Try our new research platform with insights from 80,000+ expert users
AyoubAkhtar - PeerSpot reviewer
Cyber Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Enhances our overall security posture and helps us gain deeper insights into our network traffic
Pros and Cons
  • "Another notable feature of Cisco Secure Network Analytics is its Layer 7 visibility, which allows us to monitor and analyze network communications at the application layer."
  • "One area that could be improved in SNA is the integration with Cisco ISE for user and session details, which currently requires additional setup."

What is our primary use case?

Our main use case for Cisco Secure Network Analytics is its ability to monitor encrypted traffic without requiring decryption. This is a unique selling point, allowing us to analyze encrypted traffic securely. While this capability is highlighted by Cisco, it's not exclusive to their solution, as other vendors also offer similar functionalities for monitoring encrypted traffic.

What is most valuable?

Another notable feature of Cisco Secure Network Analytics is its Layer 7 visibility, which allows us to monitor and analyze network communications at the application layer. This provides insights into which protocols are being used and how they communicate within the environment. To achieve this level of visibility, we integrate a flow sensor component within the Cisco SNA solution, which gathers traffic data and forwards it to the Cisco collectors for analysis. This integration enhances our overall security posture and helps us gain deeper insights into our network traffic.

What needs improvement?

One area that could be improved in SNA is the integration with Cisco ISE for user and session details, which currently requires additional setup.

For how long have I used the solution?


Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability of the solution has been good, with minimal downtime or issues encountered during operation.

What do I think about the scalability of the solution?

The scalability of Cisco SNA is impressive, allowing for seamless expansion and handling of large volumes of network traffic. 

How are customer service and support?

I worked with a vendor team, and their level of expertise was satisfactory. Customer service and support from Cisco have been responsive and helpful.

How would you rate customer service and support?

Positive

How was the initial setup?

My experience with setting up SNA was straightforward as I followed Cisco's guidelines and instructions. Additionally, I compared SNA with FortiNDR as per my customer's request to understand the differences between the two solutions.

What was our ROI?

ROI has been positive due to improved network visibility and security incident detection.

What other advice do I have?

I would rate Cisco Secure Network Analytics around eight out of 10. It provides a smooth experience with minimal bugs, yet there are some features, such as username and session details integration, that could be enhanced in future iterations.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Manager at Indiana University Health
Real User
Increased our threat detection rate but the reporting needs improvement
Pros and Cons
  • "Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations."
  • "I would like to see some improvement when it comes to reporting."

What is our primary use case?

We use Stealthwatch mainly for security.

How has it helped my organization?

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

What is most valuable?

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

What needs improvement?

I would like to see some improvement when it comes to reporting.

What do I think about the stability of the solution?

The stability of the solution is fair.

What do I think about the scalability of the solution?

Stealthwatch has a good level of scalability.

How are customer service and technical support?

I would consider their technical support as "fair."

Which solution did I use previously and why did I switch?

We were using SolarWinds and we are still using SolarWinds, so we use both.

How was the initial setup?

The initial setup was complex, especially as it came to configurations.

What about the implementation team?

We used an integrator for deployment. We had a pretty good experience with them.

What's my experience with pricing, setup cost, and licensing?

The licensing costs are outrageous, but Stealthwatch has a good time to value.

What other advice do I have?

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Directorb5e9 - PeerSpot reviewer
Director Network Services at a consultancy with 1,001-5,000 employees
Real User
Provides never-before-seen data and intelligence using the encrypted traffic analysis feature
Pros and Cons
  • "The most valuable feature is having visibility into the data segments throughout our network."
  • "I would like to see more expansion in artificial intelligence and machine learning features."

What is our primary use case?

Our primary use for this solution is to help protect against threats on our network.

How has it helped my organization?

This solution has helped to save us against threats, and issues. Regarding threats, we have been able to go out and mitigate some of them.

Ironically, if we consider it from the standpoint of “searching for an issue”, while it does save us time, it also provides us with more threats and issues that we would not be able to see without the product. In this regard, it also increases the work. With more threats being detected, it takes longer to examine them.

In terms of detection rate improvement, we have a lot more visibility than we’ve had in the past.

It has reduced the amount of time it takes to detect and remediate threats. It has also reduced false positives.

What is most valuable?

The most valuable feature is having visibility into the data segments throughout our network.

Using the encrypted traffic analysis has given us more intelligence on the data that we're seeing, and provides us with even greater visibility. We can now see stuff that we haven't been able to see.

There is an encrypted analytics feature that gives us visibility into some of the encrypted traffic.

What needs improvement?

I would like to see more expansion in artificial intelligence and machine learning features.

There does not seem to be much available in terms of training for the product. We use several training institutions, and this solution is not on any of their lists.

What do I think about the stability of the solution?

There are no stability issues with the product.

What do I think about the scalability of the solution?

I think that the solution is very scalable. I believe that if we had to expand, we can easily add port collectors to our environment across the enterprise, and use the same management system to view the data.

We have not yet had to scale the solution.

How are customer service and technical support?

Only five of our engineers have been in contact with technical support. Because I don't work with the product day to day, I don't have any feedback.

Which solution did I use previously and why did I switch?

We did not have a solution like Stealthwatch. We heard about the product and the value it was able to give to companies regarding threats, and we thought it would be the right solution for us.

How was the initial setup?

Installing the solution is straightforward, although the tuning can be complex. In our case, we didn't have any pre-training or the skills required before deploying it. So, tuning was a little complex.

What about the implementation team?

We deployed the product with the assistance of our Cisco account engineers. We have a great engineering team assigned to our account.

What's my experience with pricing, setup cost, and licensing?

We pay for support costs on a yearly basis.

Which other solutions did I evaluate?

We evaluated Darktrace after the fact. The Cisco Stealthwatch solution tied in well with our other Cisco products, so we decided that this was the way to go, for now.

What other advice do I have?

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats.

The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need.

All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one.

My advice for anybody implementing this solution is to get training on it before their deployment.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1123185 - PeerSpot reviewer
Director of Network and Telecom Services at a healthcare company with 10,001+ employees
Real User
Dependable solution that is able to pinpoint where we have vulnerabilities if they occur
Pros and Cons
  • "It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur."
  • "The GUI could use some improvement. Being able to find features more easily would be a great improvement if it was simplified."

What is our primary use case?

We use the solution primarily for IDS/IPS.

How has it helped my organization?

It's a dependable product that is able to pinpoint where we have vulnerabilities if they occur.

What is most valuable?

Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. 

What needs improvement?

The GUI could use some improvement. Being able to find features more easily would be a  great improvement if it was simplified.

For how long have I used the solution?

We have been using the product for more than six months.

What do I think about the stability of the solution?

We used to have an older version of the firmware and we were always having problems with it. Now, they have really good firmware. They came up with some new revision to the code, and so it's a lot more stable.

What do I think about the scalability of the solution?

We haven't scaled it out more than what our initial scale was. I am only just imagining adding more sensors. When we configured it initially, we really didn't have a fundamental knowledge of exactly what to do with our network and the infrastructure. So we kind of had to let it sit there for about a month or two to learn — or get used to — the network and the product.

How are customer service and technical support?

I haven't personally had the opportunity to use technical support, but my staff has. As far as I know, it is good. We have the Smart Net total care. We can get a TAM (Technical Account Manager), and so we can escalate straight through to a tier-two or tier-three person. So we get somebody immediately.

Which solution did I use previously and why did I switch?

We just immediately went with Stealthwatch and did not have a previous solution.

How was the initial setup?

The initial setup was pretty complex because of the size of our environment. The product itself is complex. We had to have an advanced working knowledge of networks already before deploying the solution.

What about the implementation team?

We did not use a vendor team for the deployment.

Which other solutions did I evaluate?

We did evaluate another product called WhiteHat Security. The decision eventually came down to sticking with the system of the products. We wanted to kind of keep our products all in one family.

What other advice do I have?

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. 

We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1467678 - PeerSpot reviewer
Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees
Real User
Provides valuable security knowledge and helps us improve network performance
Pros and Cons
  • "It has definitely helped us improve our mean time to resolution on network issues."
  • "Many of these tools require extensive on-premises hardware to run."

What is our primary use case?

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer.

We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network.

Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or from a performance perspective as well.

How has it helped my organization?

It has definitely helped us improve our mean time to resolution on network issues.

From a security perspective, I think they've been good as far as giving us knowledge.

I wouldn't say it's really transformed what we do. It's just another tool that gives us the information we need or helps alarms for us. But it only alarms on a handful of things. I think there are six or eight alerts that we've deemed critical.

Beyond that, it's just mostly the performance where I think it helps out. But that's like any NetFlow performance tool. Having insight into what's going across your network is critical for any huge network to function correctly.

What is most valuable?

The most valuable feature of this solution is the ability to do TAPs because we have a distributed network.

The ability to set up one tool to stream that data over to us has been helpful because that way, we don't have to have other infrastructure and be really close to where the activity is. 

The security features have been good for helping create some correlation. For example, when you tap in, what else happens from the network perspective. 

Otherwise, just the general network performance monitoring is probably the number one thing that gets used. If we're having slowness issues then it can tell us what the bandwidth and usage are. We can find things like what is using up all the bandwidth and then find out how can we break that apart or route that differently, through a different WAN connection or internet connection.

What needs improvement?

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

For how long have I used the solution?

The company has been using Cisco Stealthwatch for a couple of years, but I have only been with the company for less than one year.

What do I think about the stability of the solution?

I have not been made aware of any stability issues with the tool. 

What do I think about the scalability of the solution?

My understanding is that it has been easy to scale, although I was not around for it. We have not had astronomical growth, but it sounds like it runs stable and there haven't been any performance issues with it.

We have 10 to 20 threat prevention engineers and network engineers of various levels who use it.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

I have not used another similar solution in the past. I think the only thing that would even come close was using Azure Advanced Threat Analytics, but that only really analyzes network traffic coming to the domain. It checks, for example, if there is sketchy network traffic hitting your domain controllers.

In my previous jobs, I used network performance tools, but nothing that was the same as StealthWatch where it combines that performance and security analysis together.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it.

Which other solutions did I evaluate?

I looked at the capabilities of SolarWinds NetFlow and realized that it can't replace our Cisco StealthWatch.

What other advice do I have?

We are using the previous version.

Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sales director at Future Point Technologies
Real User
Top 20
Ensures a robust defense against cyber threats
Pros and Cons
  • "The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration."
  • "Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk."

What is our primary use case?

Using Cisco Secure Network Analytics has revolutionized our network security. The integration with SRTIntel provides unparalleled visibility, going beyond imagination. SNA, along with the SMA feature, offers detailed insights and call relations, enabling effective threat detection and response. The combination with endpoint protection gives us precise control over traffic, ensuring a robust defense against cyber threats.

What is most valuable?

The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration.

What needs improvement?

Initially, I felt Cisco Secure Network Analytics lacked integration with Splunk. However, with Cisco's recent acquisition of Splunk, it seems this gap will be addressed. If this integration happens quickly, it could complete the circle, making the platform more robust and offering a comprehensive solution for our network security.

For how long have I used the solution?


What do I think about the stability of the solution?

I would rate the stability as a seven out of ten.

What do I think about the scalability of the solution?

I would rate the scalability as a seven out of ten. It is most suitable for enterprise businesses.

How are customer service and support?

I have had some issues with the tech support for Cisco Secure Network Analytics in Southeast Asia. They don't seem very familiar with the product, so we usually contact teams in Australia or Europe for help. Thankfully, the support from those regions has helped sort out our technical problems. Overall, I would rate the support as an eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of Cisco Secure Network Analytics was quite straightforward and user-friendly. The graphical interface makes it easy for anyone familiar with traffic management to handle the setup without much hassle. Explaining the concept to customers is a breeze, and they quickly grasp the key features. I would rate the easiness of the initial setup as a nine out of ten. The deployment typically takes a relatively short amount of time, from five to six hours.

What's my experience with pricing, setup cost, and licensing?

I would rate Cisco SNA as a nine out of ten in terms of costliness.

What other advice do I have?

I would recommend Cisco Secure Network Analytics to others. Overall, I would rate it as a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Former Employee of Orange Business Services as Head of Security Engineering at a comms service provider with 5,001-10,000 employees
Real User
Top 5Leaderboard
Comprehensive solution with a good technical support team
Pros and Cons
  • "It works efficiently for encrypted traffic analysis."
  • "Its granularity for RBAC roles-based access control needs improvement."

What is our primary use case?

We use the solution to improve the security of private hosting and network management systems. We can detect data exfiltration by analyzing statistics and identifying obsolete protocols and applications. It also helps us graph traffic metrics with valuable insights into routing and flows.

What is most valuable?

The solution's most valuable feature is its ability to detect potential endpoint threats.

What needs improvement?

The solution's cost could be better. Also, its granularity for RBAC roles-based access control needs improvement.

For how long have I used the solution?

I have been using the solution for four years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is expensive to scale up commercially.

How are customer service and support?

The solution's technical support is good.

How would you rate customer service and support?

Positive

How was the initial setup?

The complexity of the solution's deployment depends on the specific network infrastructure.

What about the implementation team?

We have two executives to handle the implementation of the solution.

What's my experience with pricing, setup cost, and licensing?

The solution is expensive. It costs several hundred thousand dollars per year (depending on how many flows you are collecting).

What other advice do I have?

I rate the solution as a nine. It is very comprehensive and promising in encrypted traffic analysis. It is very well supported and documented as well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gerald Jimenez - PeerSpot reviewer
IT Operations Supervisor at Aboitiz Equity Ventures, Inc.
Real User
I can set thresholds to detect sudden changes and the alarms go through the PLC parts
Pros and Cons
  • "StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk."
  • "There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous."

What is our primary use case?

We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.

What is most valuable?

StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.

What needs improvement?

There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

For how long have I used the solution?

We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.

What do I think about the stability of the solution?

StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market. 

Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.

What do I think about the scalability of the solution?

The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.

How are customer service and support?

We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.

Which solution did I use previously and why did I switch?

We switched to StealthWatch for the orchestration features. 

How was the initial setup?

Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.

The deployment includes about five engineers—six including me.

What about the implementation team?

We used some integrators, including a consultant from Cisco.

What's my experience with pricing, setup cost, and licensing?

We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs. 

What other advice do I have?

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.