Try our new research platform with insights from 80,000+ expert users
SeniorNe4b79 - PeerSpot reviewer
Senior Network Engineer at a comms service provider
Real User
Has reduced our incident response time and false positives
Pros and Cons
  • "The most valuable feature about this solution is that it gives me insight of my network."
  • "It hasn't really improved our direct detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution."

What is our primary use case?

Our primary use case for this solution is to work on it so that we can learn enough about it to sell it to our customers.

How has it helped my organization?

This solution has improved our organization because it allowed us to find a lot of stuff we could look deeper into, like strange traffic patterns, and clean it up. It hasn't really improved our threat detection rate but it has definitely reduced our incident response time as we wouldn't have been able to detect threats or immediate risks without this solution. It has also reduced false positives. 

What is most valuable?

The most valuable feature about this solution is that it gives me insight into my network. It has great analytics and threat protection capabilities to detect faults and find viruses and trions. I can definitely say that this solution saves us time, money and administrative work.

When it comes to time to value, it gets new insights, so it's worth the time and it allows me to know more of what's going on in the network.

What do I think about the stability of the solution?

We are still running it but so far it has been really stable.

Buyer's Guide
Cisco Secure Network Analytics
March 2025
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

What do I think about the scalability of the solution?

We are a very small company, so scalability isn't a problem for us. But I believe it is scalable.

How was the initial setup?

Although I wasn't involved in the initial setup myself, it looked straightforward. 

What about the implementation team?

We installed the solution ourselves because we are Cisco partners.

Which other solutions did I evaluate?

The issue of network security is growing daily and we are dealing with all the Cisco products. We have the Duo, the Firepower Soft and we plan to extend. 

What other advice do I have?

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
NetworkMed21 - PeerSpot reviewer
Network Manager at a healthcare company with 1,001-5,000 employees
Real User
Enables us to proactively troubleshoot and determine what an issue is
Pros and Cons
  • "It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it."
  • "I would like to see better filters."

What is our primary use case?

Our primary use case of this solution is for troubleshooting network issues.

How has it helped my organization?

This solution has improved my organization because when I have users who are having issues with patching slowness it gives me the ability to be able to proactively troubleshoot and determine what the issue is.

What is most valuable?

The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use. 

What needs improvement?

I would like to see better filters. You should be able to filter the data out to more rapidly find what you're looking for.

What do I think about the stability of the solution?

It's very stable. 

What do I think about the scalability of the solution?

Stealthwatch is very scalable.

How are customer service and technical support?

Their technical support is very good. The turnaround has been great. 

We used them when we had a bug and the data stream was showing us data reports that weren't accurate. The support helped us with that. 

Which solution did I use previously and why did I switch?

We switched and chose this solution because of the reseller's recommendation. 

How was the initial setup?

The initial setup was straightforward. It was easy, the instructions were there. It was pretty straightforward to operate. Your learning curve could be a little bit difficult, but it's up and coming.

What about the implementation team?

We used a reseller for the deployment called SEBok Limited. 

What was our ROI?

I have not seen ROI yet. 

Which other solutions did I evaluate?

Stealthwatch was the only choice. 

What other advice do I have?

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Network Analytics
March 2025
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
ServiceE8f27 - PeerSpot reviewer
Service Engineer at a tech company with 10,001+ employees
Real User
Our protection rate has doubled and we can monitor our bandwidth or any other issues on our networks
Pros and Cons
  • "Using this solution has helped us to detect and identify viruses or malicious activity in the network early on."
  • "We haven't seen ROI."

What is our primary use case?

We mainly use Cisco Stealthwatch in our organization for bandwidth monitoring and other issues we experience on our networks. When someone reports an issue, this solution helps us to determine what's going on in the network by checking the cell blocks and see if there are any issues.

How has it helped my organization?

Using this solution has helped us to detect and identify viruses or malicious activity in the network early on. It has definitely given us more insight because it's a lot easier to check Stealthwatch's logs than to log into a router and do a bunch of show commands. I would say that it has at least doubled our protection rate. 

Since we started using this solution, we've been saving time, money and administration work. It is now much easier to log into Stealthwatch and see what I want to see rather than logging into a router and checking everything out. The administration is also much less because everything's right there for me.

What do I think about the stability of the solution?

I haven't experienced any problems or downtime with Cisco Stealthwatch, so the stability is really good.

What do I think about the scalability of the solution?

The scalability of this solution is good. We don't have a very large network that we use it on. I support only around 200 routers or so. But for what we use it for, it is scalable.

How are customer service and technical support?

I never had to use technical support before.

How was the initial setup?

The initial setup was straightforward. We simply followed the instructions on how to use it, and so far everything is working great. 

What was our ROI?

We haven't seen ROI.

What other advice do I have?

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user735195 - PeerSpot reviewer
Senior Information Security Engineer at a transportation company with 10,001+ employees
Real User
Provides easily identifiable anomalies that you can't see with signature detections
Pros and Cons
  • "Provides easily identifiable anomalies that you can't see with signature detections."
  • "The beginning of any security investigation starts with net flow data."
  • "One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints."

What is our primary use case?

  • ID managers
  • Flow replicators
  • Flow sensors
  • Thick client

How has it helped my organization?

Provides easily identifiable anomalies that you can't see with signature detections. 

What is most valuable?

NetFlow: The beginning of any security investigation starts with NetFlow data. 

What needs improvement?

One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

I have known these guys for a long time. They are completely familiar with their product.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup is very straightforward. 

What about the implementation team?

The vendor helped in every step of the installation. 

What's my experience with pricing, setup cost, and licensing?

Licensing is done by flows per second, not including outside (in traffic). 

Which other solutions did I evaluate?

I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use. 

What other advice do I have?

There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.

Also, it is great for a network segmentation project.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1265118 - PeerSpot reviewer
Network and Security with 10,001+ employees
Real User
Reliable, easy to expand, and offers good integration capabilities
Pros and Cons
  • "If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
  • "It's not great as a standalone solution."

What is our primary use case?

We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

What is most valuable?

I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

The solution is stable.

It's scalable. 

What needs improvement?

I can't speak to any missing features. It works well for us overall. 

It's not great as a standalone solution.

For how long have I used the solution?

I've been using the solution for approximately seven years. 

What do I think about the stability of the solution?

The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

It is a product that can scale as needed. 

We have three people using it in our company right now. 

How are customer service and support?

We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

Typically, it takes one week to deploy the solution and get it up and running. 

What's my experience with pricing, setup cost, and licensing?

The solution is moderately priced. It's not overly expensive or too cheap. 

What other advice do I have?

We're a Cisco Gold partner. 

I'd rate the solution eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer1287867 - PeerSpot reviewer
PMO Department at a comms service provider with 1,001-5,000 employees
Real User
Good visibility, good integration with the Cisco switching platform, and helpful support
Pros and Cons
  • "It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform."
  • "Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks."

What is our primary use case?

We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

What is most valuable?

It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

What needs improvement?

Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

How are customer service and support?

Cisco tech support is very helpful. They have different tech support management options.

How was the initial setup?

Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

What's my experience with pricing, setup cost, and licensing?

It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

What other advice do I have?

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
NetworkSddc6 - PeerSpot reviewer
Network Section Chief at a government with 1,001-5,000 employees
Real User
Increased our incident response rates on the network with less time required to detect threats
Pros and Cons
  • "Cisco Stealthwatch has reduced the amount of time to detect an immediate threat."
  • "There's a lot of traffic on our network that we don't see sometimes."

What is our primary use case?

We use Cisco Stealthwatch to do NetFlow across our enterprise network. Cisco Stealthwatch helps our cybersecurity guys detect threats across the network.

How has it helped my organization?

We're still deploying it across our enterprise. A lot of our data analytics are still in the making.

What is most valuable?

The solution has probably increased our incident response rate a little bit. We're seeing extra traffic on the network as opposed to before.

Cisco Stealthwatch has reduced the amount of time to detect an immediate threat.

What needs improvement?

We're still gathering numbers about our increased threat detection rate. Anything we can improve with security patches to the network greatly improves the product.

There's a lot of traffic on our network that we don't see sometimes.

What do I think about the stability of the solution?

The product is stable. We have not had any downtime with it.

What do I think about the scalability of the solution?

Scalability is where we're still finetuning the product. Initially, when we implemented Stealthwatch, we did a serious overkill on our flows per second. Now we're trying to correct that and then spread those appliances. 

We would like to license the product across all of the different hardware we have.

How are customer service and technical support?

Our tech support goes through LAN Help. I was just trying to get to the right person to understand the way we get things set up. It does take time trying to explain what we're doing or trying to do. 

Because we purchase some products through second or third parties, we have difficulty making sure they know that we're the end user.

Which solution did I use previously and why did I switch?

We're playing with several different products across my teams. All of the teams are rather small. As they get time, they work on other things. 

We've got Cisco guys onsite and we talk with those guys all the time.

How was the initial setup?

Stealthwatch is just set up on a single network that we have. We're pulling primary data from anything that pops up out of the norm. We'll forward that information on to our cybersecurity guys and they'll track it down.

The initial setup is straightforward, but we're starting to fine-tune. We're getting more detailed information on the practical use of the product.

What was our ROI?

We try to find ROI but sometimes, but it's just not there. It's all about the security posture.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly license.

Which other solutions did I evaluate?

Our enterprise is primarily dedicated to Cisco solutions. Stealthwatch is a Cisco product. We went with that originally.

What other advice do I have?

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower.

I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it.

Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1489326 - PeerSpot reviewer
National Offering Lead - Security Practice at a computer software company with 501-1,000 employees
MSP
Good detection capabilities but integration with Cisco ISE would improve it considerably
Pros and Cons
  • "We find that Stealthwatch can detect the unseen."
  • "It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."

What is our primary use case?

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

What is most valuable?

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

What needs improvement?

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

For how long have I used the solution?

I have been working with Cisco Stealthwatch for approximately seven years.

What other advice do I have?

I would rate Cisco Stealthwatch a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.