Cisco Secure Network Analytics Reviews

We use Stealthwatch mainly for security.

Stealthwatch has greatly improved our network visibility, in terms of bandwidth, malware, and PCI violations.

It has increased our threat detection rate, by around 100%. Stealthwatch has also reduced the time to detect and remediate threats, as well as saves us time. We're using it for bandwidth detection, so that's helped. In addition, we use the solution's encrypted traffic analytics and cognitive analytics.

The single most valuable feature we get out of Stealthwatch is visibility. Also, analytics and threat protection capabilities are good, so far.

I would like to see some improvement when it comes to reporting.

The stability of the solution is fair.

Stealthwatch has a good level of scalability.

I would consider their technical support as "fair."

We were using SolarWinds and we are still using SolarWinds, so we use both.

The initial setup was complex, especially as it came to configurations.

We used an integrator for deployment. We had a pretty good experience with them.

The licensing costs are outrageous, but Stealthwatch has a good time to value.

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for.

I would rate Stealthwatch as seven out of ten. It's easy to use.

We use Cisco Stealthwatch mostly for network visibility and security. I believe the solution reduces false-positives by flagging it as potential threats.

In terms of how this solution has affected network visibility, we're finding devices that junior network engineers, people who don't want to wait for proper channels, have added to the network. This solution enables us to find them and shut them down. 

It has reduced our incident response time. We can now narrow down where incidents are happening, so it very helpful for our organization.

The features I find most valuable is the deep level of knowledge that we get on every device as well as what other devices it's talking to. 

Analytics and threat detection capabilities are a little overwhelming. I would say it's about average. 

The solution reduces the amount of time it takes to detect and remediate threats.

We've been using this solution for around a year now.

So far we haven't had any issues with the stability of the solution. We haven't gone through a major upgrade cycle yet.

Our initial deployment was built out to the right size for our organization.

There hasn't been any need to ask for technical support since our initial deployment, where we used a reseller. 

The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types. 

We used a reseller for the deployment, CDW.

We evaluated Plixer, but the fact that Stealthwatch was Cisco integrated, sold it for us.

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

The primary use case for Cisco Stealthwatch is for us to sell it. 

It has improved my organization's network visibility from zero because before we had installed this solution, we weren't doing anything to protect us from threats. I believe this solution has reduced our incident response time. 

The features I find most valuable about Cisco Stealthwatch its integration with the pxGrid and all of our other devices that are tied in with pxGrid, so they can communicate with each other and be able to dynamically change, quarantine a suspicious device, or do whatever necessary in case of a malware attack or similar problem.

Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.

We are currently also using AMP and a few other Cisco products to assist us with threat protection and it's only been running for a couple of months.

This solution is very stable.

I believe there isn't much to scale for it and I think it all depends on how many nodes you're running in the environment. I will say the scalability is fairly decent.

I haven't had to use technical support yet. I've only read through the pages of documentation.

The initial setup was a little complex since I haven't set it up before. 

It is hard to say yet, but at least we can tell customers that we've detected a threat, and it can be stopped in time.

For our organization, it is cheap, but for other customers, it may be fairly expensive. 
As we are resellers of Cisco Stealthwatch, we hope to save time, money, and administrative costs once we start selling more of these solutions.

I am responsible for the security of our organization's devices, so I did look at other options. Since this solution ties into other products, I wanted to use Duo Security and tie that together with StealthWatch.

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. 

My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

The Cisco IOS is very important because that is what we have to teach our students.

There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.

We've been using Cisco equipemnt for four or five years.

It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.

I think in order to master the network security issues it's complex. The deployment took a week or so.

I think that maybe we need more products for our students to try and to master. It's part of their learning.

I would rate this solution as nine or ten out of ten.

Our primary use case for this solution is security.

We are currently adding test cases for the solution and it is not yet in a live production environment.

The most valuable feature is integration.

I would like to see a hybrid solution that can work without being connected directly to the internet for those destinations. A business case would be manufacturing floors that are not, or still not, connected to the internet permanently.

In terms of the user interface, navigating through the drill down windows needs to be improved.

Still implementing and testing.

This solution seems to be stable.

This is a cloud-based solution, so it is very scalable.

We have not used technical support.

We did not use another solution prior to this one.

The initial setup for this solution is complex, at least in the beginning.

It is a really hard step from being a networking engineer and moving to that software component. You have to understand the software because the dependency on the actual programming is very important. That has been a learning curve.

We are still in beta testing.

Because we are still testing, we do not yet know what our licensing fees will be.

We did not evaluate other options.

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible.

I would rate this solution a seven out of ten.

This is a security solution for us and our customers. We use it for port monitoring aggregation and doing captures.

We had some trouble with the installation as we migrated from our previous solution.

Three months.

It has been pretty stable since we deployed it, and everything seems to be working fine.

That scalability seems to be ok, although we did have some concerns. Potentially, we are going to be looking at 100-gigabit links, and the version of the solution that we deployed does not support that. That is a long-term concern, rather than an immediate one.

We had some technical questions when we were doing the initial deployment, and they were very good in helping us with that.

Prior to this solution, we used an ad-hoc, internal system. We knew that it had to be replaced because it was not passing the audit as per our set standards. Ultimately, that drove us to look for a more standardized solution.

The initial setup for this solution was fairly complex. This was, in part, because of where we placed it in our network and the removal of our old system. It involved mapping it from the old to new so that it will be able to maintain the same functionality in our network.

We used an integrator to assist with the implementation.

Cisco is our biggest primary vendor, so it was an easy go-to for this solution.

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up.

This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation.

I would rate this solution an eight out of ten.

We use Cisco Stealthwatch for device compliance and device auditing. It's part of our overall strategy. We have been consolidating down. Our security team is over-packed. We're trying to leverage what we have and move the blame away from us on the network side.

The solution's analytics and thrust detection capabilities are good. We're still adjusting it. It's a little hypersensitive, but it is working right now.

We use cloud threat analytics. We don't use the cloud engine. Intrusion detection and analytics have been good so far. We haven't caught anything crazy yet. We're still eyeing it.

The most valuable feature is the level of visibility and the automation behind it. We don't have to go chasing things down.

Cisco Stealthwatch needs more integration with device discovery. We have to do a lot of hard work to figure out what things are. Better service integration is required.

Stability is what we're looking for in production. Stability is everything.

The stability of the solution seems fine. It hasn't crashed yet.

Scaling with Cisco Stealthwatch is a little bit difficult. At our scale, we need a lot of boxes to make it work. The hardware is something else. Some of the devices seem a little bit outdated in how they're built.

For the scalability, other than some of the interesting things like the blow sensors, the actual analytics engine is solid so far.

The customer service has been fine, normal. It meets our expectations.

We did not have a different solution in this specific use case. We had some solutions that would cover pieces of it but nothing ever did the whole job.

We deployed it ourselves. It was easy enough. The instructions were clear enough for us to be able to roll it out straightforward.

We were looking at NetScout and ThousandEyes, plus a couple of other similar solutions. We have a lot of NetScout products. We're trying to get into that space but we're not there yet. We're still too early. 

There are not a lot of products currently available for that specific function. There are a lot of half-solutions on the market.

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that.

Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase.

The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams.

In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process.

On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. 

A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves.

Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on.

Deploying the virtual machines made our storage have artifacts. But that was expected. 
Make sure you resource it correctly because it's going to use more than you expect.

Our primary use for Stealthwatch is to provide insights into what traffic is flowing through the network for our security operations center. With that, they can go and enforce security.

It has improved the processes for mitigating any risk that might be. So when we find traffic that we don't want to allow, then it makes it easy to actually investigate where the traffic was and then we have the history as well.

This solution has improved network visibility a lot. We have a thousand sites around the world. So trying to figure out how the users are using the network is not an easy job. By using Stealthwatch, we are actually able to get the visibility of what they're using and also to get some kind of insights into patterns that they are having. For example, browsing YouTube, Facebook, and so forth.

Stealthwatch increased the threat detection rate, but not our incident response time.

It has also reduced the amount of time it takes us to detect and remediate threats, by about 20%.

The feature most valuable for us is to gain visibility of what is actually floating through, so we can stop it based on whether it's good or bad traffic.

Their analytics and threat detection capabilities are good, too.

We haven't had any stability issues so far, but we have only been running it for half a year.

The scalability is good, seen from a license perspective, as well.

We haven't really used the technical support yet, but in general, they are good.

The initial setup was complex. Lancope was the owner of Stealthwatch until Cisco acquired them and there are still a lot of dependencies on Lancope, which makes the overview a bit difficult to get.

We deployed it ourselves.

I don't think we have saved money, to be honest. But you cannot measure security and money.

We looked into Darktrace, but we chose Stealthwatch because we have an ELA agreement, and that makes the product available to us already. But also in relation to actually the threat intelligence that Cisco has, they are fitting nicely in with the rest of our products.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good.

I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined.

I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.