Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.
N/A
Palo Alto Networks WildFire
Score 9.3 out of 10
N/A
Palo Alto Network’s WildFire is a malware prevention service. It specializes in addressing zero-day threats through dynamic and static analysis, machine learning, and advanced sandbox testing environments.
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
Palo Alto Networks WildFire is highly effective in enterprise environments where detecting zero-day threats and unknown malware is critical. Small businesses may find the cost of advanced subscriptions prohibitive, especially if they only need basic protection. Much of our infrastructure is OT and Palo Alto Networks WildFire is cloud dependent so cannot be used where we have air-gapped systems.
This is could base and easily manageable for our collocation. While working within the could can review in live time potential treats that it has reported from other devices.
Worked very well with existing Palo Alto devices.
Another huge plus is the simplicity of managing and ease of scalability.
Its cost is competitive with similar/like products available.
Some of the jobs can be difficult to setup until you know how they were designed
Unless coupled with other Cisco products, you may not get all of the information you would like to have
If you have a network that already has many issues it may take a lot of time to see the value in the product; it would take time to weed everything which this product will detect for you to use it to find that needle in the haystack
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
It works very well and takes care of protecting us from threats new and well-known. It's been a game changer in terms of threat detection & prevention.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
It is a great product that has definitely improved our security posture, however it does require quite a bit of training and time spent customizing for the environment. We had several difficulties in deployment but Palo Alto support was able to help us work through the problems that we were not able to figure out on our own.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
PAN support is very good. You can get the reasonable and timely support on any conditions. When the product is already integrated with the PAN firewalls, you can choose the severity levels based on the effect. The customer service/TAC is very helpful, they even have additional recommendations of advises for product usability. Local partners are also assisting the cases and give their expertise.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
I wasn't involved in the decision-making when it happened. It was a couple of years ago, but I can't think of the vendor's name. They used to be here at Cisco Live. But it was another NetFlow vendor, but they were strictly NetFlow and all they did was just a net flow and the Secure Network Analytics has like some of the security anomaly detection stuff built into it. And that was kind of a deciding factor of wanting more of the security focus of the net flow. The net flow was a bonus, but the security stuff was what we were looking for.
WildFire from Palo Alto Networks provides security with very little overhead. With AutoFocus, they’ve got threat intelligence built right in. That way, it can prepare us to react swiftly when a significant danger is identified and dealt with as soon as possible. They introduced firewalls that are aware of applications and can make use of Wildfire. It sped our ability to respond to emerging threats up because of this game-changing development.
It is a little pricey - in my organization, with budget cuts, I eventually had to replace it with an open source product (NTOP). While it works well for visibility, it simply isn't the same. If you can afford it, don't bother looking anywhere else - just get it.
Being able to detect, pivot out, and remmediate from one console was awesome.
We've had one or two malware files that were blocked by Wildfire. We use it occasionally to check unusual or unexpected files. Hard to monetize ROI, because we don't know what the impact would have been if the file made it through.
We pay significantly for the Wildfire licenses, but given the potential impact to our business, we feel it is worthwhile. Figure costs are somewhere around $1,500 per year per firewall for a mid-range model. Can be higher or lower for different sized firewalls. Onsite appliance was somewhere between $50-100K, which was too much for us, so we use the cloud model.
