Cisco Secure Network Analytics Reviews

We use Stealthwatch mainly for security.

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

I would like to see some improvement when it comes to reporting.

The stability of the solution is fair.

Stealthwatch has a good level of scalability.

I would consider their technical support as "fair."

We were using SolarWinds and we are still using SolarWinds, so we use both.

The initial setup was complex, especially as it came to configurations.

We used an integrator for deployment. We had a pretty good experience with them.

The licensing costs are outrageous, but Stealthwatch has a good time to value.

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

I use the solution in my company just like an NDR solution so that encrypted traffic does not require to be decrypted. Users can monitor all of the encrypted traffic in the product, making it a unique USP of the solution. I think even other tools have such abilities, but Cisco has claimed it is 100 percent sure of all the encrypted traffic it captures.

The most valuable feature of the solution is that it helps you gain visibility for your application. The tool offers L7 visibility, which is good for users who can get visibility of their network communication and decide which protocols they can use in an environment and which ones they can communicate everywhere. If you need to view the L7 visibility, we need to integrate Cisco Secure Network Analytics Flow Sensor, a Cisco component. All the traffic ingested comes from Cisco Secure Network Analytics Flow Sensor and then it is all forwarded to Common Services Platform Collector (CSPC), which are all components of Cisco Secure Network Server and Cisco Secure Network Analytics.

The expensive nature of the tool is an area of concern where improvements are required.

I have experience with Cisco Secure Network Analytics.

When it comes to my company's customers, in every environment where you go to check for solutions, you need permission from the C-level executives and upper management, and it takes time.

My customers are enterprise-sized businesses. Even small businesses can use the tool, but it is expensive. Cisco solutions are used in enterprises with huge management for network visibility.

I have connected with the solution's technical support, and I feel you can ask them any knowledge questions associated with the tool. They provide proper feedback and guidelines. Based on the support offered by the tool's team for PoCs, I rate the technical support a seven to eight out of ten. Even if the tool's support team is not engaged and we need to create a ticket, I have no idea how Cisco gets engaged, but I know that if Cisco's sales team engages me. When it comes to the PoC part, it takes time for the tech team to give me the information I need.

Positive

I work with Forcepoint DLP, Kaspersky's EPP, and XDR tools. I have two years of experience in cybersecurity engineering.

I had just started the tool's PoC for our customer environment and have two months of experience.

For the setup phase, I followed all the Cisco guidelines. My customer also wants to have FortiNDR in their environment. I wanted to see the difference between Cisco and FortiNDR.

The time required to deploy the solution depends on your architecture, how you want it, and the scalability, and that's the customer's requirement. It does not depend on what you can do or the cost factor. Also, if you are using machine learning and artificial intelligence tools, you need to fine-tune the solution, which is why it takes too long to deploy it. We can deploy any solution anywhere we want, but it takes time and depends on the customer's response.

The tool is not cheaply priced. In cybersecurity, you want an extra layer of security in your organization. Some sectors want NDR solutions, so you cannot deploy such tools everywhere, as they are expensive.

In Pakistan, owing to financial reasons, people go for solutions where the set price is minimal. The customers want tools that are priced less but offer compatibility and extra features they don't get from the big solutions in the market. From a financial point of view, the customers want minimally priced products.

When it comes to the integration part, it all depends on the third-party tools for integration. For example, if you need user session details, you may need to integrate Cisco ISE integration with the tool. A complementary feature is available if you want to view the user, who the user is, and what the session time is on this in the network if you can capture off and on traffic. We need to integrate Cisco ISE to view the user's name and their details. I think Cisco wants to add features in Cisco Secure Network Analytics, so there is no need to integrate it with Cisco ISE because you cannot have it everywhere.

I am working on Kaspersky, which has no dedicated NDR solution. So, I am just working on my first NDR solution from Cisco. Cisco is a smooth tool with no bugs. In the future, the tool may add an area like the user's name and session details.

I rate the tool a seven and a half to eight out of ten.

We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.

We are a reseller, and we are able to show demos of this solution pretty quickly. It gets people really excited.

The network visibility has vastly improved for the organizations that I assist with their services. Generally, they do not have lateral visibility into their network. We come in and deploy Cisco ISE, which helps them segment, but they still can’t prove what is going on. Now, with this solution, they have the ability to not only show what a user has tried to do, but they can show where inside of the network it was stopped. From that point, they have verification and can take action.

Our customers are happy with the threat detection rate. I would estimate that it has increased by eighteen to fifty-two percent. This solution definitely improves the incident response time. We always try to help our customers understand this advantage.

It has reduced the amount of time it takes to detect and remediate threats. I’d imagine that it makes it faster for most of our customers. A lot of them spin their wheels trying to get this information out of there, but they don’t actually see the value until they realize that the right search will show the flow immediately. It gets those answers to them quickly.

It helps with the administration. When it comes to creating documentation, you can export those things and paste them onto the back of the report.

I would say that the time to value is approximately a week. It takes this long because the machine learning component has to learn your network first.

The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows.

The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report.

I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning.

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.

Eliminating Java from the SMC would improve this solution.

It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.

This solution is pretty stable for the most part. I don't like Java, so that's the thing that needs to go, but for the most part, it is a great solution.

This is a really scalable solution. We have done some pretty large deployments, and I have seen the scalability.

I haven't needed to contact technical support for this solution. 

We did not use another solution prior to this one. It was like the wild wild west. We set this up in our lab because the internal IT couldn't figure out what everybody was doing. They now have insight into who did what, which is important because we have a lot of intellectual property to protect.

The initial setup is straightforward for me, so when I work with our customers the setup is straightforward for them.

It is a basic, three-tier model that includes flow sensors, flow collectors, and the SMC (Stealthwatch Management Control). These are all named appropriately, so people can understand what is being talked about when they hear it.

After the installation is complete, it takes about a week for the machine learning component to learn your network.

We implement this solution for our customers.

This solution is expensive. Our fees are approximately $3,000 USD.

We did not evaluate other options before choosing this one.

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. 

The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.

Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.

This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.

I would rate this solution a seven out of ten.

Our primary use case for this solution is security.

We are currently adding test cases for the solution and it is not yet in a live production environment.

The most valuable feature is integration.

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

This solution seems to be stable.

This is a cloud-based solution, so it is very scalable.

We have not used technical support.

We did not use another solution prior to this one.

The initial setup for this solution is complex, at least in the beginning.

It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.

We are still in beta testing.

Because we are still testing, we do not yet know what our licensing fees will be.

We did not evaluate other options.

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.

We recently got a security team. They've been more hands-on. They are not intuitive to networks. 

Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.

The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.

The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector. 

It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.

We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security. 

I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI. 

We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.

As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.

We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading. 

Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector. 

As far as scalability for the one that we purchased, it was not that great.

I haven't had to use their technical support services.

We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.

Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.

Stealthwatch has almost everything we need. There's no reason to evaluate anyone else. 

We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.

The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. 

As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. 

It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.

Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.

I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. 

Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.

The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. 

I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

We provide this solution to our customers to give them visibility into their network.

This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.

It has reduced our incident response time by around forty percent.

It saves time, money and administrative work for our customers.

The most valuable features provided by this solution are visibility and information.

The solution's analytics and threat detection capabilities are good. Network visibility is also really good. 

The encrypted traffic analytics work well, I don't see any problem with it.

The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.

It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

I would say that the stability of this solution could be better.

The scalability is okay.

Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.

Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.

The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.

I performed the deployment myself.

We did not evaluate other options before choosing this solution.

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.

This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.

This savings brought about by implementing this solution has allowed us to cut one position.

It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent. 

The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.

There is room for this solution to mature because there are still things that we want to see.

The reporting of day-to-day metrics still has room for improvement.

This solution is very stable.

We're kind of immature, right now, in our implementation, but I see it growing.

We have not used technical support at this point.

We were archaic in terms of reporting.

I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.

It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.

We handled the deployment in-house.

The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.

The pricing for this solution is good.

We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.

The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.

This is a good product, but there are still things that we would like to see.

I would rate this solution a nine out of ten.

Our primary use is to monitor our network, especially our remote branches.

Stealthwatch has decreased our troubleshooting steps and also cut down on the amount of time it takes us to resolve an issue.

We're able to map out our environment using Stealthwatch and we can see where our data is going, throughout our network.

Stealthwatch reduced our incident response rate, as well as the amount of time it takes to detect and remediate threats by about 25%.

This solution saves us time, money, and administrative work.

The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems.

In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing.

The overall visibility into the actual device itself would be helpful. I don't just want support-specific data, but also to be able to see information such as CPU and other internal components or usage of the devices.

The solution's very stable. Even through the upgrades after Cisco's acquisition, it has proved to be very stable.

It scales very well.

We haven't had to use it much. When we have, it's been similar to most Cisco technical support, which is very knowledgeable and helpful.

We previously used SolarWinds. The version of SolarWinds that we were using didn't give us the visibility that we needed, so we switched to Stealthwatch.

The initial setup was straightforward.

We have seen a return on investment, from the fact that we now take less time to resolve an issue because we have Stealthwatch. We can capture some data in real time, or we can actually go back in the history base if we have to, to see where the issues may have started, and we also have baselines.

Their time to value is very good. We've upgraded and we just relicensed, so this is definitely a product that we use.

The yearly licensing cost is about $50,000.

We evaluated SolarWinds, WhatsUp Gold, and a couple of others that I can't think of right now.

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch.

I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.