Cisco Secure Network Analytics (Stealthwatch) Reviews

9 Ratings
<a href='' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 6.8 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (1-6 of 6)

Companies can't remove reviews or game the system. Here's why.
April 30, 2021
Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
We got access to Stealthwatch with our Cisco Umbrella. We went with the on-premise version of Stealthwatch and like the product. We're sending in DNS, VPC Flow logs, etc and like how it pulls that and processes it and really cleans up the noise. Currently looking to get it fully-integrated with our SIEM.
  • Breaks down network data into categories like Recon, exploit, etc,
  • Good data around usage (categorized as Data Hoarding)
  • Alarms broken out by TTP
  • There is an appliance, so you do need to set that up
  • Not many issues or concerns
On of our use cases that we needed help with was around vulnerability data, netflow, and infrastructure logs all coming together to get anomaly detection. We are limited by what we can send to our SIEM, so seeing this do a lot of the leg work before we send it is very nice.
Read this authenticated review
November 19, 2020
Oleksandr Tsapenko | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Review Source
The business problem which StealthWatch solves is visibility of the network traffic. Analyzing of flow (whether it is NetFlow or sFlow or IPfix) is very handy when it comes to troubleshooting, but StealthWatch extends usability of flow protocol beyond network operations. It gives possibility to use flow protocols data in cyber security domain to discover cyber security incidents by analyzing of network traffic behavior anomalies.
  • Operability with different protocols.
  • Strong visibility.
  • Integration with other Cisco Security products for complete defense.
  • More simplified implementation.
  • Deep integration with third-party security tools.
  • More simplified licensing.
Cisco StealthWatch is well suited when you need to deal with big amounts of traffic. For example, big enterprises, data centers, [and] banks. [In] other words, it does a good job in cases when you have a lot of users with different access levels from different departments and maybe in different regions. So you need to have a clear vision of what [is] happening in your network right now.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
When talk[ing] about StealthWatch support I can share my high marks for its wide integration options which expan day to day. Also need to admit that Cisco TAC [has] always be[en] trusted and showed high levesl of proficiency. This statement [is] also applicable regarding support of Cisco StealthWatch. In view of all the above, StealthWatch deserves high marks.
Read Oleksandr Tsapenko's full review
August 24, 2020
Ericson Aragoza | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
This is used in the whole organization, which consists of multiple offices amongst several regions from EMEA, APAC, & CONUS. We highly rely on Cisco StealthWatch to identify and track what is going on in our corporate network and prevent possible breaches as well as remedy existing ones, if any.
  • Allows us to know what is exactly happening in our network (real-time & historical)
  • Allows us to identify "normal" traffic against others/Netflow
  • Allows us to easily track traffic flow
  • As with new technologies, learning curves are a given. On this one, there is a slight curve before you fully grasp it.
  • User interface can be improved to better user experience.
I would suggest performing an initial deep-dive and analysis of the current state of your network and workflow in terms of maintenance, deployment, and management. If it takes quite an amount of effort for a single person or a team, for an extended period of time, then I would highly recommend taking a look at and perhaps deploying Cisco StealthWatch as it will solve all of the items above.
We had an amazing experience with assistance during the deployment and hand-over phase to operations. They were very informative and provided proper guidance so that we can further develop on our own.

The downside is of course the monetary requirement, but it was very well worth it. It will allow the administrators, users, and support members to fully utilize the functionalities and tailor them to the day to day workflow and needs.
Read Ericson Aragoza's full review
August 20, 2020
John Patrick Duro | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Cisco StealthWatch is primarily used by my organization for security incident response, forensic, monitoring, analysis, and even for our threat hunting. It provides us centralized knowledge in our Security Operations field. It is being used across the whole organization. It addresses the following business problems that we have:
1. Regulatory requirements.
2. Simplifies network security, analysis, and monitoring.
3. Less reconfiguration to existing deployments or assets.
  • Management Consoles - they are simple, easy to understand, centralized, organized, and have complete visibility and control.
  • Encrypted Traffic Analytics (ETA) - golden functionality that provides us more visibility without the need to decrypt traffic.
  • Extended data - longer data retention that is very helpful to our scalability issues.
  • Expensive - it is a given fact especially for Cisco services.
  • Flow Sensor - it is very hard and complex to set up; receiving a lot of noise or false positives.
  • Flow Maps - same with flow sensor in terms of negative concerns.
We used Cisco StealthWatch for threat intelligence, threat mapping, threat hunting, information security analysis, monitoring, and compliance. Our security operations teams mainly used it for incident response, forensic and root cause analysis. Also, it is very useful for insider threats, zero day vulnerabilities and malware, encrypted malicious malware, and behavioral analysis too.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Read John Patrick Duro's full review
January 16, 2018
Matt Frederickson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We used this across the organization - 18 buildings spread across 72 square miles. It was used to identify and track Netflow data. It was originally purchased to answer two questions - what is happening on my network, and is it normal. Installation originally required two appliances, but by my third upgrade everything was 100% virtual.
  • Stellar at grabbing Netflow data - and really, really good at differentiating types of traffic.
  • Excellent at knowing which traffic was flowing from what endpoints - and then using some tie-ins to gather data about the endpoints.
  • Used this mostly for historic (what happened when) but also used it a few times for real-time analysis, looking for bandwidth hogs and help for troubleshooting issues.
  • Highly recommend as a forensic tool - doesn't do full packet capture, but for everything else it's awesome.
  • There is a slight learning curve with the UI - this could use some improvement. Once you learn though, it is not an obstacle.
  • Would like them to add a log correlation engine - that could tie into log files - but then it would be a SIEM.
If you can't answer two questions - I mentioned them before - about your network, then you really are not in a good place from a cyber security or even customer service standpoint. Regardless if your networking is outsourced to a vendor, you need some type of check and balance - and you NEED to know what's going on.

I was able to use this product to detect a botnet on our network - and using the details, and the ability to tie in other software, pivot from the endpoint (in Stealthwatch) to another program which allowed me to completely remediate the botnet before it spread.
Read Matt Frederickson's full review
February 21, 2019
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is going through our network devices and allows us to provide this information to other departments in a much easier and digestible way than before. We have used it to help other departments in their decision making and analytics.
  • StealthWatch is very good at capturing NetFlow.
  • Stealthwatch is very good at presenting NetFlow data in easy to understands graphs and charts.
  • StealthWatch makes reporting on traffic much easier.
  • The StealthWatch interface is clunky and broken into 2 parts, both an HTML console and a JAVA console. This causes issues as one is completely different than the other.
  • Licenses are eaten up very quickly and can be pricey.
  • Upgrading StealthWatch is more tedious and time consuming than it should be.
I think a larger company that needs NetFlow data and has someone who can dedicate some time into learning the inner workings of StealthWatch could take advantage of all that StealWatch has to offer, but the suite itself may be too much to swallow for smaller staffed companies or companies that don't need this kind of visibility into network traffic.
Read this authenticated review

Cisco Secure Network Analytics (Stealthwatch) Scorecard Summary

What is Cisco Secure Network Analytics (Stealthwatch)?

Cisco Secure Network Analytics (Stealthwatch) aims to help users outsmart emerging threats in a digital business with machine learning and behavioral modeling, and know who is on the network and what they are doing using telemetry from the network infrastructure. Additionally, Cisco states users can detect advanced threats and respond to them quickly, protect critical data with smarter network segmentation, and do it all with an agentless solution that grows with the business.

Cisco Secure Network Analytics (Stealthwatch) Downloadables

Cisco Secure Network Analytics (Stealthwatch) Competitors

Cisco Secure Network Analytics (Stealthwatch) Technical Details

Operating Systems: Unspecified
Mobile Application:No

Frequently Asked Questions

What is Cisco Secure Network Analytics (Stealthwatch)?

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

What is Cisco Secure Network Analytics (Stealthwatch)'s best feature?

Reviewers rate Support Rating highest, with a score of 7.9.

Who uses Cisco Secure Network Analytics (Stealthwatch)?

The most common users of Cisco Secure Network Analytics (Stealthwatch) are from Enterprises and the Information Technology & Services industry.