Cisco Secure Network Analytics vs. Kaspersky Anti Targeted Attack Platform

Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.

Incentivized

I would say it is less appropriate for an organization which is looking to implement a tool within a short period of time. However, we found support on the web forum as well as from support team and were given solutions always. It was somewhat a relief for the users. We were not in a position to provide further IT security resources. And Anti Targeted Attack Platform did not require such. The tool was able to identify and eliminate a critical threat right after the implementation.

• A silent tool.
• A great way to get visibility of all the conversations of the network.
• Easy to find out the internal and the external threats.
• Easy to track performance.
• Network monitoring is very easy to understand and control.
• Attacks can be easily detected along with encrypted traffic.
• Historic records of the attack and reports make it even better.

Incentivized

• Complex attacks are identified frequently.
• Advanced thread intelligence.
• Privacy of all data is very well maintained.

• Some of the jobs can be difficult to setup until you know how they were designed
• Unless coupled with other Cisco products, you may not get all of the information you would like to have
• If you have a network that already has many issues it may take a lot of time to see the value in the product; it would take time to weed everything which this product will detect for you to use it to find that needle in the haystack

Incentivized

• False positives were identified frequently.
• Implementing rules are a very complex process.
• UI crashes were spotted randomly.
• Deployment needs to be much smoother.

Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.

Incentivized

Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.

Incentivized

I would rate Cisco Secure Network Analytics’ availability as 8 out of 10. The platform is highly stable and reliable, with users reporting minimal downtime and consistent performance once the system is properly deployed and configured.

Incentivized

Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.

Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.

Incentivized

I wasn't involved in the decision-making when it happened. It was a couple of years ago, but I can't think of the vendor's name. They used to be here at Cisco Live. But it was another NetFlow vendor, but they were strictly NetFlow and all they did was just a net flow and the Secure Network Analytics has like some of the security anomaly detection stuff built into it. And that was kind of a deciding factor of wanting more of the security focus of the net flow. The net flow was a bonus, but the security stuff was what we were looking for.

Incentivized

• It is a little pricey - in my organization, with budget cuts, I eventually had to replace it with an open source product (NTOP). While it works well for visibility, it simply isn't the same. If you can afford it, don't bother looking anywhere else - just get it.
• Being able to detect, pivot out, and remmediate from one console was awesome.

Incentivized

• Implementation did not go as planned. Therefore, time consumption was increased.
• Since we moved out of the tool, we had to consider another which costed time.