Try our new research platform with insights from 80,000+ expert users

Cisco Secure Network Analytics vs NetWitness Platform comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Juniper Mist Premium Analytics
Sponsored
Average Rating
8.0
Reviews Sentiment
8.2
Number of Reviews
2
Ranking in other categories
Network Monitoring Software (58th)
Cisco Secure Network Analytics
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
59
Ranking in other categories
Network Monitoring Software (24th), Network Traffic Analysis (NTA) (3rd), Network Detection and Response (NDR) (5th), Cisco Security Portfolio (4th)
NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.5
Number of Reviews
36
Ranking in other categories
Log Management (25th), Security Information and Event Management (SIEM) (24th)
 

Mindshare comparison

Network Monitoring Software
Log Management
 

Featured Reviews

ALEXANDRE VIANNA - PeerSpot reviewer
Has a single dashboard, but is expensive
We use this solution to manage our mission environment The single dashboard is a valuable feature.  The technical support needs improvement. The initial setup is straightforward. The solution is expensive. I rate the pricing an eight out of ten.  Overall, I rate the solution a seven out of…
Rainier S. - PeerSpot reviewer
You are able to drill down into a center's utilization, then create reports based on it
In the last year or two, we have been working with our Cisco NAS engineers to improve our security posturing. It is more our being proactive rather than reactive. While Stealthwatch and Lancope have this ability to look inside and give you visibility (a great feature), follow-up is the rule. We would like filters that you can put into place to tap onto certain types of behaviors, alerts out, and/or hopefully a block. This is sort of what we are looking for. I might be speaking too early, because we are not down this path yet. We know the feature set is there, we just do not know yet how to achieve it. That is proactive rather than more reactive. For Lancope Stealthwatch, we would like to see it more on the ASA Firewall platform. While this might already be available, this is more a failing of Cisco to inform us if it is there. For example: * Are we on the right or wrong version of the code? * What does the code look like? * Are we are really looking at firewalls? Or is it more about the foundation and route switches that we are seeing? It is about visibility.
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The single dashboard is a valuable feature."
"We can manage the entire system across the network and troubleshoot the pain points."
"Most of the engineers I've worked with have been really good. Very knowledgeable and easy to work with."
"It works efficiently for encrypted traffic analysis."
"The artifacts available in the tool provide better information for analyzing network traffic. It enables a holistic view of network traffic and general packet analysis. It's easy to identify anomalies without the use of signatures. The way in which we implemented Stealthwatch Cloud has enabled my team to analyze traffic behind proxies."
"Using the Cognitive Analytics feature, we have complete visibility that we didn’t have before."
"Visibility. The ability to look East and West. To see what is passing through your circuits, where it is coming from, and how big it is."
"Overall, the implementation is very good."
"The most valuable part is that Stealthwatch is part of a portfolio of security devices from Cisco. Cisco literally can touch every single end point, every single ingress and egress point in the network. Nobody else has that."
"Using this solution has helped us to detect and identify viruses or malicious activity in the network early on."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable features are the threat prediction and network forensics."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The product's initial setup phase was not at all difficult."
 

Cons

"The technical support needs improvement."
"The Wi-Fi side needs improvement."
"I would like to see interoperability with other Cisco products because we have ThousandEyes, Cisco Prime, and others. The interaction among these is important to us."
"There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous."
"Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it."
"The visualization could be improved, the GUI is not the best."
"The initial setup was complex."
"One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints."
"Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks."
"It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"An area for improvement would be better automation and more inbuilt use cases."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"It is not so easy to customize this product."
 

Pricing and Cost Advice

"The solution is expensive."
"This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
"NetFlow is very expensive."
"Today, we are part of the big Cisco ELA, and it is a la carte. We can get orders for whatever we want. At the end of the day, we have to pay for it in one big expense, but that is fine. We are okay with that."
"On a yearly basis, licensing is somewhere around $30,000."
"We pay for support costs on a yearly basis."
"One of the things which bugs me about Lancope is the licensing. We understand how licensing works. Our problem is when we bought and purchased most of these Lancope devices, we did so with our sister company. Somewhere within the purchase and distribution, licensing got mixed up. That is all on Cisco, and it is their responsibility. They allotted some of our sister company's equipment to us, and some of our equipment to them. To date, they have never been able to fix it."
"Licensing is done by flows per second, not including outside>in traffic."
"There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive"
"It is cheap."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
report
Use our free recommendation engine to learn which Network Monitoring Software solutions are best for your needs.
816,406 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
9%
Government
8%
Computer Software Company
31%
Financial Services Firm
11%
Government
8%
Manufacturing Company
6%
Financial Services Firm
18%
Computer Software Company
17%
Government
8%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Juniper Mist Premium Analytics?
We can manage the entire system across the network and troubleshoot the pain points.
What do you like most about Cisco Stealthwatch?
The most valuable feature of Cisco Secure Network Analytics is the Threat Intelligence integration.
What is your experience regarding pricing and costs for Cisco Stealthwatch?
The tool is not cheaply priced. In cybersecurity, you want an extra layer of security in your organization. Some sect...
What needs improvement with Cisco Stealthwatch?
The expensive nature of the tool is an area of concern where improvements are required.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log ...
 

Also Known As

No data available
Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch
RSA Security Analytics
 

Learn More

Video not available
Video not available
 

Overview

 

Sample Customers

Information Not Available
Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF
Los Angeles World Airports, Reply
Find out what your peers are saying about Zabbix, Datadog, Auvik and others in Network Monitoring Software. Updated: November 2024.
816,406 professionals have used our research since 2012.