Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.
N/A
New Relic
Score 7.9 out of 10
N/A
New Relic is a SaaS-based web and mobile application performance management provider for the cloud and the datacenter. They provide code-level diagnostics for dedicated infrastructures, the cloud, or hybrid environments and real time monitoring.
$0
No credit card required; 100 GB free ingest per month, 1 free full user + unlimited basic users, 8 days retention, 100 Synthetics Checks
Pricing
Cisco Secure Network Analytics
New Relic
Editions & Modules
No answers on this topic
Free (Forever)
$0
No credit card required; 100 GB free ingest per month, 1 free full user + unlimited basic users, 8 days retention, 100 Synthetics Checks
Telemetry Data Platform
$0.25
per month per extra GB data ingest (after first free 100GB per month)
Incident Intelligence
$0.50
per month per event (after first 1000 free events per month)
Standard
$99
per month per full user (after first free full user - unlimited free basic users)
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
New Relic its an excellent tool for monitoring services used on the SAAS universe, like web servers, relational and nosql dbms, reverse proxies, text databases, etc. Its also a powerful tool to monitor resource usage on said servers. However, its not well fitted to monitor custom services - if you need to generate alerts based on logs or database information, for example
Some of the jobs can be difficult to setup until you know how they were designed
Unless coupled with other Cisco products, you may not get all of the information you would like to have
If you have a network that already has many issues it may take a lot of time to see the value in the product; it would take time to weed everything which this product will detect for you to use it to find that needle in the haystack
And while powerful, building tailored dashboards with organ-specific metrics (such as energy load variance across regions) can be difficult to navigate. The UI isn't as drag-and-drop easy, and query-based widgets typically involve some trial and error for non-devs.
Alerts may be hypersensitive or over general. I We often get a spam of non-critical alerts while doing load testing, all overhauling to me alone and making it difficult to identify actual issues especially in energy systems where spikes are very common.
With our expanding fleet of Iot devices, the per-host pricing model is becoming expensive, quickly. More detailed billing based on microservices, or that works at sensor level, would make it more adaptable for energy platforms.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
The only issue that we have had with New Relic is that the price might be a little expensive for smaller companies. The amount of data you store in New Relic impacts the cost, and can get away from you if you don't work closely with the vendor. Overall though the application is top notch.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
I have given this much rating as I am used New Relic in different sectors and for different use cases like its K8s monitoring, infra monitoring, full stack monitoring as compare to other tools New Relic gives data in a formatted and connected way, and also it is giving us value for money. It also launches new features day by day which helps users to track the issue very quickly. It also supports OTel integrations which is the latest trend of observability tools. thats why I had given this much rating to New Relic.
I would rate Cisco Secure Network Analytics’ availability as 8 out of 10. The platform is highly stable and reliable, with users reporting minimal downtime and consistent performance once the system is properly deployed and configured.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
The support team has been really helpful and resolved most of the issues on time. However, for a couple of issues, several follow-ups were needed to elicit a reasonable response. The issue was deeply technical and could have been investigated only by their Architects, and bringing them into the ticket took longer than needed
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
It's better to start by implementing New Relic in one project and test everything. Try to follow best recommended practices and read all the official documentation. Everything seems well tested. Then, start by installing agents to the rest of your projects and keep a close look to all logs and metrics New Relic gives you.
I wasn't involved in the decision-making when it happened. It was a couple of years ago, but I can't think of the vendor's name. They used to be here at Cisco Live. But it was another NetFlow vendor, but they were strictly NetFlow and all they did was just a net flow and the Secure Network Analytics has like some of the security anomaly detection stuff built into it. And that was kind of a deciding factor of wanting more of the security focus of the net flow. The net flow was a bonus, but the security stuff was what we were looking for.
Data Dog has solutions that look more attractive, but not at their price point. We have also tried to build a solution straight from the Cloud, where our business is built, but some things are too hard to replicate. This shows that New Relic is useful and helps our efficiency.
It is a little pricey - in my organization, with budget cuts, I eventually had to replace it with an open source product (NTOP). While it works well for visibility, it simply isn't the same. If you can afford it, don't bother looking anywhere else - just get it.
Being able to detect, pivot out, and remmediate from one console was awesome.
