Cisco Secure Network Analytics (Stealthwatch)

Cisco Secure Network Analytics (Stealthwatch)

About TrustRadius Scoring
Score 8.5 out of 100
Cisco Secure Network Analytics (Stealthwatch)


Recent Reviews

Stealthwatch Value Add

10 out of 10
March 29, 2022
Cisco Secure Network Analytics allows you to see everything on your network, whether it is wired or wireless. This is truly critical in …
Continue reading

Watch that flow go!

7 out of 10
February 21, 2019
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is …
Continue reading

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Cisco Secure Network Analytics (Stealthwatch), and make your voice heard!


View all pricing

What is Cisco Secure Network Analytics (Stealthwatch)?

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

3 people want pricing too

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Cisco Secure Network Analytics (Stealthwatch)?

Cisco Secure Network Analytics (Stealthwatch) aims to help users outsmart emerging threats in a digital business with machine learning and behavioral modeling, and know who is on the network and what they are doing using telemetry from the network infrastructure. Additionally, Cisco states users can detect advanced threats and respond to them quickly, protect critical data with smarter network segmentation, and do it all with an agentless solution that grows with the business.

Cisco Secure Network Analytics (Stealthwatch) Downloadables

Cisco Secure Network Analytics (Stealthwatch) Competitors

Cisco Secure Network Analytics (Stealthwatch) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo


View all alternatives

Compare with

Frequently Asked Questions

What is Cisco Secure Network Analytics (Stealthwatch)?

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

What is Cisco Secure Network Analytics (Stealthwatch)'s best feature?

Reviewers rate Support Rating highest, with a score of 8.

Who uses Cisco Secure Network Analytics (Stealthwatch)?

The most common users of Cisco Secure Network Analytics (Stealthwatch) are from Enterprises (1,001+ employees) and the Information Technology & Services industry.

Reviews and Ratings




(1-9 of 9)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Network Analytics allows you to see everything on your network, whether it is wired or wireless. This is truly critical in security and it helps see what devices are doing, especially the ones that you cannot install an agent on. With its strong integrations we are able to provide a complete picture of what a device is and what it is doing on the network.
  • Traffic analysis.
  • Reporting.
  • Behavioral.
  • More direct integrations without the need of a separate VM
  • Buit in network forensics
I feel Cisco Secure Network Analytics should be used in every organization. The detection of anomalies and malicious actors is phenomenal. Being able to confidently talk to your manager and auditors about what is happening on your network is huge. Although if you cannot get reliable NetFlow from your network infrastructure this may not be the best tool for you.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Network Analytics with its Stealthwatch technology has the ability to raise any organization’s defence by giving detailed notice of visibility while providing security analytics. Access is provided to the organization to keep an eye on each and every host. It records every conversation while knowing any abnormality. It sends alerts to check the threats quickly. By using this tool, an organization can easily increase its security and it has facilitated us in acknowledging what is going on with the organization’s network. It is helpful for us keeping record of Netflow data as well.
  • A silent tool.
  • A great way to get visibility of all the conversations of the network.
  • Easy to find out the internal and the external threats.
  • Easy to track performance.
  • Network monitoring is very easy to understand and control.
  • Attacks can be easily detected along with encrypted traffic.
  • Historic records of the attack and reports make it even better.
  • The price of this tool is comparatively higher than other tools in the market.
  • The configuration process should be made easier.
  • The interface is also not user-friendly at all.
Cisco Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your network in any case.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Network Analytics (Stealthwatch) is being used as a monitoring tool for IT--specifically by IT security to be alerted when Cisco Secure Network Analytics (Stealthwatch) "thinks" things should be checked. It checks for nefarious events or events that are not normal to the normal workplace environment. Cisco Secure Network Analytics (Stealthwatch) has been setup to watch for anomalies on the network and then to alert IT. It was originally installed to quell an audit report that found a deficiency in our IT security and to help prevent new issues and to also possibly help discover where they may have originated on the network.
  • Using predefined signatures and scripts to capture and alert us to problems.
  • Built-in tools that automatically watch for suspicious behaviors
  • Integration with our already implemented IPAM services
  • Interfaces with Splunk for our IT security to easy review
  • Costs
  • Almost too much information
  • Not the easiest out of the box to configure
  • Needed additional support from Cisco for setup and updates
Overall it's a great product that will help any IT experts see deeper into their network--specifically large networks that have thousands of users and traffic crossing around the globe. There could be need in a smaller network but it's probably not worth the cost. Cisco Secure Network Analytics (Stealthwatch) is another tool that is expensive but has a lot of configurability. Someone needs to be specifically responsible not just for keeping Cisco Secure Network Analytics (Stealthwatch) up to date but for following all the leads and rabbit holes it creates.
Score 6 out of 10
Vetted Review
Verified User
Review Source
We got access to Stealthwatch with our Cisco Umbrella. We went with the on-premise version of Stealthwatch and like the product. We're sending in DNS, VPC Flow logs, etc and like how it pulls that and processes it and really cleans up the noise. Currently looking to get it fully-integrated with our SIEM.
  • Breaks down network data into categories like Recon, exploit, etc,
  • Good data around usage (categorized as Data Hoarding)
  • Alarms broken out by TTP
  • There is an appliance, so you do need to set that up
  • Not many issues or concerns
On of our use cases that we needed help with was around vulnerability data, netflow, and infrastructure logs all coming together to get anomaly detection. We are limited by what we can send to our SIEM, so seeing this do a lot of the leg work before we send it is very nice.
Oleksandr Tsapenko | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Review Source
The business problem which StealthWatch solves is visibility of the network traffic. Analyzing of flow (whether it is NetFlow or sFlow or IPfix) is very handy when it comes to troubleshooting, but StealthWatch extends usability of flow protocol beyond network operations. It gives possibility to use flow protocols data in cyber security domain to discover cyber security incidents by analyzing of network traffic behavior anomalies.
  • Operability with different protocols.
  • Strong visibility.
  • Integration with other Cisco Security products for complete defense.
  • More simplified implementation.
  • Deep integration with third-party security tools.
  • More simplified licensing.
Cisco StealthWatch is well suited when you need to deal with big amounts of traffic. For example, big enterprises, data centers, [and] banks. [In] other words, it does a good job in cases when you have a lot of users with different access levels from different departments and maybe in different regions. So you need to have a clear vision of what [is] happening in your network right now.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
When talk[ing] about StealthWatch support I can share my high marks for its wide integration options which expan day to day. Also need to admit that Cisco TAC [has] always be[en] trusted and showed high levesl of proficiency. This statement [is] also applicable regarding support of Cisco StealthWatch. In view of all the above, StealthWatch deserves high marks.
Ericson Aragoza | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
This is used in the whole organization, which consists of multiple offices amongst several regions from EMEA, APAC, & CONUS. We highly rely on Cisco StealthWatch to identify and track what is going on in our corporate network and prevent possible breaches as well as remedy existing ones, if any.
  • Allows us to know what is exactly happening in our network (real-time & historical)
  • Allows us to identify "normal" traffic against others/Netflow
  • Allows us to easily track traffic flow
  • As with new technologies, learning curves are a given. On this one, there is a slight curve before you fully grasp it.
  • User interface can be improved to better user experience.
I would suggest performing an initial deep-dive and analysis of the current state of your network and workflow in terms of maintenance, deployment, and management. If it takes quite an amount of effort for a single person or a team, for an extended period of time, then I would highly recommend taking a look at and perhaps deploying Cisco StealthWatch as it will solve all of the items above.
We had an amazing experience with assistance during the deployment and hand-over phase to operations. They were very informative and provided proper guidance so that we can further develop on our own.

The downside is of course the monetary requirement, but it was very well worth it. It will allow the administrators, users, and support members to fully utilize the functionalities and tailor them to the day to day workflow and needs.
John Patrick Duro | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Cisco StealthWatch is primarily used by my organization for security incident response, forensic, monitoring, analysis, and even for our threat hunting. It provides us centralized knowledge in our Security Operations field. It is being used across the whole organization. It addresses the following business problems that we have:
1. Regulatory requirements.
2. Simplifies network security, analysis, and monitoring.
3. Less reconfiguration to existing deployments or assets.
  • Management Consoles - they are simple, easy to understand, centralized, organized, and have complete visibility and control.
  • Encrypted Traffic Analytics (ETA) - golden functionality that provides us more visibility without the need to decrypt traffic.
  • Extended data - longer data retention that is very helpful to our scalability issues.
  • Expensive - it is a given fact especially for Cisco services.
  • Flow Sensor - it is very hard and complex to set up; receiving a lot of noise or false positives.
  • Flow Maps - same with flow sensor in terms of negative concerns.
We used Cisco StealthWatch for threat intelligence, threat mapping, threat hunting, information security analysis, monitoring, and compliance. Our security operations teams mainly used it for incident response, forensic and root cause analysis. Also, it is very useful for insider threats, zero day vulnerabilities and malware, encrypted malicious malware, and behavioral analysis too.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
February 21, 2019

Watch that flow go!

Score 7 out of 10
Vetted Review
Verified User
Review Source
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is going through our network devices and allows us to provide this information to other departments in a much easier and digestible way than before. We have used it to help other departments in their decision making and analytics.
  • StealthWatch is very good at capturing NetFlow.
  • Stealthwatch is very good at presenting NetFlow data in easy to understands graphs and charts.
  • StealthWatch makes reporting on traffic much easier.
  • The StealthWatch interface is clunky and broken into 2 parts, both an HTML console and a JAVA console. This causes issues as one is completely different than the other.
  • Licenses are eaten up very quickly and can be pricey.
  • Upgrading StealthWatch is more tedious and time consuming than it should be.
I think a larger company that needs NetFlow data and has someone who can dedicate some time into learning the inner workings of StealthWatch could take advantage of all that StealWatch has to offer, but the suite itself may be too much to swallow for smaller staffed companies or companies that don't need this kind of visibility into network traffic.
Matt Frederickson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We used this across the organization - 18 buildings spread across 72 square miles. It was used to identify and track Netflow data. It was originally purchased to answer two questions - what is happening on my network, and is it normal. Installation originally required two appliances, but by my third upgrade everything was 100% virtual.
  • Stellar at grabbing Netflow data - and really, really good at differentiating types of traffic.
  • Excellent at knowing which traffic was flowing from what endpoints - and then using some tie-ins to gather data about the endpoints.
  • Used this mostly for historic (what happened when) but also used it a few times for real-time analysis, looking for bandwidth hogs and help for troubleshooting issues.
  • Highly recommend as a forensic tool - doesn't do full packet capture, but for everything else it's awesome.
  • There is a slight learning curve with the UI - this could use some improvement. Once you learn though, it is not an obstacle.
  • Would like them to add a log correlation engine - that could tie into log files - but then it would be a SIEM.
If you can't answer two questions - I mentioned them before - about your network, then you really are not in a good place from a cyber security or even customer service standpoint. Regardless if your networking is outsourced to a vendor, you need some type of check and balance - and you NEED to know what's going on.

I was able to use this product to detect a botnet on our network - and using the details, and the ability to tie in other software, pivot from the endpoint (in Stealthwatch) to another program which allowed me to completely remediate the botnet before it spread.