TrustRadius Insights for Cisco Secure Network Analytics are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Application Mapping: Users have appreciated the tool's ability to map out applications and identify communication patterns within the network, aiding in validating system interactions and improving overall network visibility. This feature has been particularly useful for enhancing troubleshooting processes and ensuring efficient system performance.
Advanced Threat Detection: Reviewers have found the advanced threat details provided by the tool valuable for gaining insights into repeated attacks on the network, conducting comprehensive scans to reveal multiple vulnerabilities, and enhancing security measures effectively. The detailed threat information has enabled users to proactively address potential risks and strengthen their defense strategies.
Cost-saving Integration: Customers have benefited from the integrated Cisco licensing with the tool, seen as a cost-saving feature that contributes to improved operational efficiency. By streamlining licensing processes and reducing additional costs, users have highlighted this integration as a significant advantage that adds value to their security operations.
In our organization, we use Cisco Secure Network Analytics so We have visibility on the application and users traffic that otherwise we cannot know.
Pros
flow search
custom security events
Cons
I think there is room for improvement in Cisco Secure Network Analytics with Network maps
I think there is room for improvement in Cisco Secure Network Analytics to Reduce false positives
Likelihood to Recommend
If asked, I think I am likely to recommend Cisco Secure Network Analytics to a colleague because, in my experience, Cisco Secure Network Analytics gives you full visibily on your network traffic and helps you understand what's going on inside your network.
Cisco Secure Network Analytics is used as part of the security stack we have in our organization. With this tool we are able to analyze traffic patterns, identify potential issues, and address threats before they become more than just a warning sign. Through this product we were able to see some rogue actors on the network and get them shut down before they became more of a problem.
Pros
Ability to quickly see and address rogue actors
See what type of threats are on the network in a quick manner using the dashboard
Provide administrative reports to leadership to assist in their decision making process
See network communications flows between hosts
Cons
Some of the jobs can be difficult to setup until you know how they were designed
Unless coupled with other Cisco products, you may not get all of the information you would like to have
If you have a network that already has many issues it may take a lot of time to see the value in the product; it would take time to weed everything which this product will detect for you to use it to find that needle in the haystack
Likelihood to Recommend
We were experiencing an issue with a specific computer on our network. With the platform we were able to define what other hosts the particular computer was talking to so we could gain a better understanding of what the issue may have been. In this case it was an unpatched machine that needed to have some remediation done to remove the malware. Once this was done, we noticed a dramatic improvement in the performance of the computer and felt better about our investment in the product. Until you get into a situation where the tool is working for you, it may be something you start to second guess on.
VU
Verified User
Manager in Information Technology (51-200 employees)
We use it for some security alerts for different bad traffic, malware, and traffic-type things. We also use it to look for what we call deprecated protocols, things that aren't supposed to be on the network. We use secure network analytics to identify traffic that's not supposed to be in use by our users and applications.
Pros
It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
Cons
There are things that you can search for a particular type of traffic, but you cannot create an alert to alert on that type of traffic. An example of that is a particular encryption type. So like RC4 encryption is prohibited within DHS. I can search for traffic using it, but I can't create a rule alerting on that traffic type.
Likelihood to Recommend
We have a large enterprise that we monitor with it and it fits well there. It might be a little on the more complex size for smaller networks, but that's how we use it.
This one is the best in informing about the threat in an existing network. This has been easy to control the damage before it happens and helped our customers to maintain the uptime of the services. Easy to use tool and early understanding of graphical user interface. Earlier, we were using a different tool, which was heavy and synchronization time was also very high due to which most of the time threats used to occur, and we get the alert after that resulting in the customer escalation.
For Instance, we had faced a DDOS attack on one of our networks where gigs of traffic were thrown towards the customer network. We were using the Cisco Secure Network Analytics tool which carried all the requests in front of the customer network and immediately floated the security breach alarm to all configured stakeholders.
All Security teams gathered within 10 min of the alarm and found the traffic from China. Although there was no harm to customers and production was kept ongoing.
Later on, all other security steps were taken to resolve this. This proved the tool to be very helpful to avoid downtime and data breaches.
Pros
Advanced threat details like repeated attacks on the network.
In-depth scanning of the entire network and shows multiple vulnerabilities within the network.
Integrated Cisco license with the tool saves the cost to the customer.
Also, help in the same way for the cloud as it does for the network.
Availability of reports in multiple report format for analyzing the outcome of the tool.
Cons
Tool is little hard to configure so need to be light to save resource consumption.
Features are so in-depth that integrated guidance should be available to help the users on how to use.
Graphical view can be improved to make it more convenient to understand the data representation.
Likelihood to Recommend
Well Suited - There was a DDoS attack once in the customer network and this tool picked that threat and informed all the respective stakeholders on time. This has resulted in timely action on that threat resulting in no downtime or security issues for the customer.
Not Appropriate- Except the need for some presentation changes, making it lightweight, I did not see any such cons which could make it non-appropriate.
VU
Verified User
Manager in Information Technology (10,001+ employees)
While many network behavioral detection systems exist on the market, many companies choose to install the agent on the endpoint. By using the Secure Network Analytics (SNA), *all* traffic is inspected as it passes through the infrastructure. SNA provides 2 major benefits to Enterprise Networks. First, all traffic is inspected, so anomalies to this traffic or unauthorized communication patterns can be detected and reported on. This detection can be tied into additional security products such as Cisco ISE to remove noncompliant endpoints from the network. Secondly, as all traffic is funneling through SNA, this can be used for numerous reporting and analytics. As an example, you can view how much traffic an endpoint generates or receives, what destinations are visited and if they are within the business objectives, and force compliance beyond just that of installing endpoint agents.
Pros
Network Traffic Pattern
Traffic Behavior Detection
API Integration
Cons
User Interface
Pre-Canned Data Reports
User Input for Machine Learning Models
Likelihood to Recommend
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.
VU
Verified User
Consultant in Professional Services (501-1000 employees)
Cisco Secure Network Analytics allows you to see everything on your network, whether it is wired or wireless. This is truly critical in security and it helps see what devices are doing, especially the ones that you cannot install an agent on. With its strong integrations we are able to provide a complete picture of what a device is and what it is doing on the network.
Pros
Traffic analysis.
Reporting.
Behavioral.
Cons
More direct integrations without the need of a separate VM
Buit in network forensics
Likelihood to Recommend
I feel Cisco Secure Network Analytics should be used in every organization. The detection of anomalies and malicious actors is phenomenal. Being able to confidently talk to your manager and auditors about what is happening on your network is huge. Although if you cannot get reliable NetFlow from your network infrastructure this may not be the best tool for you.
VU
Verified User
Engineer in Information Technology (10,001+ employees)
Secure Network Analytics with its Stealthwatch technology has the ability to
raise any organization’s defence by giving detailed notice of visibility while
providing security analytics. Access is provided to the organization to keep an
eye on each and every host. It records every conversation while knowing any
abnormality. It sends alerts to check the threats quickly. By using this tool,
an organization can easily increase its security and it has facilitated us in acknowledging
what is going on with the organization’s network. It is helpful for us keeping
record of Netflow data as well.
Pros
A silent tool.
A great way to get visibility of all the conversations of the network.
Easy to find out the internal and the external threats.
Easy to track performance.
Network monitoring is very easy to understand and control.
Attacks can be easily detected along with encrypted traffic.
Historic records of the attack and reports make it even better.
Cons
The price of this tool is comparatively higher than other tools in the market.
The configuration process should be made easier.
The interface is also not user-friendly at all.
Likelihood to Recommend
Cisco
Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your
Cisco Secure Network Analytics (Stealthwatch) is being used as a monitoring tool for IT--specifically by IT security to be alerted when Cisco Secure Network Analytics (Stealthwatch) "thinks" things should be checked. It checks for nefarious events or events that are not normal to the normal workplace environment. Cisco Secure Network Analytics (Stealthwatch) has been setup to watch for anomalies on the network and then to alert IT. It was originally installed to quell an audit report that found a deficiency in our IT security and to help prevent new issues and to also possibly help discover where they may have originated on the network.
Pros
Using predefined signatures and scripts to capture and alert us to problems.
Built-in tools that automatically watch for suspicious behaviors
Integration with our already implemented IPAM services
Interfaces with Splunk for our IT security to easy review
Cons
Costs
Almost too much information
Not the easiest out of the box to configure
Needed additional support from Cisco for setup and updates
Likelihood to Recommend
Overall it's a great product that will help any IT experts see deeper into their network--specifically large networks that have thousands of users and traffic crossing around the globe. There could be need in a smaller network but it's probably not worth the cost. Cisco Secure Network Analytics (Stealthwatch) is another tool that is expensive but has a lot of configurability. Someone needs to be specifically responsible not just for keeping Cisco Secure Network Analytics (Stealthwatch) up to date but for following all the leads and rabbit holes it creates.
VU
Verified User
Manager in Information Technology (10,001+ employees)
We got access to Stealthwatch with our Cisco Umbrella. We went with the on-premise version of Stealthwatch and like the product. We're sending in DNS, VPC Flow logs, etc and like how it pulls that and processes it and really cleans up the noise. Currently looking to get it fully-integrated with our SIEM.
Pros
Breaks down network data into categories like Recon, exploit, etc,
Good data around usage (categorized as Data Hoarding)
Alarms broken out by TTP
Cons
There is an appliance, so you do need to set that up
Not many issues or concerns
Likelihood to Recommend
On of our use cases that we needed help with was around vulnerability data, netflow, and infrastructure logs all coming together to get anomaly detection. We are limited by what we can send to our SIEM, so seeing this do a lot of the leg work before we send it is very nice.
VU
Verified User
Engineer in Information Technology (1001-5000 employees)
