Skip to main content
Cisco Secure Network Analytics

Cisco Secure Network Analytics
Formerly Cisco Stealthwatch


What is Cisco Secure Network Analytics?

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

Read more
Recent Reviews

Watch that flow go!

7 out of 10
July 05, 2022
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is …
Continue reading
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Product Details

What is Cisco Secure Network Analytics?

Cisco Secure Network Analytics (Stealthwatch) aims to help users outsmart emerging threats in a digital business with machine learning and behavioral modeling, and know who is on the network and what they are doing using telemetry from the network infrastructure. Additionally, Cisco states users can detect advanced threats and respond to them quickly, protect critical data with smarter network segmentation, and do it all with an agentless solution that grows with the business.

Cisco Secure Network Analytics Competitors

Cisco Secure Network Analytics Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Cisco Secure Network Analytics Downloadables

Frequently Asked Questions

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

Darktrace, Splunk Enterprise, and LogRhythm NextGen SIEM Platform are common alternatives for Cisco Secure Network Analytics.

The most common users of Cisco Secure Network Analytics are from Enterprises (1,001+ employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-11 of 11)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
We use it for some security alerts for different bad traffic, malware, and traffic-type things. We also use it to look for what we call deprecated protocols, things that aren't supposed to be on the network. We use secure network analytics to identify traffic that's not supposed to be in use by our users and applications.
  • It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
  • There are things that you can search for a particular type of traffic, but you cannot create an alert to alert on that type of traffic. An example of that is a particular encryption type. So like RC4 encryption is prohibited within DHS. I can search for traffic using it, but I can't create a rule alerting on that traffic type.
We have a large enterprise that we monitor with it and it fits well there. It might be a little on the more complex size for smaller networks, but that's how we use it.
Score 8 out of 10
Vetted Review
Verified User
This one is the best in informing about the threat in an existing network. This has been easy to control the damage before it happens and helped our customers to maintain the uptime of the services. Easy to use tool and early understanding of graphical user interface. Earlier, we were using a different tool, which was heavy and synchronization time was also very high due to which most of the time threats used to occur, and we get the alert after that resulting in the customer escalation.
For Instance, we had faced a DDOS attack on one of our networks where gigs of traffic were thrown towards the customer network. We were using the Cisco Secure Network Analytics tool which carried all the requests in front of the customer network and immediately floated the security breach alarm to all configured stakeholders.
All Security teams gathered within 10 min of the alarm and found the traffic from China. Although there was no harm to customers and production was kept ongoing.
Later on, all other security steps were taken to resolve this. This proved the tool to be very helpful to avoid downtime and data breaches.
  • Advanced threat details like repeated attacks on the network.
  • In-depth scanning of the entire network and shows multiple vulnerabilities within the network.
  • Integrated Cisco license with the tool saves the cost to the customer.
  • Also, help in the same way for the cloud as it does for the network.
  • Availability of reports in multiple report format for analyzing the outcome of the tool.
  • Tool is little hard to configure so need to be light to save resource consumption.
  • Features are so in-depth that integrated guidance should be available to help the users on how to use.
  • Graphical view can be improved to make it more convenient to understand the data representation.
Well Suited - There was a DDoS attack once in the customer network and this tool picked that threat and informed all the respective stakeholders on time. This has resulted in timely action on that threat resulting in no downtime or security issues for the customer.
Not Appropriate- Except the need for some presentation changes, making it lightweight, I did not see any such cons which could make it non-appropriate.
Score 8 out of 10
Vetted Review
While many network behavioral detection systems exist on the market, many companies choose to install the agent on the endpoint. By using the Secure Network Analytics (SNA), *all* traffic is inspected as it passes through the infrastructure. SNA provides 2 major benefits to Enterprise Networks. First, all traffic is inspected, so anomalies to this traffic or unauthorized communication patterns can be detected and reported on. This detection can be tied into additional security products such as Cisco ISE to remove noncompliant endpoints from the network. Secondly, as all traffic is funneling through SNA, this can be used for numerous reporting and analytics. As an example, you can view how much traffic an endpoint generates or receives, what destinations are visited and if they are within the business objectives, and force compliance beyond just that of installing endpoint agents.
  • Network Traffic Pattern
  • Traffic Behavior Detection
  • API Integration
  • User Interface
  • Pre-Canned Data Reports
  • User Input for Machine Learning Models
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
July 05, 2022

Watch that flow go!

Score 7 out of 10
Vetted Review
Verified User
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is going through our network devices and allows us to provide this information to other departments in a much easier and digestible way than before. We have used it to help other departments in their decision making and analytics.
  • StealthWatch is very good at capturing NetFlow.
  • Stealthwatch is very good at presenting NetFlow data in easy to understands graphs and charts.
  • StealthWatch makes reporting on traffic much easier.
  • The StealthWatch interface is clunky and broken into 2 parts, both an HTML console and a JAVA console. This causes issues as one is completely different than the other.
  • Licenses are eaten up very quickly and can be pricey.
  • Upgrading StealthWatch is more tedious and time consuming than it should be.
I think a larger company that needs NetFlow data and has someone who can dedicate some time into learning the inner workings of StealthWatch could take advantage of all that StealWatch has to offer, but the suite itself may be too much to swallow for smaller staffed companies or companies that don't need this kind of visibility into network traffic.
Score 10 out of 10
Vetted Review
Verified User
Cisco Secure Network Analytics allows you to see everything on your network, whether it is wired or wireless. This is truly critical in security and it helps see what devices are doing, especially the ones that you cannot install an agent on. With its strong integrations we are able to provide a complete picture of what a device is and what it is doing on the network.
  • Traffic analysis.
  • Reporting.
  • Behavioral.
  • More direct integrations without the need of a separate VM
  • Buit in network forensics
I feel Cisco Secure Network Analytics should be used in every organization. The detection of anomalies and malicious actors is phenomenal. Being able to confidently talk to your manager and auditors about what is happening on your network is huge. Although if you cannot get reliable NetFlow from your network infrastructure this may not be the best tool for you.
Score 9 out of 10
Vetted Review
Verified User
Cisco Secure Network Analytics with its Stealthwatch technology has the ability to raise any organization’s defence by giving detailed notice of visibility while providing security analytics. Access is provided to the organization to keep an eye on each and every host. It records every conversation while knowing any abnormality. It sends alerts to check the threats quickly. By using this tool, an organization can easily increase its security and it has facilitated us in acknowledging what is going on with the organization’s network. It is helpful for us keeping record of Netflow data as well.
  • A silent tool.
  • A great way to get visibility of all the conversations of the network.
  • Easy to find out the internal and the external threats.
  • Easy to track performance.
  • Network monitoring is very easy to understand and control.
  • Attacks can be easily detected along with encrypted traffic.
  • Historic records of the attack and reports make it even better.
  • The price of this tool is comparatively higher than other tools in the market.
  • The configuration process should be made easier.
  • The interface is also not user-friendly at all.
Cisco Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your network in any case.
Score 8 out of 10
Vetted Review
Verified User
Cisco Secure Network Analytics (Stealthwatch) is being used as a monitoring tool for IT--specifically by IT security to be alerted when Cisco Secure Network Analytics (Stealthwatch) "thinks" things should be checked. It checks for nefarious events or events that are not normal to the normal workplace environment. Cisco Secure Network Analytics (Stealthwatch) has been setup to watch for anomalies on the network and then to alert IT. It was originally installed to quell an audit report that found a deficiency in our IT security and to help prevent new issues and to also possibly help discover where they may have originated on the network.
  • Using predefined signatures and scripts to capture and alert us to problems.
  • Built-in tools that automatically watch for suspicious behaviors
  • Integration with our already implemented IPAM services
  • Interfaces with Splunk for our IT security to easy review
  • Costs
  • Almost too much information
  • Not the easiest out of the box to configure
  • Needed additional support from Cisco for setup and updates
Overall it's a great product that will help any IT experts see deeper into their network--specifically large networks that have thousands of users and traffic crossing around the globe. There could be need in a smaller network but it's probably not worth the cost. Cisco Secure Network Analytics (Stealthwatch) is another tool that is expensive but has a lot of configurability. Someone needs to be specifically responsible not just for keeping Cisco Secure Network Analytics (Stealthwatch) up to date but for following all the leads and rabbit holes it creates.
Score 6 out of 10
Vetted Review
Verified User
We got access to Stealthwatch with our Cisco Umbrella. We went with the on-premise version of Stealthwatch and like the product. We're sending in DNS, VPC Flow logs, etc and like how it pulls that and processes it and really cleans up the noise. Currently looking to get it fully-integrated with our SIEM.
  • Breaks down network data into categories like Recon, exploit, etc,
  • Good data around usage (categorized as Data Hoarding)
  • Alarms broken out by TTP
  • There is an appliance, so you do need to set that up
  • Not many issues or concerns
On of our use cases that we needed help with was around vulnerability data, netflow, and infrastructure logs all coming together to get anomaly detection. We are limited by what we can send to our SIEM, so seeing this do a lot of the leg work before we send it is very nice.
Oleksandr Tsapenko | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
The business problem which StealthWatch solves is visibility of the network traffic. Analyzing of flow (whether it is NetFlow or sFlow or IPfix) is very handy when it comes to troubleshooting, but StealthWatch extends usability of flow protocol beyond network operations. It gives possibility to use flow protocols data in cyber security domain to discover cyber security incidents by analyzing of network traffic behavior anomalies.
  • Operability with different protocols.
  • Strong visibility.
  • Integration with other Cisco Security products for complete defense.
  • More simplified implementation.
  • Deep integration with third-party security tools.
  • More simplified licensing.
Cisco StealthWatch is well suited when you need to deal with big amounts of traffic. For example, big enterprises, data centers, [and] banks. [In] other words, it does a good job in cases when you have a lot of users with different access levels from different departments and maybe in different regions. So you need to have a clear vision of what [is] happening in your network right now.
John Patrick Duro | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Cisco StealthWatch is primarily used by my organization for security incident response, forensic, monitoring, analysis, and even for our threat hunting. It provides us centralized knowledge in our Security Operations field. It is being used across the whole organization. It addresses the following business problems that we have:
1. Regulatory requirements.
2. Simplifies network security, analysis, and monitoring.
3. Less reconfiguration to existing deployments or assets.
  • Management Consoles - they are simple, easy to understand, centralized, organized, and have complete visibility and control.
  • Encrypted Traffic Analytics (ETA) - golden functionality that provides us more visibility without the need to decrypt traffic.
  • Extended data - longer data retention that is very helpful to our scalability issues.
  • Expensive - it is a given fact especially for Cisco services.
  • Flow Sensor - it is very hard and complex to set up; receiving a lot of noise or false positives.
  • Flow Maps - same with flow sensor in terms of negative concerns.
We used Cisco StealthWatch for threat intelligence, threat mapping, threat hunting, information security analysis, monitoring, and compliance. Our security operations teams mainly used it for incident response, forensic and root cause analysis. Also, it is very useful for insider threats, zero day vulnerabilities and malware, encrypted malicious malware, and behavioral analysis too.
Matt Frederickson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We used this across the organization - 18 buildings spread across 72 square miles. It was used to identify and track Netflow data. It was originally purchased to answer two questions - what is happening on my network, and is it normal. Installation originally required two appliances, but by my third upgrade everything was 100% virtual.
  • Stellar at grabbing Netflow data - and really, really good at differentiating types of traffic.
  • Excellent at knowing which traffic was flowing from what endpoints - and then using some tie-ins to gather data about the endpoints.
  • Used this mostly for historic (what happened when) but also used it a few times for real-time analysis, looking for bandwidth hogs and help for troubleshooting issues.
  • Highly recommend as a forensic tool - doesn't do full packet capture, but for everything else it's awesome.
  • There is a slight learning curve with the UI - this could use some improvement. Once you learn though, it is not an obstacle.
  • Would like them to add a log correlation engine - that could tie into log files - but then it would be a SIEM.
If you can't answer two questions - I mentioned them before - about your network, then you really are not in a good place from a cyber security or even customer service standpoint. Regardless if your networking is outsourced to a vendor, you need some type of check and balance - and you NEED to know what's going on.

I was able to use this product to detect a botnet on our network - and using the details, and the ability to tie in other software, pivot from the endpoint (in Stealthwatch) to another program which allowed me to completely remediate the botnet before it spread.
Return to navigation