Cisco Secure Network Analytics Reviews

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

I've been using the solution for approximately seven years. 

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

It is a product that can scale as needed. 

We have three people using it in our company right now. 

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

Positive

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

The solution is moderately priced. It's not overly expensive or too cheap. 

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

Our primary use case for this solution is to monitor east, west, north, and south traffic so that we can see what's going on in the network internally. You don't get that granularity with anything else. We have an ASA that gets north and south traffic. So we're just really interested in this one by itself.

Cisco Stealthwatch has improved our organization's analytics and threat protection capabilities by catching threats early on. We are still at the baselining stage, but I can also say that our organization improved dramatically when we found out that a host was constantly talking to an FTP server. It turned out to be an employee that was going to be terminated and he was trying to pull data from the FTP server constantly. He pulled three or four GBs and we caught it with this tool. It saved us a net fortune.

The solution has also increased our threat detection rate dramatically and that gives us time to remediate those threats.

The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all.

One thing I would like to see improved is if it could automatically be tied through ISE, instead of you having to manually get notifications and disable it yourself. I am the only network admin at my facility, and when I'm on vacation for a week and there is an attack, I'm the only individual that gets alerts. Essentially there's a push button that you click to implement the policy through ISE to block that host or some other network essentially segregated from your internal network. I would like to see an automatic block function.
I haven't noticed any downfall as far as CPU usage or any congestion, but it is still too early to say. Once I get a better understanding of it and get past the baselining, I can probably answer better and in more depth, because I don't know everything about it. I just understand the fundamental idea of it and what I can do from the dashboard. 

It is extremely stable. I haven't had a crash since installing it.

It is very scalable. You only have to purchase more licensing. As far as I understand, it can become as big as you want it to become and how many net flows you can afford.

The technical support is awesome. Anytime I call Cisco Tech, they call me back within thirty minutes or an hour with an answer to solve the problem. The guides that they have within the product itself are pretty self-explanatory. As long as you're willing to sit down and read it, you don't even need to call tech.

My superior asked what this host was doing within our network, what data he was pulling and why he had it on this PC. We couldn't answer to say that he wasn't pulling data from that server or what data he was in fact pulling. So we had to find a solution to answer those questions. We are a Cisco shop so we kind of just went for this solution.

The initial setup was straightforward. They explained the steps that they were going to do and they had it deployed within about two hours. It didn't take long and now we're just doing the baseline, which takes about three months.

Yes, we used Network Center and they were good.

I can foresee that this solution will save us an immense lot of work in the future. Instead of having 20 people looking at logs and sifting through logs, you could have one individual simply sifting through this. It will be a lot easier and less time-consuming.
So the time to value of this solution is great. For every person you're going to pay about $70 or $80,000 a year, you would now only have to pay one individual instead of 20.

This solution is a little expensive. Open-source is obviously a key to victory in some people's eyes but with open-source, you can't pay anybody. So it could be a little cheaper, but it has great functionality. 

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten. 

We use Stealthwatch to identify any risk or vulnerabilities in the environment.

Stealthwatch increased our threat detection rate a little bit, as well as our incident response time. It also reduced the amount of time it takes us to detect and remediate threats.

The cognitive analytics really helps us analyze the traffic.

The most valuable feature is its alerts and dashboard.

The solution's analytics and threat detection capabilities are also pretty reasonable.

It's too complicated to install when starting out.

Also, we have actually seen an increase in false positives with Stealthwatch. A few of the false positives were too early to detect.

Availability is another issue. You need a couple of days to get it to work.

It was pretty stable. The only thing is the whole infrastructure is pretty complex with a lot of sensors and the like. With that level of complexity in mind, I would say it is very stable.

Their technical support is very good.

The initial setup was complex. Sensor and controller installation was especially complex.

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

I never had to use technical support before.

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

We haven't seen ROI.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

• ID managers
• Flow replicators
• Flow sensors
• Thick client

Provides easily identifiable anomalies that you can't see with signature detections. 

NetFlow: The beginning of any security investigation starts with NetFlow data. 

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

No issues.

No issues.

I have known these guys for a long time. They are completely familiar with their product.

We did not have a previous solution.

The initial setup is very straightforward. 

The vendor helped in every step of the installation. 

Licensing is done by flows per second, not including outside (in traffic). 

I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use. 

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

The product is stable. We have not had any downtime with it.

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

We pay a yearly license.

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

I have been working with Cisco Stealthwatch for approximately seven years.

I would rate Cisco Stealthwatch a seven out of ten.

Our main reason for using Stealthwatch is it gives us visibility.

Stability is the most valuable feature we have seen in this solution.

Stealthwatch needs improvement when it comes to speed.

The solution's stability is good.

I think this solution is okay with scale.

I think their technical support is great.

The initial setup was straightforward.

Time to value is very good for Stealthwatch.

I would rate Stealthwatch as an eight or nine out of ten.