To be honest for our use we utilize both PRTG as well as ThousandEyes for different and unique purposes. ThousandEyes could do everything however it does become a bit cost-prohibitive. We were able to gain access to ThousandEyes from our Cisco licensing on other products and …
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
Unified communications real-time analysis is one of the biggest points of the solution. You can see your traffic path and find issues before, during and after the calls. This is very useful for analyzing VoIP and video conferencing problems like in WebEx, Microsoft Teams and Zoom. It helps to see network issues like packet loss, jitter, or latency that can make call quality bad. Another good use case is checking cloud apps and SaaS services. Many companies use external platforms like Microsoft Azure, 365, Salesforce, or AWS. It lets Networking teams see the network path from users to these services so they can find if problems come from the company network, the internet provider, or the cloud service. Also, it is good for companies using mix of on-prem and cloud. It shows how traffic moves between different parts of the network, so IT teams can see where a problem happens and fix it faster. There are different types of agents that we can use in Cisco ThousandEyes. Enterprise agents can be use for a relative big amount of synthetic test. Endpoint agents are install in user PC or MAC laptops to check network quality from the client side. WebEx devices also have built-in agents that help to see performance problems in meetings, making it easy to find what is causing a bad call. Maybe it's not the best solution if what you want to measure is not HTTPs based or hasn't an API. Also if your scenario is Zoom Rooms, you won't have the same level of integration that it has for WebEx and Microsoft solutions.
Cisco ThousandEyes does the holistic discovery of the end components, the network components, and it's really fast at identifying where the issue is, which is not normally identified by the classic monitoring tools. So it's quite a fast identifying the issue of the networks and Cisco ThousandEyes also provides a very good real user end user monitoring experience for the end customers. So those are the two real life and also very good examples for Cisco ThousandEyes.
There are things that you can search for a particular type of traffic, but you cannot create an alert to alert on that type of traffic. An example of that is a particular encryption type. So like RC4 encryption is prohibited within DHS. I can search for traffic using it, but I can't create a rule alerting on that traffic type.
The elephant in the room is going to be cost. ThousandEyes is a great tool, but you will pay for it. There are other services that do a good job at providing a smaller subset of features compared to ThousandEyes. If all you need is that particular subset of features, ThousandEyes may not make fiscal sense for your organization.
As a subset of the cost issue, within the last 18 months or so the pricing on enterprise (local) agents has been modified in a way that seems not to benefit the customer. Previously enterprise agents had a flat monthly cost associated with them with unlimited test usage (the only limit on test usage was based on concurrent tests running at any given point in time). This meant that instead of using a cloud agent and paying per-test, you had the option of spinning up an cheap Digital Ocean droplet and creating your own cloud agent for external testing without using Cloud Agents. When the change was made they eliminated the flat per-agent cost and instead treated the pricing the same as that of the cloud agents but cutting the number of "cloud units" per test in half for tests run from enterprise agents. For organizations with under-utilized enterprise agents, this may be helpful financially, but for organizations that push their local agents to the limit, the cost skyrocketed.
BGP monitor peering sessions have been less than reliable. The data doesn't seem to be an issue, but the sessions seem to bounce or fail altogether on a fairly consistent basis. The routers or servers with which your routers peer sit behind some firewalls that have caused issues in the past.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
We will definitely renew and maybe even extend our usage of ThousandEyes. We have been using ThousandEyes now for a couple of years and it has shown us major benefits. With the new options it offers for SD-WAN for us it is a no brainer to renew our current licenses
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
There is definitely a learning curve to ThousandEyes, but once you understand how the client deployment works and how to set up monitoring, things go pretty smoothly. I think the initial setting up of clients on endpoints can be a little tricky though.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
You have online support from the tool itself 24/7 and they are very responsive. We also have a specific account manager and specific engineer assigned to help us with very specific questions for our environment. The level of response to our requirements is always super high. We have requested specific features to be added and these have been developed and introduced very quick tot he product (within weeks). Their DevOps and agile approach seems to pay off.
Our Cisco reps actually had someone teach us a few things about the functionality of ThousandEyes, and it helped a lot. The training was good and we had follow-up assistance as well when we had questions about the monitoring and reporting functions. Overall, we were satisfied with the training and support.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
Our implementation was pretty straightforward, with some issues loading clients on endpoints. We didn't have any notable issues, and I don't really have any additional insights.
After integrating and developing a lot of security features in MF NNM, we were not able to meet the requirements from the customer. After the alternative research, we got to know about this Cisco Secure Network Analytics tool and after implementing the same, we finally were able to win CSAT. MF NNM had a support-related issue as well. It took more than a month to solve for couple of issues frequently. Whenever there is a problem or need their support, reaching out to them has always been a challenge.
Kentik Synthetics is a newer competitor of Cisco ThousandEyes. Both do very similar things but Cisco ThousandEyes currently is the more mature platform. However, the pricing of Synthetics is very attractive. It does not have the robustness of Cisco ThousandEyes or the off-net test leveraging (# of outside companies partnered with them) but has made many improvements in the past 2 years.
I think this product would be infinitely scalable since it's all cloud hosted and can support thousands of endpoints if needed. We are only using it for a limited number of endpoints, so we never really considered scalability.
It is a little pricey - in my organization, with budget cuts, I eventually had to replace it with an open source product (NTOP). While it works well for visibility, it simply isn't the same. If you can afford it, don't bother looking anywhere else - just get it.
Being able to detect, pivot out, and remmediate from one console was awesome.
Building the trust from our Merchants is core when you come to renewal time. Trust builds partnerships, builds stickiness and allows for easier upsells or contract renewals.
Having a champion in IT that touts your service is important to the business, it removes a large portion of friction in the business to get services implemented and working to its peak.
Flexibility in pricing can be better. How they measure the number of agents being used can get thorny. When you build and tear down virtual servers a lot it can appear there are more agents running than there are. Once we understood how they measure we were able to better utilize the product efficiently.
