Likelihood to Recommend Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
Read full review At least for me, it is a very important tool to diagnose bandwidth / Routing issues. Any global company should have ThousandEyes, it will avoid you many headaches. You'll need to invest in servers (on-prem and remote) in all locations in which you need, you can take advantage of all the monitoring tools.
Read full review Pros A silent tool. A great way to get visibility of all the conversations of the network. Easy to find out the internal and the external threats. Easy to track performance. Network monitoring is very easy to understand and control. Attacks can be easily detected along with encrypted traffic. Historic records of the attack and reports make it even better. Read full review Alerting on outages. ThousandEyes provides a few different options to receive alerts: you can have alerts emailed to a subset of (or all) users, there is a basic Slack integration, and if more flexibility is required (or your preferred method of being alerted isn't built-in) webhooks can be used to hit another API. Speeding up mean time to resolution (or mean time to innocence if you're a more siloed and blame-happy organization). Failure alerts can be configured to include the cause of the failure instead of just "resource x is down." For example, the alerts can come out and say that a website was down due to an HTTP 500, which will help prevent staff from spinning their wheels trying to diagnose the network from the client to the web server. Post mortems and root cause analyses. After an outage has been resolved, it is possible to go back for up to 30 days without losing any level of detail for the test in question, and to view information like the DNS response received, the network path taken by the traffic, and any added latency incurred by an individual link. It can also be used to view Internet routing changes surrounding the incident. Support. Every ticket or chat I have opened has been met by a friendly and helpful staff member that has been able to provide helpful insight into what is causing a particular issue, and what steps they will take on their side to resolve an issue or provide suggestions of steps to take on our side if necessary. Read full review Cons There are things that you can search for a particular type of traffic, but you cannot create an alert to alert on that type of traffic. An example of that is a particular encryption type. So like RC4 encryption is prohibited within DHS. I can search for traffic using it, but I can't create a rule alerting on that traffic type. Read full review Continue to innovate and support more and more services. In the world of IOT and point to point traffic being more and more prevalent creating a flexible product is fantastic. Build on the end user product, last mile and even more sharing. Read full review Likelihood to Renew Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
Read full review We will definitely renew and maybe even extend our usage of ThousandEyes. We have been using ThousandEyes now for a couple of years and it has shown us major benefits. With the new options it offers for SD-WAN for us it is a no brainer to renew our current licenses
Read full review Usability Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
Read full review I'm happy with the monitoring part, now if you want to know the benefits cost related and usability I'm not the person who can answer that.
Read full review Reliability and Availability We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Read full review Support Rating Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Read full review You have online support from the tool itself 24/7 and they are very responsive. We also have a specific account manager and specific engineer assigned to help us with very specific questions for our environment. The level of response to our requirements is always super high. We have requested specific features to be added and these have been developed and introduced very quick tot he product (within weeks). Their DevOps and agile approach seems to pay off.
Read full review Implementation Rating Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
Read full review Alternatives Considered After integrating and developing a lot of security features in MF NNM, we were not able to meet the requirements from the customer. After the alternative research, we got to know about this Cisco Secure Network Analytics tool and after implementing the same, we finally were able to win CSAT. MF NNM had a support-related issue as well. It took more than a month to solve for couple of issues frequently. Whenever there is a problem or need their support, reaching out to them has always been a challenge.
Read full review Simple Network Management Protocol cannot achieve what an agent-based monitoring solution can. Access layer testing gives you visibility into the user's endpoint. ThousandEyes is able to provide both telemetry and user experience in a bundled solution. The way that Cisco has built in the enterprise agents to their 9300 and 9500 switches has made exposure to the platform widespread.
Read full review Return on Investment It is a little pricey - in my organization, with budget cuts, I eventually had to replace it with an open source product (NTOP). While it works well for visibility, it simply isn't the same. If you can afford it, don't bother looking anywhere else - just get it. Being able to detect, pivot out, and remmediate from one console was awesome. Read full review Real time visibility about network health can prepare us for outages Less time wasted troubleshooting end user network issues when ThousandEyes can give clarity which saves time doing extra work Before doing business with a SaaS product we can use ThousandEyes to give historical datat on network uptime. Read full review ScreenShots Cisco ThousandEyes Screenshots