We are resellers, we provide solutions for our clients.
We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.
We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.
Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.
Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.
It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.
Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.
Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.
The interface is an area that needs a bit more work, it's always been clunky.
I have been working with Cisco Stealthwatch for approximately seven years.
I would rate Cisco Stealthwatch a seven out of ten.