Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.
N/A
Kaspersky Anti Targeted Attack Platform
Score 3.8 out of 10
N/A
The Kaspersky Anti Targeted Attack Platform uses machine learning approaches to detect targeted attacks across network telemetry through a combination of automated network traffic analysis, correlative behavioral analysis, and other approaches to detect multi-layer threats across an enterprise network.
Cisco Secure Network Analytics is in a class of its own and some of these products come close but are not in the same class. The other products I tested take a lot more of them to get the same results you would from the Enterprise class of Cisco products. I have been very happy …
I wasn't involved in the decision-making when it happened. It was a couple of years ago, but I can't think of the vendor's name. They used to be here at Cisco Live. But it was another NetFlow vendor, but they were strictly NetFlow and all they did was just a net flow and the …
After integrating and developing a lot of security features in MF NNM, we were not able to meet the requirements from the customer. After the alternative research, we got to know about this Cisco Secure Network Analytics tool and after implementing the same, we finally were …
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. …
In order for Armis to truly provide value, it will require spans and taps at every location. This is not feasible in most places since not all sides have the infrastructure to support this and now you are required to support an additional appliance at every site. Stealthwatch …
Wireshark
is a good option in a lower budget, but Wireshark also has lesser security as
compared to Cisco which compelled us to look for something else in [the] same price but with more better features.
In addition [to] Cisco SteathWatch, we highly evaluated Cisco AnyConnect and Cisco Advanced Malware Protection for Endpoints (Cisco APM4E). Often [these] solutions complement each other and improve network security level. Each of them separate[ly] [are] handy products for …
Cisco has advantages in terms of the following: 1. Encrypted Traffic Analytics provides visibility and control to traffic without the need to decrypt it.
2. Threat detection that collects proxy records and associates them with flow records, delivering the user application, and …
NTOP is the only thing out there, in my opinion, that provides similar type of visibility. But StealthWatch is the product all vendors should strive to emulate. It is easy to install; it is easy to configure; it works as advertised (and then some). I do recommend the …
Cisco Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your network in any case.
I would say it is less appropriate for an organization which is looking to implement a tool within a short period of time. However, we found support on the web forum as well as from support team and were given solutions always. It was somewhat a relief for the users. We were not in a position to provide further IT security resources. And Anti Targeted Attack Platform did not require such. The tool was able to identify and eliminate a critical threat right after the implementation.
It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. Ultimately, these platforms accomplish the visibility, but do little else in the overall IT/security ecosystem of product, making them "dead end" data flow products where data goes in but does not share elsewhere.
Once tuned and baselines established, it is far easier to identify issues on a network
Management is able to look at the dashboard and fairly quickly get an update on the status of how the network is performing and what threats may be out there
Reports can be scheduled to send on a regular basis to all involved with management of the infrastructure and the security team