We provide this solution to our customers to give them visibility into their network.
Architect at Atea A/S
Provides important visibility needed to detect and take precautions against threats
Pros and Cons
- "The most valuable features provided by this solution are visibility and information."
- "Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it."
What is our primary use case?
How has it helped my organization?
This solution gives our customers better visibility. They have a large infrastructure and they don't know what is going on in the individual locations, so we're using Stealthwatch for that.
It has reduced our incident response time by around forty percent.
It saves time, money and administrative work for our customers.
What is most valuable?
The most valuable features provided by this solution are visibility and information.
The solution's analytics and threat detection capabilities are good. Network visibility is also really good.
The encrypted traffic analytics work well, I don't see any problem with it.
The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working.
It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible.
What needs improvement?
Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it. It may have to do with a need for more education when installing the product.
Speed is an issue because the faster you have visibility, the better the solution.
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would say that the stability of this solution could be better.
What do I think about the scalability of the solution?
The scalability is okay.
How are customer service and support?
Technical support for this solution could be better. It's ok. It is sometimes a case of having to find the right tech engineer before you get the real answers. Not everybody knows Stealthwatch, which is the problem.
Which solution did I use previously and why did I switch?
Previously, my customer had a large router and switching network with a lot of perimeter security, but they didn't have any security or visibility on their internal network. That is why they are using Stealthwatch now.
How was the initial setup?
The initial setup of this solution is complex. The most important thing is that the customer has good guidelines.
What about the implementation team?
I performed the deployment myself.
Which other solutions did I evaluate?
We did not evaluate other options before choosing this solution.
What other advice do I have?
In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a university with 10,001+ employees
Enables us to detect and remediate threats much faster
Pros and Cons
- "The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us, because can see what's going on with traffic in one single place."
- "We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too."
What is our primary use case?
For our organization, Cisco Stealthwatch is more of a confirmation of what is happening on our network, or compliance. And in addition to that, it helps us to troubleshoot issues. We get to see where traffic is flowing and it helps us figure out problems.
How has it helped my organization?
Cisco Stealthwatch helps us in finding unknown traffic, allowing us to audit the network and make sure things that are happening that we are expecting to happen.
I am a little versed about the solution's analytic and threat detection capabilities, even though it is pretty good. I know that we use it to validate that there's no east/west traffic. So that's been beneficial to us because we have things in place preventing that, and it's our way of proving it has actually happened. We haven't started using it for cloud protection or any analysis yet.
This solution has definitely also reduced our incident response time because we had no visibility before. We can detect and remediate threats much faster now.
What is most valuable?
The most valuable feature of this solution is the way the net flow is being merged together in a single pane. That's been extremely useful for us because we can see what's going on with traffic in one single place.
I also believe the solution has increased our organization's threat protection rate. The actual threat reports are run by our Infosec security person, but we are actually using this solution for that too. We're having reports generated so that our network engineering doesn't have to do the review. That team is responsible for reviewing reports and then we work with them to locate and do the next steps.
What needs improvement?
We are continuing down the road of ACI and ISE with Cisco, so we would like to see the continuation of Stealthwatch integrating into ISE for exchange of information, and also, more into the ACI environment too.
What do I think about the stability of the solution?
The solution is very stable and we haven't had any crashes yet.
What do I think about the scalability of the solution?
Based on what we've used it so far, it looks like it's scaling. We're growing and it's growing with us, so it's doing what we need it to do.
How are customer service and technical support?
I do know we have used the support before and it was good enough to get our problems fixed.
Which solution did I use previously and why did I switch?
We switched to Cisco Stealthwatch for operational reasons. The solution we used before was very clunky, so it was clear that we needed a better solution. So we started looking around and this solution came to the top quickly.
How was the initial setup?
The initial setup was pretty straightforward and sufficient. It's good.
What other advice do I have?
I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on.
Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Network Operations Manager at a tech company with 10,001+ employees
Improved network visibility has saved us money and facilitates executive reporting
Pros and Cons
- "This product alleviates the day-to-day headaches for us, in regards to metrics."
- "The reporting of day-to-day metrics still has room for improvement."
What is our primary use case?
Our primary use for this solution is to provide operational metrics. In terms of the analytics and threat detection capabilities, it basically cures our day-to-day for everything that we do. It helps us out tremendously.
How has it helped my organization?
This product alleviates the day-to-day headaches for us, in regards to metrics. In terms of network visibility, the way we were looking at it before was kind of archaic. This solution has definitely opened up the metrics, as far as reporting is concerned.
This savings brought about by implementing this solution has allowed us to cut one position.
It has increased our threat detection rate and it has reduced our incident response time by ten to fifteen percent.
What is most valuable?
The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs.
What needs improvement?
There is room for this solution to mature because there are still things that we want to see.
The reporting of day-to-day metrics still has room for improvement.
What do I think about the stability of the solution?
This solution is very stable.
What do I think about the scalability of the solution?
We're kind of immature, right now, in our implementation, but I see it growing.
How are customer service and technical support?
We have not used technical support at this point.
Which solution did I use previously and why did I switch?
We were archaic in terms of reporting.
How was the initial setup?
I wouldn't say that the initial setup was complex. It took us approximately one week, which included two days of off-screening and two days of prep.
It was more a case of red tape on our end in regards to getting it into production than anything else. It wasn't complicated at all.
What about the implementation team?
We handled the deployment in-house.
What was our ROI?
The ROI was immediate for us, in regard to how we implemented it. The implementation was super quick, and we saw returns right from the get-go.
What's my experience with pricing, setup cost, and licensing?
The pricing for this solution is good.
Which other solutions did I evaluate?
We evaluated Darktrace, but I didn’t have a good, happy experience with their Account Manager.
What other advice do I have?
My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing.
The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision.
This is a good product, but there are still things that we would like to see.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Network Engineer at a insurance company with 5,001-10,000 employees
Tracks anomalies in real time but is challenging to scale to the size of our environment
Pros and Cons
- "Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job."
- "They should include Citrix VDIs in the next release."
What is our primary use case?
Our primary use case for Stealthwatch is endpoint security.
How has it helped my organization?
Being able to graph and show data to management has improved our organization. We can show the data to the higher-ups. It shows them that it's picking up on these anomalies and doing its job.
It has reduced our incidence response time by around 30%. The solution has improved our efficiency in operations around 30% through basic cost-cutting. It has reduced the amount of admin support time by around 15%.
What is most valuable?
The most valuable feature is its ability to track anomalies in real time. It increases our time-to-value ratios.
What needs improvement?
They should include Citrix VDIs in the next release.
What do I think about the stability of the solution?
It's stable.
What do I think about the scalability of the solution?
It's challenging to scale as big as our environment.
How are customer service and technical support?
I highly recommend their technical support.
Which solution did I use previously and why did I switch?
We knew we needed to switch because we had a gap in visibility. We picked this solution because we're a Cisco shop.
How was the initial setup?
The setup was of moderate complexity because of the Citrix environment.
What about the implementation team?
We used a reseller for the deployment called Presidio. We had a good deployment with them.
Which other solutions did I evaluate?
We also looked at FortiGate.
What other advice do I have?
On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix.
You need a dedicated team to manage all of these products and their integration together.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analysist at Amwins Group
Improved our internal knowledge of what's going on with the network but the reporting should be cleaner
Pros and Cons
- "It has improved our internal knowledge of what's going on with the network, and that's helpful."
- "I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity."
What is our primary use case?
We really just use the product for behavior analytics of our employees. When we have issues or when there is some type of an investigation from a security perspective, we pull up Stealthwatch and start trying to see what that user was doing. If there are any anomalies in their activities we have to take action to correct it.
We don't need to monitor every device. The reports show everything that person's doing and what device they're running, et cetera, and we really only need specific things.
That was one of our problems in the initial deployment. We tried to overcome that by redeploying. I'm not sure exactly sure that it helped a lot. We're getting more data, but I'm not really sure it gives us a true picture.
How has it helped my organization?
It has improved our internal knowledge of what's going on with the network, and that's helpful. Overall we like the product, I'm just not sure it's giving us everything that we can really get out of it right now.
What is most valuable?
The ability to see a real-time picture of the network is the most valuable for us.
What needs improvement?
I would like to see more and cleaner reporting. For example, if I pull up Steven and I want to look and maybe compare him to what you've done in the past week, and compare that to the past six months, the point would be to see what the difference in activity looks like over this time. I don't see that capability in reporting to date. You see that trend but you don't really see a straightforward comparison. That right there is key to what we want to see about the normal activity.
What do I think about the stability of the solution?
The product is very stable. No problems at all.
How are customer service and technical support?
I can't really comment on the customer service as that is not part of my turf. That's in the neck of the engineering team.
Which solution did I use previously and why did I switch?
There wasn't really a big decision making effort. The product came with the big suite of things that we purchased, so we decided to take advantage of it and deployed it.
How was the initial setup?
I was involved in the deployment. The initial setup should have been easier than it was — fairly easy overall. I think my engineering department made it more difficult. We should have deployed it based on the exact specifications of the vendor. On our team, we've got people who think they know more than the vendor. Any trouble goes back to our entire team not following the directions to the letter during the setup. They should have made sure they followed the exact steps to get everything running, and then actually go dig into any other need they're trying to solve for specifically. After that make sure to get reporting to match issues that are important to solve for because that's what makes it useful.
What about the implementation team?
We dealt directly with Cisco for the implementation.
What other advice do I have?
Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Network Engineer at a retailer with 1,001-5,000 employees
Enables us to be proactive with security analysis but the interface is sluggish
Pros and Cons
- "The ability to send data flow from other places and have them all in one place is very valuable for us."
- "I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago."
What is our primary use case?
The security team uses it more than we do. I don't work on it that much. We have a couple uses for Stealthwatch: gathering security data and sending logs. I believe there is a gatherer that we have that has all of our logs sitting there. That's basically all we use them for.
How has it helped my organization?
Stealthwatch improved our organization by providing more information so we can be proactive with security analysis.
It's made our network visibility better. The more information that we can give is all for the best. Just allowing us to get more information and visibility is also helpful.
I would say it has increased our threat detection rate. We use it to count employees and we have some new places we use it, so this may have increased.
It may have reduced the time to detect and remedy threats a little.
It has reduced false positives, by around 15%. That would be the security numbers, I'm not aware of the exact numbers.
I'm sure Stealthwatch saves us time, money, and administrative work.
What is most valuable?
The ability to send data flow from other places and have them all in one place is very valuable for us.
What needs improvement?
I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago.
For how long have I used the solution?
We've had Stealthwatch in production for a year and half.
What do I think about the stability of the solution?
It's stable now. I wouldn't say it was stable when we first had the solution, but now it's stable. In the beginning, we had the standard first-time turn-up stuff, like issues with the code, etc. We tried to give them a better solution to work with our company well. The way we have things set up is complicated.
What do I think about the scalability of the solution?
We only use it for certain subsets so we're not really dependent on how scalable it is. It does what we need it to do and that's all we could ever let it do.
How are customer service and technical support?
I didn't work much with technical support. We had to get a license. That was our only hangup in the beginning. I think their support is as expected.
What was our ROI?
In terms of time to value, I think that would be better, from my standpoint. I would say it's definitely helped, but I wouldn't consider it the only tool that we depend on.
I would say they are getting a return on investment if it's doing what they want it to do and they're getting information. Also, it helps to be proactive on things like Stealthwatch.
What other advice do I have?
The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it.
In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure.
I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a government with 1,001-5,000 employees
Makes it easy to pinpoint any network anomalies or any type of suspicious behavior
Pros and Cons
- "The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice."
- "I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI."
What is our primary use case?
We use Cisco Stealthwatch as our primary NetFlow collector. We use it for data analysis and for any issues that arise that require NetFlow data.
How has it helped my organization?
We recently got a security team. They've been more hands-on. They are not intuitive to networks.
Cisco Stealthwatch is good at bridging the gap between what they're capable of doing and the knowledge that they need. That generally comes from the networking side.
What is most valuable?
The search options on Cisco Stealthwatch are the most valuable. You can get very granular with it, down to the kilobits or the seconds if you want. The product supports any time frame that you need, so that is nice.
The solution affects network visibility in our company across all of our data, including our data center. All data transfers pass through our NetFlow collector.
It's very easy to pinpoint any network anomalies or any type of suspicious behavior. NetFlow is very good at detecting those spikes and traffic.
What needs improvement?
We don't use Cisco Stealthwatch for threat detection. We use it more for information gathering. We use better options for threat detection, i.e. Palo Alto firewalls for our security.
I would like the search page available with Cisco Stealthwatch to be more intuitive. The previous release was better than the current one for the UI.
We moved to the latest UI a couple of months ago, maybe like six months ago. I'm not a fan. I wish the search options were easier.
What do I think about the stability of the solution?
As far as stability, we've never had a problem with Cisco Stealthwatch. We've had it for probably three years. It's time for an upgrade.
What do I think about the scalability of the solution?
We're doing scalability with Cisco Stealthwatch now. We have a 1 GB collector. We need a 10 GB collector. We're looking at upgrading.
Cisco Stealthwatch has been good for us in the last couple of years. We had to purchase a whole new appliance for the 10 GB collector.
As far as scalability for the one that we purchased, it was not that great.
How are customer service and technical support?
I haven't had to use their technical support services.
Which solution did I use previously and why did I switch?
We're a Cisco running shop primarily. We purchased DNA Center and Stealthwatch all as part of that package. We're trying to get the whole suite of software packages. Stealthwatch is part of it.
How was the initial setup?
Our previous manager implemented our initial setup. I'm just a user. I can imagine it was difficult.
Which other solutions did I evaluate?
Stealthwatch has almost everything we need. There's no reason to evaluate anyone else.
We also have a WildPackets and a LiveAction engine. We use that for remote packet captures and not NetFlow data analytics.
What other advice do I have?
The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives.
The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes.
As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need.
It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier.
Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly.
I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it.
Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me.
The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12.
I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Airway Transportation Service Specialist at Federal Aviation Administration
Allowed us to effectively monitor network traffic and analyze anomalies
Pros and Cons
- "From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
- "We determined that Stealthwatch wouldn't provide the machine learning model that we required."
What is our primary use case?
Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.
What is most valuable?
From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it.
What needs improvement?
We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.
ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.
In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.
A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.
For how long have I used the solution?
I used Cisco Stealthwatch for a 30-day trial.
What do I think about the stability of the solution?
We didn't notice any bugs or glitches.
What do I think about the scalability of the solution?
As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it.
How are customer service and technical support?
We only needed to contact technical support once. They were very helpful. They walked us through everything.
How was the initial setup?
It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.
What other advice do I have?
Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.
We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc.
Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Network Monitoring Software Network Traffic Analysis (NTA) Network Detection and Response (NDR) Cisco Security PortfolioPopular Comparisons
Fortinet FortiEDR
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Fortinet FortiClient
Trend Micro Deep Security
SolarWinds NPM
Palo Alto Networks WildFire
PRTG Network Monitor
Fortinet FortiWeb
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- When evaluating Network Performance Monitoring, what aspect do you think is the most important to look for?
- What is the best network monitoring software for large enterprises?
- What Questions Should I Ask Before Buying a Network Monitoring Tool?
- UIM OnPrem - SaaS
- Anyone switching from SolarWinds NPM? What is a good alternative and why?
- What is the best tool for SQL monitoring in a large enterprise?
- What tool do you recommend using for VoIP monitoring for a mid-sized enterprise?
- Should we choose Nagios or PRTG?
- Which is the best network monitoring tool: Zabbix or Solarwinds? Pros and Cons?