combination with endpoint protection gives us precise control over traffic, ensuring a robust defense against cyber threats.

The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration.

Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk. However, with Cisco's recent acquisition of Splunk, it seems this gap will be addressed. If this integration happens quickly, it could complete the circle, making the platform more robust and offering a comprehensive solution for our network security.

I would rate the stability as a seven out of ten.

I would rate the scalability as a seven out of ten. It is most suitable for enterprise businesses.

I have had some issues with the tech support for Cisco Secure Network Analytics in Southeast Asia. They don't seem very familiar with the product, so we usually contact teams in Australia or Europe for help. Thankfully, the support from those regions has helped sort out our technical problems. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of Cisco Secure Network Analytics was quite straightforward and user-friendly. The graphical interface makes it easy for anyone familiar with traffic management to handle the setup without much hassle. Explaining the concept to customers is a breeze, and they quickly grasp the key features. I would rate the easiness of the initial setup as a nine out of ten. The deployment typically takes a relatively short amount of time, from five to six hours.

I would rate Cisco SNA as a nine out of ten in terms of costliness.

I would recommend Cisco Secure Network Analytics to others. Overall, I would rate it as a nine out of ten.

We use the solution to improve the security of private hosting and network management systems. We can detect data exfiltration by analyzing statistics and identifying obsolete protocols and applications. It also helps us graph traffic metrics with valuable insights into routing and flows.

The solution's most valuable feature is its ability to detect potential endpoint threats.

The solution's cost could be better. Also, its granularity for RBAC roles-based access control needs improvement.

I have been using the solution for four years.

The solution is very stable.

The solution is expensive to scale up commercially.

The solution's technical support is good.

Positive

The complexity of the solution's deployment depends on the specific network infrastructure.

We have two executives to handle the implementation of the solution.

The solution is expensive. It costs several hundred thousand dollars per year (depending on how many flows you are collecting).

I rate the solution as a nine. It is very comprehensive and promising in encrypted traffic analysis. It is very well supported and documented as well.

We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.

StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.

There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.

StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market. 

Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.

The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.

We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.

We switched to StealthWatch for the orchestration features. 

Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.

The deployment includes about five engineers—six including me.

We used some integrators, including a consultant from Cisco.

We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs. 

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.