The primary use case for Cisco Stealthwatch is for us to sell it.
Network Engineer at a tech services company
Offers better network visibility and has reduced incident response time
Pros and Cons
- "I believe this solution has reduced our incident response time."
- "I would like to see it better organized when I'm looking at it."
What is our primary use case?
How has it helped my organization?
It has improved my organization's network visibility from zero because before we had installed this solution, we weren't doing anything to protect us from threats. I believe this solution has reduced our incident response time.
What is most valuable?
The features I find most valuable about Cisco Stealthwatch its integration with the pxGrid and all of our other devices that are tied in with pxGrid, so they can communicate with each other and be able to dynamically change, quarantine a suspicious device, or do whatever necessary in case of a malware attack or similar problem.
What needs improvement?
Considering all the data on the network, I believe that the analytics of Cisco Stealthwatch are pretty decent. I would like to see it better organized when I'm looking at it. If I hand it to another NOC engineer, they may not know what they're looking at, so I would prefer it to be more clean and structured, making it easier to use.
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
We are currently also using AMP and a few other Cisco products to assist us with threat protection and it's only been running for a couple of months.
What do I think about the stability of the solution?
This solution is very stable.
What do I think about the scalability of the solution?
I believe there isn't much to scale for it and I think it all depends on how many nodes you're running in the environment. I will say the scalability is fairly decent.
How are customer service and support?
I haven't had to use technical support yet. I've only read through the pages of documentation.
How was the initial setup?
The initial setup was a little complex since I haven't set it up before.
What was our ROI?
It is hard to say yet, but at least we can tell customers that we've detected a threat, and it can be stopped in time.
What's my experience with pricing, setup cost, and licensing?
For our organization, it is cheap, but for other customers, it may be fairly expensive.
As we are resellers of Cisco Stealthwatch, we hope to save time, money, and administrative costs once we start selling more of these solutions.
Which other solutions did I evaluate?
I am responsible for the security of our organization's devices, so I did look at other options. Since this solution ties into other products, I wanted to use Duo Security and tie that together with StealthWatch.
What other advice do I have?
I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout.
My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a tech services company with 501-1,000 employees
Plenty of add-ons, helpful support, and beneficial network visibility
Pros and Cons
- "Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box."
- "Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product."
What is our primary use case?
We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.
How has it helped my organization?
Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.
We have a better understanding of the network which allows us to tweak our security policies from the information we receive.
What is most valuable?
Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.
The solution has a lot of add-on features available.
What needs improvement?
Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.
For how long have I used the solution?
I have used Cisco Stealthwatch within the last 12 months.
What do I think about the stability of the solution?
The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.
What do I think about the scalability of the solution?
The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.
Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.
How are customer service and support?
We haven't had any issues with somebody from Cisco assisting us with any technical needs. We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.
Which solution did I use previously and why did I switch?
We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.
How was the initial setup?
The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.
What about the implementation team?
We did the implementation of the solution ourselves. We did not need any assistance from any integrator.
One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person.
What's my experience with pricing, setup cost, and licensing?
The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.
We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.
There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.
What other advice do I have?
I would recommend Cisco Stealthwatch to others.
The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.
I rate Cisco Stealthwatch an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Cisco Secure Network Analytics
November 2024
Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Network Administrator at a retailer with 1,001-5,000 employees
Enables us to run our call center 24/7 and has good tech support engineers
Pros and Cons
- "Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with."
- "We've run into some issues with the configuration."
What is our primary use case?
Our primary use case is for it to run our call center 24/7 365 days a year.
What is most valuable?
There's a lot of stuff on the new version we haven't had the chance to work with yet.
What needs improvement?
We're trying to upgrade to the newest release. We're running a version that's three versions behind.
What do I think about the stability of the solution?
So far we've had a good experience with stability. We've run into some issues with the configuration.
What do I think about the scalability of the solution?
It's not scalable due to our own implementation. Everything that I read though, indicates that it can be scalable.
How are customer service and technical support?
Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with.
Which solution did I use previously and why did I switch?
We've used Cisco for around ten years. Prior to that, we were using Nortel. We had a relationship with a Cisco account manager prior to the collaboration products.
What about the implementation team?
We had engineers that set it up. There were some problems that Cisco support came to fix.
What other advice do I have?
I would rate it an eight out of ten.
Check the vendors and the options out there to see how they can meet your needs.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Analyst at a non-profit with 1,001-5,000 employees
Enables me to detect devices talking to suspect IPs.
Pros and Cons
- "I value the feature which enables me to detect devices talking to suspect IPs."
- "We need to be able to filter out internal IPs as non-threats."
What is most valuable?
I value the feature which enables me to detect devices talking to suspect IPs.
How has it helped my organization?
We can now see what is going on in our network.
What needs improvement?
We need to be able to filter out internal IPs as non-threats.
For how long have I used the solution?
We have been using the product since 2008.
What do I think about the stability of the solution?
We did not encounter any issues with stability.
What do I think about the scalability of the solution?
We did not encounter any issues with scalability.
How are customer service and technical support?
The technical support is good.
Which solution did I use previously and why did I switch?
We did not use any other solution previously.
How was the initial setup?
The initial setup was relatively easy, though different devices need different configurations for the flow exports.
What's my experience with pricing, setup cost, and licensing?
It is worth the cost.
Which other solutions did I evaluate?
We evaluated Arbor.
What other advice do I have?
Get it in and see what you can see!
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Technical Consultant
Provides complete network visibility and has made troubleshooting easy
Pros and Cons
- "Most valuable features are the network maps and server and network response time."
- "The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure."
What is most valuable?
SMC and FC, though they are components, not features.
Most valuable features are the network maps and server and network response time. Maps is a unique feature which provides logical grouping of different segments of the network with complete visibility and alerting based on a total or protocol base as per defined threshold. So, one can check how many connections to the server and/or on the protocol, and who is consuming the most bandwidth. This is done, while the server and network response time provide quick identification of root cause of slow response from the server.
How has it helped my organization?
Provided complete network visibility and made troubleshooting easy.
For how long have I used the solution?
I have used Cisco Stealthwatch for four to five years: versions 5.0 to 6.22.
What do I think about the stability of the solution?
Yes. The version with the Dell server had iDRAC problems. Often, it reported iDRAC failure.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Very good.
Which solution did I use previously and why did I switch?
No, we did not use a different solution.
How was the initial setup?
Straightforward.
What's my experience with pricing, setup cost, and licensing?
Pricing is much higher compared to other solutions.
Which other solutions did I evaluate?
Yes, SolarWinds.
What other advice do I have?
It is a good product. I don't see any matching product with level of detailed information.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Network Engineer at a tech services company with 10,001+ employees
We have seen improved network visibility of our organization but the setup is complex
Pros and Cons
- "Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization."
- "The configuration of the solution was quite complex."
What is our primary use case?
Our primary use case for Cisco Stealthwatch is to ensure net flow.
How has it helped my organization?
Cisco Stealthwatch provides the solutions analytics and threat detection capabilities that I am looking for. It has also improved the network visibility of our organization.
What is most valuable?
The most valuable feature of this solution is that it give us insight into what's happening in our network.
What needs improvement?
I don't really think we really save time while using this solution.
What do I think about the stability of the solution?
Cisco Stealthwatch is quite stable.
What do I think about the scalability of the solution?
It all depends on the platform you are using, but I think it is pretty scalable.
How was the initial setup?
The configuration of the solution was quite complex so I won't say that it is straightforward to set everything up.
What about the implementation team?
We used a vendor, Cisco, for implementation.
What was our ROI?
I believe ROI will take around a year.
Which other solutions did I evaluate?
We also look at Red Hat.
What other advice do I have?
I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PIC for Cyber Security at a university with 51-200 employees
Scalable and good for training students
Pros and Cons
- "There are already many functionalities, so I don't think there is anything to improve."
What is most valuable?
The Cisco IOS is very important because that is what we have to teach our students.
What needs improvement?
There are already many functionalities, so I don't think there is anything to improve. Its the best one on the market I have seen.
For how long have I used the solution?
We've been using Cisco equipemnt for four or five years.
What do I think about the scalability of the solution?
It's scalable, there are many models that we can use for a small network. Cisco offers the scalability that we need. We have about eighty students, and all the students have to do some training on it. We have plans to increase the usage of Cisco.
How was the initial setup?
I think in order to master the network security issues it's complex. The deployment took a week or so.
What other advice do I have?
I think that maybe we need more products for our students to try and to master. It's part of their learning.
I would rate this solution as nine or ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Consultant at a tech services company with 11-50 employees
Good anomaly and malware detection, and highly-rated technical support
Pros and Cons
- "The most valuable feature is anomaly detection, where it finds things that are not allowed internally."
- "The usability of this solution needs to be improved."
What is our primary use case?
We are a system integrator and I have implemented this solution for one of our customers.
This solution is normally used for anomaly detection and malware detection.
It is deployed on-premises.
How has it helped my organization?
The organization now have a better overview how their traffic is flowing.
What is most valuable?
The most valuable feature is anomaly detection, where it finds things that are not allowed internally.
What needs improvement?
The usability of this solution needs to be improved.
The initial setup of this solution can be simplified.
For how long have I used the solution?
We have been using this solution for three months.
What do I think about the stability of the solution?
The stability of this solution is good.
What do I think about the scalability of the solution?
We have three people who are using this solution.
How are customer service and technical support?
I would rate technical support for this solution highly.
Which solution did I use previously and why did I switch?
We used Darktrace before.
How was the initial setup?
The initial setup of this solution is complex.
What other advice do I have?
My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment.
I would rate this solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Network Monitoring Software Network Traffic Analysis (NTA) Network Detection and Response (NDR) Cisco Security PortfolioPopular Comparisons
Fortinet FortiEDR
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Fortinet FortiClient
Trend Micro Deep Security
SolarWinds NPM
Palo Alto Networks WildFire
PRTG Network Monitor
Fortinet FortiWeb
Buyer's Guide
Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- When evaluating Network Performance Monitoring, what aspect do you think is the most important to look for?
- What is the best network monitoring software for large enterprises?
- What Questions Should I Ask Before Buying a Network Monitoring Tool?
- UIM OnPrem - SaaS
- Anyone switching from SolarWinds NPM? What is a good alternative and why?
- What is the best tool for SQL monitoring in a large enterprise?
- What tool do you recommend using for VoIP monitoring for a mid-sized enterprise?
- Should we choose Nagios or PRTG?
- Which is the best network monitoring tool: Zabbix or Solarwinds? Pros and Cons?