Try our new research platform with insights from 80,000+ expert users
Engineer at Charter Communications, Inc.
Real User
Shows the actual data flow transiting the network but scalability is a concern
Pros and Cons
  • "Being able to identify specific date closed across the network is invaluable."
  • "We've had problems with element licensing costs so scalability is a concern."

What is our primary use case?

We mainly use this solution for diagnostic information.

How has it helped my organization?

Being able to see the actual data flows transiting the network versus what we had planned is a great sanity check for our overall design planning. It is also useful to be able to make sure that we track the load that we anticipate.

The core reason we purchased this product was to increase our visibility of where the traffic sources and destinations were, as opposed to just raw data that is on the interface.

Stealthwatch has also reduced 10% of false positives. We're kind of limited to the deployment of Stealthwatch right now.

It saves us administrative work and design. 

What is most valuable?

Being able to identify specific data closed across the network is invaluable.

Their analytics and threat detection capabilities are good. We're able to pick out the individual traffic flows for specific users and even individual sessions across the network and reconstruct timelines of activity after the fact, if needed, or use the data in real time to plan out network capacity and growth.

What do I think about the stability of the solution?

Stealthwatch is a very stable solution.

Buyer's Guide
Cisco Secure Network Analytics
December 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the scalability of the solution?

We've had problems with element licensing costs so scalability is a concern.

How are customer service and support?

The technical support provided is excellent.

Which solution did I use previously and why did I switch?

We used NetFlow before, so Stealthwatch was pretty much the only game in town for getting the level of detail that we were looking for out of the transport network. It was a natural choice.

What about the implementation team?

We used a vendor for the implementation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis, but I have no idea what the costs are.

Which other solutions did I evaluate?

We work very closely with Cisco directly and therefore we really just looked at Stealthwatch, because it was Cisco's product and they said this is what we do.

What other advice do I have?

You definitely need something to do flow level analysis.

The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data.

I would rate this solution as seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Technicab71a - PeerSpot reviewer
Technical Consultant at a tech services company with 501-1,000 employees
Consultant
Improves security through better lateral visibility, but better integration with Firepower is needed
Pros and Cons
  • "The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows."
  • "It would be better to let people know, up front, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed."

What is our primary use case?

We use this solution primarily for the TLS audit in our on-premise environment, and to assist our customers.

How has it helped my organization?

We are a reseller, and we are able to show demos of this solution pretty quickly. It gets people really excited.

The network visibility has vastly improved for the organizations that I assist with their services. Generally, they do not have lateral visibility into their network. We come in and deploy Cisco ISE, which helps them segment, but they still can’t prove what is going on. Now, with this solution, they have the ability to not only show what a user has tried to do, but they can show where inside of the network it was stopped. From that point, they have verification and can take action.

Our customers are happy with the threat detection rate. I would estimate that it has increased by eighteen to fifty-two percent. This solution definitely improves the incident response time. We always try to help our customers understand this advantage.

It has reduced the amount of time it takes to detect and remediate threats. I’d imagine that it makes it faster for most of our customers. A lot of them spin their wheels trying to get this information out of there, but they don’t actually see the value until they realize that the right search will show the flow immediately. It gets those answers to them quickly.

It helps with the administration. When it comes to creating documentation, you can export those things and paste them onto the back of the report.

I would say that the time to value is approximately a week. It takes this long because the machine learning component has to learn your network first.

What is most valuable?

The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows.

The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report.

I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning.

What needs improvement?

I would like this product to have better integration with Cisco Firepower. That is the easiest way to pair.

Eliminating Java from the SMC would improve this solution.

It would be better to let people know, upfront, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed. Most of my customers are ISE-based so it doesn't matter, but I have to break the news to the ones who are not.

What do I think about the stability of the solution?

This solution is pretty stable for the most part. I don't like Java, so that's the thing that needs to go, but for the most part, it is a great solution.

What do I think about the scalability of the solution?

This is a really scalable solution. We have done some pretty large deployments, and I have seen the scalability.

How are customer service and technical support?

I haven't needed to contact technical support for this solution. 

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one. It was like the wild wild west. We set this up in our lab because the internal IT couldn't figure out what everybody was doing. They now have insight into who did what, which is important because we have a lot of intellectual property to protect.

How was the initial setup?

The initial setup is straightforward for me, so when I work with our customers the setup is straightforward for them.

It is a basic, three-tier model that includes flow sensors, flow collectors, and the SMC (Stealthwatch Management Control). These are all named appropriately, so people can understand what is being talked about when they hear it.

After the installation is complete, it takes about a week for the machine learning component to learn your network.

What about the implementation team?

We implement this solution for our customers.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive. Our fees are approximately $3,000 USD.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this one.

What other advice do I have?

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. 

The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor.

Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature.

This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Cisco Secure Network Analytics
December 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
SeniorCoeaa2 - PeerSpot reviewer
Senior Consultant at a manufacturing company with 10,001+ employees
Real User
Integrates well, but the user interface needs refinement
Pros and Cons
  • "The most valuable feature is integration."
  • "I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations."

What is our primary use case?

Our primary use case for this solution is security.

How has it helped my organization?

We are currently adding test cases for the solution and it is not yet in a live production environment.

What is most valuable?

The most valuable feature is integration.

What needs improvement?

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

For how long have I used the solution?

Still implementing and testing.

What do I think about the stability of the solution?

This solution seems to be stable.

What do I think about the scalability of the solution?

This is a cloud-based solution, so it is very scalable.

How are customer service and technical support?

We have not used technical support.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is complex, at least in the beginning.

It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.

What was our ROI?

We are still in beta testing.

What's my experience with pricing, setup cost, and licensing?

Because we are still testing, we do not yet know what our licensing fees will be.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Network Architect at Henry Ford health system
Real User
Saves us time, money, and administrative work but scaling is a little difficult
Pros and Cons
  • "The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now."
  • "Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required."

What is our primary use case?

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

How has it helped my organization?

The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.

We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.

What is most valuable?

The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.

What needs improvement?

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

What do I think about the stability of the solution?

Stability is what we're looking for in production. Stability is everything.

The stability of the solution seems fine. It hasn't crashed yet.

What do I think about the scalability of the solution?

Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.

For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.

How are customer service and technical support?

The customer service has been fine, normal. It meets our expectations.

Which solution did I use previously and why did I switch?

We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.

How was the initial setup?

We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.

Which other solutions did I evaluate?

We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early. 

There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.

What other advice do I have?

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Network Engineer at a logistics company with 10,001+ employees
Real User
Easy to investigate flow and has improved the processes for mitigating any risks
Pros and Cons
  • "The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic."
  • "The initial setup was complex."

What is our primary use case?

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

How has it helped my organization?

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

What is most valuable?

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

What do I think about the stability of the solution?

We haven't had any stability issues so far, but we have only been running it for half a year.

What do I think about the scalability of the solution?

The scalability is good, seen from a license perspective, as well.

How are customer service and technical support?

We haven't really used the technical support yet, but in general, they are good.

How was the initial setup?

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

What about the implementation team?

We deployed it ourselves.

What was our ROI?

I don't think we have saved money, to be honest. But you cannot measure security and money.

Which other solutions did I evaluate?

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

What other advice do I have?

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Forensic60e5 - PeerSpot reviewer
Forensic Analyst at a pharma/biotech company with 1,001-5,000 employees
Real User
Provides holistic view of network traffic, packet analysis; it's easy to identify anomalies without signatures
Pros and Cons
  • "The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies."
  • "The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from Netflow-enabled devices to provide a context for network utilization."
  • "If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses."

What is our primary use case?

We implemented Stealthwatch Cloud in order to provide our analysts with an additional tool for security monitoring.

How has it helped my organization?

This tool provides another method for security analysts to triage security alerts. The artifacts available in the tool provide better information for analyzing network traffic. 

What is most valuable?

It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies.

What needs improvement?

I have nothing negative to say about the product. I've become very familiar with it, it is intuitive and easy to learn. I'm happy that the deployment worked well.

If there was one improvement I’d suggest it would be that it detect traffic through an intranet. The product requires that traffic flow through a managed network device. The product is designed mostly for enterprise environments and not smaller environments or businesses.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. Collecting NetFlow data is not hard, however, there is a chance you’ll end up with a huge amount of data that needs investigating. It might be a good idea to deploy gradually, by network segment.

How are customer service and technical support?

Technical support has been excellent. I would not hesitate to work with them again. The engineer I worked with was knowledgeable.

Which solution did I use previously and why did I switch?

No previous solution.

How was the initial setup?

The deployment was a breeze. It is a very innovative and robust platform that allows us to bi-directionally stitch together data elements from NetFlow-enabled devices to provide a context for network utilization.

What's my experience with pricing, setup cost, and licensing?

One thing to keep in mind is that pricing is based on flow. If your environment is a Cisco shop, there should be an option to bundle it with certain purchases.

What other advice do I have?

I do not use this product on AWS but I would be interested in doing so. AWS continues to be an expanding initiative.

Stealthwatch is a great product. It's a paid product with a need for licensing but does DDoS detection, compromised machines, NetFlow collection, and integrates with Cisco Identity Services Engine and Firepower. I rate it a 10 out of 10 due to the great technical support received, ease of deployment, and ease of integration.

I suggest reviewing other products just to get an idea of what’s available on the market. Some that come to mind are Splunk, Sourcefire, Kentik, NfSen, Plixer Scrutinizer, FireEye, and Darktrace. It really depends on if your company is looking for a primary NetFlow tool or a tool that is a mixture of cyber security and NetFlow.

Another thing to keep in mind is that it will be easy to end up with more data than you need when first deploying. The product has the ability to categorize traffic based on severity level (yellow, red). When you deploy, it might be best to take a smaller, manageable approach to investigate traffic on a network. This way you won’t be overwhelmed with the amount of data you get.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director7b47 - PeerSpot reviewer
Director of Operations at a manufacturing company with 1,001-5,000 employees
Real User
Has significantly increased our network visibility and threat detection rate
Pros and Cons
  • "The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure."
  • "It is time-consuming to set it up and understand how the tool works."

What is our primary use case?

Our primary uses for this solution are threat management and traffic management.

How has it helped my organization?

Our network visibility is pretty significant right now, where we use it within our data centers and even on the OT side of the house. It’s given us pretty good visibility.

This solution has increased our threat detection rate by forty to sixty percent.

Using this solution has helped us to improve threat-remediation timeframe.

It has reduced your incident response time. We use the solution's encrypted traffic analytics. It has significantly improved our capabilities. 

What is most valuable?

The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure.

What needs improvement?

It is time-consuming to set it up and understand how the tool works.

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?

In our environment, the way we've implemented in phases, the stability is good.

What do I think about the scalability of the solution?

We're going to be looking at this, and I'm hoping that it is scalable across our environment.

How are customer service and technical support?

I would rate the technical support for this solution extremely well. The professional services have been really good for us.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one, and we choose this solution based on Cisco's recommendation after they reviewed our requirements.

How was the initial setup?

The initial setup of this solution is complex. it wasn't necessarily the tool that was complex, but the environment. It had to do with the way our network is and the requirements that we needed to be implemented. This is where the complexity came from.

What about the implementation team?

We had a partner to assist us with the deployment.

Which other solutions did I evaluate?

Cisco was the only vendor that we considered for this solution.

What other advice do I have?

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start.

The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Architect at Atea A/S
Real User
Provides important visibility needed to detect and take precautions against threats
Pros and Cons
  • "The most valuable features provided by this solution are visibility and information."
  • "Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it."

What is our primary use case?

We provide this solution to our customers to give them visibility into their network.

How has it helped my organization?

This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.

It has reduced our incident response time by around forty percent.

It saves time, money and administrative work for our customers.

What is most valuable?

The most valuable features provided by this solution are visibility and information.

The solution's analytics and threat detection capabilities are good. Network visibility is also really good. 

The encrypted traffic analytics work well, I don't see any problem with it.

The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.

It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.

What needs improvement?

Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.

Speed is an issue because the faster you have visibility, the better the solution.

What do I think about the stability of the solution?

I would say that the stability of this solution could be better.

What do I think about the scalability of the solution?

The scalability is okay.

How are customer service and technical support?

Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.

Which solution did I use previously and why did I switch?

Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.

How was the initial setup?

The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.

What about the implementation team?

I performed the deployment myself.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.