Try our new research platform with insights from 80,000+ expert users
Manager, Network Engineering & Telecommunications at a healthcare company with 1,001-5,000 employees
Real User
Enables us to detects threats early on, ensuring that our network stays secure
Pros and Cons
  • "The solution reduces the amount of time it takes to detect and remediate threats."
  • "The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types."

What is our primary use case?

We use Cisco Stealthwatch mostly for network visibility and security. I believe the solution reduces false-positives by flagging it as potential threats.

How has it helped my organization?

In terms of how this solution has affected network visibility, we're finding devices that junior network engineers, people who don't want to wait for proper channels, have added to the network. This solution enables us to find them and shut them down. 

It has reduced our incident response time. We can now narrow down where incidents are happening, so it very helpful for our organization.

What is most valuable?

The features I find most valuable is the deep level of knowledge that we get on every device as well as what other devices it's talking to. 

Analytics and threat detection capabilities are a little overwhelming. I would say it's about average. 

The solution reduces the amount of time it takes to detect and remediate threats.

For how long have I used the solution?

We've been using this solution for around a year now.
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

So far we haven't had any issues with the stability of the solution. We haven't gone through a major upgrade cycle yet.

What do I think about the scalability of the solution?

Our initial deployment was built out to the right size for our organization.

How are customer service and support?

There hasn't been any need to ask for technical support since our initial deployment, where we used a reseller. 

How was the initial setup?

The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types. 

What about the implementation team?

We used a reseller for the deployment, CDW.

Which other solutions did I evaluate?

We evaluated Plixer, but the fact that Stealthwatch was Cisco integrated, sold it for us.

What other advice do I have?

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at Oracle Corporation
Real User
Deploying this solution has shown us how poor our previous network monitoring coverage was
Pros and Cons
  • "It has been pretty stable since we deployed it, and everything seems to be working fine."
  • "We had some trouble with the installation as we migrated from our previous solution."

What is our primary use case?

This is a security solution for us and our customers. We use it for port monitoring aggregation and doing captures.

What needs improvement?

We had some trouble with the installation as we migrated from our previous solution.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

It has been pretty stable since we deployed it, and everything seems to be working fine.

What do I think about the scalability of the solution?

That scalability seems to be ok, although we did have some concerns. Potentially, we are going to be looking at 100-gigabit links, and the version of the solution that we deployed does not support that. That is a long-term concern, rather than an immediate one.

How are customer service and technical support?

We had some technical questions when we were doing the initial deployment, and they were very good in helping us with that.

Which solution did I use previously and why did I switch?

Prior to this solution, we used an ad-hoc, internal system. We knew that it had to be replaced because it was not passing the audit as per our set standards. Ultimately, that drove us to look for a more standardized solution.

How was the initial setup?

The initial setup for this solution was fairly complex. This was, in part, because of where we placed it in our network and the removal of our old system. It involved mapping it from the old to new so that it will be able to maintain the same functionality in our network.

What about the implementation team?

We used an integrator to assist with the implementation.

Which other solutions did I evaluate?

Cisco is our biggest primary vendor, so it was an easy go-to for this solution.

What other advice do I have?

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.

This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Manager of Digital Communications at Memorial Hermann Healthcare System
Real User
Good for analyzing security threats and as a general network performance diagnostic tool
Pros and Cons
  • "The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives."
  • "The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view."

What is our primary use case?

We use Cisco Stealthwatch for security and network analytics. The solution saves you time, money, and administrative work. If we have the device support, it means that I don't have to send someone in a car to go to be local on the site and look at whatever the issue is.

How has it helped my organization?

Our limitation is that Cisco Stealthwatch doesn't have visibility over everything. When we can use it, it gives us direct information. We use this information not only for analyzing security threats but as well as just for general network performance in the places it has view of.  

The solution affected network visibility in our organization fairly well. Without it, I have almost no visibility. It requires me to send people to different sites to manually get captured or to look at the network.

The solution has increased our threat detection rate. Cisco Stealthwatch has not reduced our incident response times. It has not reduced the amount of time it takes us to detect immediate threats. It has reduced false positives.

What is most valuable?

The analytics and threat detection capabilities of Cisco Stealthwatch are pretty good. It gives us good visibility of the information. It is easy to use and to the point.

What needs improvement?

The ability to be natively integrated into Port Aggregator would be beneficial because it would reduce just one more component that's needed in order to have that type of view.

What do I think about the stability of the solution?

I've never known it to go down or have availability issues.

What do I think about the scalability of the solution?

Cisco Stealthwatch is scalable with money. It's expensive.

How are customer service and technical support?

I haven't dealt with Cisco customer service directly.

How was the initial setup?

The initial setup was before I was at the company. It was over six years ago.

What about the implementation team?

We used an integrated reseller for the deployment called Set Solutions. Our experience with them was pretty good.

What other advice do I have?

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag.

The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams.

It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole.

Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Manager at a healthcare company with 1,001-5,000 employees
Real User
Enables us to proactively troubleshoot and determine what an issue is
Pros and Cons
  • "It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it."
  • "I would like to see better filters."

What is our primary use case?

Our primary use case of this solution is for troubleshooting network issues.

How has it helped my organization?

This solution has improved my organization because when I have users who are having issues with patching slowness it gives me the ability to be able to proactively troubleshoot and determine what the issue is.

What is most valuable?

The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use. 

What needs improvement?

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.

What do I think about the stability of the solution?

It's very stable. 

What do I think about the scalability of the solution?

Stealthwatch is very scalable.

How are customer service and technical support?

Their technical support is very good. The turnaround has been great. 

We used them when we had a bug and the data stream was showing us data reports that weren't accurate. The support helped us with that. 

Which solution did I use previously and why did I switch?

We switched and chose this solution because of the reseller's recommendation. 

How was the initial setup?

The initial setup was straightforward. It was easy, the instructions were there. It was pretty straightforward to operate. Your learning curve could be a little bit difficult, but it's up and coming.

What about the implementation team?

We used a reseller for the deployment called SEBok Limited. 

What was our ROI?

I have not seen ROI yet. 

Which other solutions did I evaluate?

Stealthwatch was the only choice. 

What other advice do I have?

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Manager Administrator at a financial services firm with 501-1,000 employees
Real User
Provides real-time monitoring to identify peak traffic and possible issues
Pros and Cons
  • "It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused."
  • "At my company, we might not be using it enough with other applications that we have that can integrate with it."

What is our primary use case?

Stealthwatch is primarily a network monitoring tool.

How has it helped my organization?

Let's say a certain service is functioning properly and then out of nowhere this morning we started getting a lot of user complaints from the customers. We basically run the analytics against some specific goals and check what host and course the traffic is being processed through. We can monitor the traffic in real time from the moment of the issue to past months in order to see the flow of data and when exactly it spiked. We can then drill down to the root cause of the spike.

Network visibility also affected our organization in a positive manner. We wanted to track down traffic for specific goals. We just type it in the search bar and drill down to the top conversations of the period. We can see what ports are being utilized and whether there were clients and hosts that were talking to each other.

This solution has also increased our threat detection rate, by around 25-30%. An example would be that it provided a better posture in our internal network.

Stealthwatch has definitely reduced the incident response time. Whenever there's an issue, before we got Stealthwatch, we would have to go into multiple applications and gather data to pinpoint the issue. But with Stealthwatch, it's really up to us to pinpoint a time frame, specific host, or something like that. The response time is now about 50% faster.

Troubleshooting is now only minutes instead of a couple of hours that it took before we used this solution.

We also reduced a good amount of false positives and saved some time. It used to take a couple of hours to identify what the issue was, but with Stealthwatch we can find it within minutes.

What is most valuable?

It is a good application, providing for real-time monitoring of the organization of data. It can basically identify points of peak traffic where possible issues are being caused.

What needs improvement?

At my company, we might not be using it enough with other applications that we have that can integrate with it.

We need integration between ISE and Stealthwatch. I know my company is trying to get it to work. I don't know if they actually got it yet.

For how long have I used the solution?

My company has been using Stealthwatch for the past four to five years.

What do I think about the stability of the solution?

Stability is really good. I don't think we ever had an issue with it.

How was the initial setup?

The initial setup was straightforward. It wasn't difficult.

What was our ROI?

I would say a ten in terms of return on investment because it improved our recovery time and resolved many issues.

What other advice do I have?

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner.

The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work.

I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Technology Officer at a tech services company with 51-200 employees
MSP
Excellent network monitoring for anomaly detection and evaluation
Pros and Cons
  • "Great network monitoring, looking at anomaly detection and evaluation."
  • "The visualization could be improved, the GUI is not the best."

What is our primary use case?

Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco. 

How has it helped my organization?

The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.

What is most valuable?

The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch. 

What needs improvement?

The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

The solution is very stable. 

What do I think about the scalability of the solution?

This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.

How are customer service and technical support?

Technical support has been good, similar to other areas of Cisco support. 

How was the initial setup?

The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.

What other advice do I have?

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

I rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
PMO Department at a comms service provider with 1,001-5,000 employees
Real User
Good visibility, good integration with the Cisco switching platform, and helpful support
Pros and Cons
  • "It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform."
  • "Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks."

What is our primary use case?

We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

What is most valuable?

It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

What needs improvement?

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

How are customer service and support?

Cisco tech support is very helpful. They have different tech support management options.

How was the initial setup?

Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

What's my experience with pricing, setup cost, and licensing?

It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

What other advice do I have?

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Senior Network Engineer at a comms service provider
Real User
Has reduced our incident response time and false positives
Pros and Cons
  • "The most valuable feature about this solution is that it gives me insight of my network."
  • "It hasn't really improved our direct detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution."

What is our primary use case?

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

How has it helped my organization?

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

What is most valuable?

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

What do I think about the stability of the solution?

We are still running it but so far it has been really stable.

What do I think about the scalability of the solution?

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

How was the initial setup?

Although I wasn't involved in the initial setup myself, it looked straightforward. 

What about the implementation team?

We installed the solution ourselves because we are Cisco partners.

Which other solutions did I evaluate?

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

What other advice do I have?

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.