What advice do you have for others considering Cisco Stealthwatch?

When it comes to the integration part, it all depends on the third-party tools for integration. For example, if you need user session details, you may need to integrate Cisco ISE integration with the tool. A complementary feature is available if you want to view the user, who the user is, and what the session time is on this in the network if you can capture off and on traffic. We need to integrate Cisco ISE to view the user's name and their details. I think Cisco wants to add features in Cisco Secure Network Analytics, so there is no need to integrate it with Cisco ISE because you cannot have it everywhere. I am working on Kaspersky, which has no dedicated NDR solution. So, I am just working on my first NDR solution from Cisco. Cisco is a smooth tool with no bugs. In the future, the tool may add an area like the user's name and session details. I rate the tool a seven and a half to eight out of ten.

I would rate Cisco Secure Network Analytics around eight out of 10. It provides a smooth experience with minimal bugs, yet there are some features, such as username and session details integration, that could be enhanced in future iterations.

I would strongly recommend this solution to others. It is user-friendly, with an excellent reporting system. Moreover, it offers seamless integration for mitigation, which is a very valuable feature. Overall, I would rate Cisco Secure Network Analytics as a ten out of ten.

I would recommend Cisco Secure Network Analytics to others. Overall, I would rate it as a nine out of ten.

I rate the solution as a nine. It is very comprehensive and promising in encrypted traffic analysis. It is very well supported and documented as well.

We chose Cisco Services versus competing services because we have a lot of Cisco devices and wanted a solution that will work with them. On a scale from one to ten, I'd rate Cisco Secure Network Analytics at eight.

The key integration we use with Cisco Secure Network Analytics is Splunk outside of the Cisco ecosystem. We have had an internal push to get further into the Cisco ecosystem because Stealthwatch is just detection and has no way of doing your security orchestration but other Cisco solutions do. The idea going forward is that we will be able to buy in a bit further and exploit that integration to do more machine time response. I think Cisco Secure Network Analytics is quite good when it comes to securing the infrastructure from end to end. This is particularly the case when you are deploying something like the Cisco SD-WAN solution where you've got your controlling data plane. Cisco has thought about this, going back to the encrypted traffic analysis, your Cisco controlling data plane won't stand up unless they're encrypted. Unless I want a man-in-the-middle, which causes other issues, I deploy Stealthwatch. Stealthwatch has that encrypted traffic analysis. I think it's really well thought through.

I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers. Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. I rate this solution an eight out of 10.

I would rate Cisco Stealthwatch a seven out of ten.

We are a Cisco premier partner. In general, I would rate the solution ten out of ten. We've had very good experiences so far.

We are using the previous version. Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option. It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space. My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider. Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs. I would rate this solution an eight out of ten.

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training.

My advice for anybody who is implementing this solution is to know the whole infrastructure before beginning. Also, before starting, you have to know about the licensing of the equipment. I would rate this solution an eight out of ten.

I would rate it an eight out of ten. Check the vendors and the options out there to see how they can meet your needs.

I would rate it an eight out of ten. It does change the way we troubleshoot and it is relatively easy to use once you learn it. I would recommend it to someone considering it.

I think that maybe we need more products for our students to try and to master. It's part of their learning. I would rate this solution as nine or ten out of ten.

One thing I've learned from this solution is that there's a lot of stuff happening within internal networks that we weren't aware of. I am really satisfied with this solution and I will rate it a ten out of ten.

My suggestion for people researching this type of solution is to look at Stealthwatch because there is a lot of analytics and a lot of tools. This is a solid solution, and a necessary tool to add insight into our network. I would rate this solution an eight out of ten.

I would give the solution an eight out of ten. Any detraction is just because of how complex it is. Of course, you can deploy a solution in many different ways. You have to decide what you want to cover. You have choices to monitor your egress or your ingress if you want to look for vulnerabilities and remediations within your in-house network or your DMZ network. Whichever thing you want to do, you have to understand the possibilities of the equipment's ability to meet your needs so that you can scale it when you are ready. We went and bought what we needed to for a small deployment — like a POC — and we just kind of wanted to keep it that way just to get something in. And then we'd scale it out later. After, you can go in and raise your thresholds. There's a lot of stuff that's in the box. To really finely tune it to work to your benefit, you have to kind of let it digest. I think initially we were a bit too aggressive and we started creating stuff. We started getting a lot of noise — a lot of emails coming in. When that happened it wasn't time to fool around anymore.

My advice to anybody researching this type of solution is to put Cisco Stealthwatch on the shortlist. It is not complicated to install. The feature set is good, as well as the pricing. The biggest lesson for us is that we needed improvement, compared to what we had before. We ran around naked for the previous four years that I have been with the company. We made a good decision. This is a good product, but there are still things that we would like to see. I would rate this solution a nine out of ten.

My advice for anybody who is implementing this solution is to have your requirements identified very clearly before you start. The analytics and threat detection capabilities are pretty extensive. We still need to use other tools and mechanisms to analyze data, but it does the job that we’re looking for. I would rate this solution an eight out of ten.

If I knew somebody who was researching this solution I would ask them: "How can you prove that when you set a policy, a person can't access this system?" This solution allows you to see any way that they've jumped through the network to try and get to that point. It is a pretty solid solution for this. The biggest lesson that I have learned is how poorly implemented campus networks are. They’re just poor. Many people do not understand the Encrypted Traffic Analysis, but it improves the ability to analyze the traffic so it is a valuable feature. This is a good solution, but Java is still in the SMC, the Firepower integration is not really there, and I would really appreciate people being told about the necessity of ISE beforehand. I would rate this solution a seven out of ten.

In summary, this product provides good visibility into the internal network, but it is difficult for some people to install and configure. I would rate this solution an eight out of ten.

Overall the product is good. I'd give it a seven out of ten. That's mostly because of the deployment and then the reporting and trying to get the stuff out of it in a way that we want it.

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats. The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need. All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one. My advice for anybody implementing this solution is to get training on it before their deployment. I would rate this solution a nine out of ten.

I will rate this solution a nine out of ten because I have very deep insights. But I don't see any room for improvement yet. I would advise others to do a proof of concept first.

The biggest lesson I learned is if it's not getting the flow data, it's not helping you. You have to just get your appointment inside the data. That's not really a tool, that's just if you don't send it, it can't see it. In terms of advice, be sure of what traffic you want to send it, or it's useless. Have that ready, so that you can get your data back immediately instead of trying to fight with it a long time. Just have your information ready to configure. I would rate Stealthwatch as a six out of ten. The interface is sluggish and not updated. The whole thing is a little sluggish when you're trying to do stuff, too. In my experience, it does what we expect it to do and from that standpoint, we don't really expect any more.

The biggest lesson I learned using Stealthwatch is that there's a lot of traffic going on on the network that shouldn't be going on. My advice is that this solution pays for itself pretty quickly when you have a problem that it finds pretty quickly. I would probably rate this as an eight or seven and a half out of ten. Costs upfront and complexity to integrate aren't the easiest.

My biggest lesson learned was how easy it is to use and to what extent it decreased our troubleshooting time. My advice is to buy Stealthwatch. I would probably rate this as a nine out of ten. It gives us most of what we need. The one thing that's missing is probably being able to view a little deeper into the devices themselves, not just the port but the actual health of the devices.

I would rate Stealthwatch as an eight or nine out of ten.

I will rate this solution a five or six out of ten because I do believe it is beneficial to our organization. I will recommend others to use endpoint management.

The solution has not increased our threat detection rate. It has reduced our incident response times by at least 50%. It also reduced the amount of time it takes to detect and remediate threats by around 50%. We use other tools for reducing false positives. The solution saves us time. There's a learning curve for it. Once you get the hang of it, you can get the information you need within a couple of minutes. As opposed to having to set up a sniper and figure out where to put everything, it greatly increases the amount of time that I can take to find what I need. It took me a couple of weeks to get the hang of it. I didn't use any training material, just learned on my own. I'm sure if I would have had some training, it would have been easier. Cisco Stealthwatch is one of the tools that I tell anyone that comes to the networking group to learn first. Because you can get a lot of relevant information fairly quickly. I give Cisco Stealthwatch an eight out of ten. Not a ten because of the UI. I'm just not a fan of it. Other than that, availability, uptime, and maintenance on it are all great. It does what I need it to do, but the UI is the deal breaker for me. The biggest lesson I've learned using the solution is the importance of NetFlow. We're using NetFlow 9. I'd like to move towards NetFlow 12. I appreciate the historical data that NetFlow can provide in my environment. I would recommend Stealthwatch because it's invaluable to troubleshooting.

Cisco Stealthwatch has increased the administrative time required just to get everything up and running smoothly. In six months, we should have it fine-tuned where it is hopefully saving us some time and manpower. I would rate Cisco Stealthwatch with a nine out of ten until we get our people fully tuned in to the application. We need more time and more network engineers to work on it. Use of the product should be based upon how each enterprise is set up if the solution is a good fit for what you need. Each network is different. It just depends on what the requirements are and what you need to do.

On a scale from 1 to 10, I would rate this product an 8. Whenever we've used it, it has been effective. It does come with a large price tag. The biggest lesson I learned from using this solution is that when the initial intent to deploy Stealthwatch was put in, it was the security team. They were working completely independent of the network, voice, and data center restructure teams. It wasn't a cohesive effort for everyone who might use the tool. Maybe it didn't get implemented in a way that would have maximized the benefit for the organization as a whole. Think holistically and view the big picture. Start small, but begin with the end in mind of having the final vision of where you want to get to.

You definitely need something to do flow level analysis. The biggest lesson I learned is that it's important to be able to see the individual traffic flows across the network, as opposed to the massive aggregate data. I would rate this solution as seven out of ten.

Everybody should have something in this case, because end users are always going to get you in a little bit of trouble. You have people that are executing social engineering attacks, and this will help prevent some of that from entering your network and your environment. The biggest lesson I've learned is that everybody is a target, and everybody will be a target, unfortunately. I would rate this solution as seven out of ten, largely because the usability, that day to day stuff is a little bit clunky, while other products out there are better. It's not like there is some unicorn vision in my brain, but rather I've seen other products that customers say, “I really wish it was as easy as this other product.”

I believe this solution has saved our organization a lot of time, money, and administrative work. It allows us to see what's going on as far as traffic flows in a single, very short period. That is the biggest value to us on the networking side. The security team uses the implications of that for auditing and clearing out, whether we have good or bad traffic going on. Operationally, using it as a tool, it can definitely be rated up there at a nine out of ten. It's very good, easy to use, I can get into it and find out what I want.

I will never rate a product ten, so my rating for this solution is eight out of ten. I highly recommend this solution.

Cisco Stealthwatch has not reduced our response times yet, it probably will though. The solution is perfect in traffic analytics. We've started that roll out. The new sites that we have will be doing that. Right now we have a lot of false positives, but that's just Cisco Stealthwatch still in its adjusting phase. The solution saves us time, money, and administrative work. It is a lot of administrative work on its own but it's going to help out other teams. In the long run, it's going to help save money. For the time to value, it's going to take a long time. It's probably a year or two-year process. On a scale of one to ten, I would rate Cisco Stealthwatch with a seven. It's a solid product. It's very useful, but it takes an incredibly long time. There's a lot of hard work. A lot more integration of automation tools like inventory systems would be helpful, i.e. where we can pull the data instead of having to look ourselves. Cisco Stealthwatch is part of our narrow transformation. We're looking at campus fabric, DNA centers, etc. It helps that we can see what's going on. Deploying the virtual machines made our storage have artifacts. But that was expected. Make sure you resource it correctly because it's going to use more than you expect.

I will rate this solution a seven and a half or eight out of ten. This is mostly due to our exposure and having customers relying upon us to only look at it, as well as the layout. My advice to others would be to go for it, play around with it and see what you like about it. If you don't like it, move on to something else, but at least try it first.

I would rate Stealthwatch as six out of ten. It is a good product but it needs a lot of work to complete the dot trace and other parts. It's not as competitive as others on the market.

My advice would be to really look at how many traffic rows you're generating on your network when you decide to do your deployment. Personally, it is too early to know if there is room for improvement, but I will rate this solution an eight out of ten.

Take the time to look into it. It could be worth the cost. I think Stealthwatch has a very good time to value. I think it's one of the best out there. If a company is looking for a solution, I would definitely recommend Stealthwatch. Originally, it was recommended to us by a Cisco partner. The biggest lesson I've learned is to trust your applications. Believe that it works, because it does work. I would rate this solution as a nine out of ten, just because I don't know everything I could know about it yet.

Implement it, because it will give a lot of insights together with ISE and so forth, so it's really good. I would rate this as an eight out of ten because there is still room for documentation and so forth, to be more streamlined. I don't know if there's a lesson I have learned. What we have really learned from this exercise is how our users are working.

My advice for anybody who is implementing this solution is to engage with an integrator or somebody who is familiar with it, or deploying it. This will make everything easier in terms of setting it up. This solution is doing everything that we want, and my only complaint is in regards to the quirks during installation. I would rate this solution an eight out of ten.

On a scale from one to ten, I would rate Cisco HyperFlex HX a six only because of the challenges we had with Citrix. You need a dedicated team to manage all of these products and their integration together.

My advice to anybody implementing this solution is to start with the DevOps, as soon as possible. I would rate this solution a seven out of ten.

You've got to know what you're looking for. Tuning is really key. Have a plan before you implement on what you're going to use it for. I would rate Stealthwatch as seven out of ten. It's easy to use.