Cisco Secure Network Analytics Reviews and Ratings

Use Cases and Deployment Scope

Cisco Secure Network Analytics is used as part of the security stack we have in our organization. With this tool we are able to analyze traffic patterns, identify potential issues, and address threats before they become more than just a warning sign. Through this product we were able to see some rogue actors on the network and get them shut down before they became more of a problem.

Likelihood to Recommend

We were experiencing an issue with a specific computer on our network. With the platform we were able to define what other hosts the particular computer was talking to so we could gain a better understanding of what the issue may have been. In this case it was an unpatched machine that needed to have some remediation done to remove the malware. Once this was done, we noticed a dramatic improvement in the performance of the computer and felt better about our investment in the product. Until you get into a situation where the tool is working for you, it may be something you start to second guess on.

Use Cases and Deployment Scope

Within the SOC we use Cisco Secure Network Analytics as a dashboard to check our security status

Likelihood to Recommend

Dashboards for the management

Use Cases and Deployment Scope

We use it for some security alerts for different bad traffic, malware, and traffic-type things. We also use it to look for what we call deprecated protocols, things that aren't supposed to be on the network. We use secure network analytics to identify traffic that's not supposed to be in use by our users and applications.

Likelihood to Recommend

We have a large enterprise that we monitor with it and it fits well there. It might be a little on the more complex size for smaller networks, but that's how we use it.

Use Cases and Deployment Scope

This one is the best in informing about the threat in an existing network. This has been easy to control the damage before it happens and helped our customers to maintain the uptime of the services. Easy to use tool and early understanding of graphical user interface. Earlier, we were using a different tool, which was heavy and synchronization time was also very high due to which most of the time threats used to occur, and we get the alert after that resulting in the customer escalation.

For Instance, we had faced a DDOS attack on one of our networks where gigs of traffic were thrown towards the customer network. We were using the Cisco Secure Network Analytics tool which carried all the requests in front of the customer network and immediately floated the security breach alarm to all configured stakeholders.

All Security teams gathered within 10 min of the alarm and found the traffic from China. Although there was no harm to customers and production was kept ongoing.

Later on, all other security steps were taken to resolve this. This proved the tool to be very helpful to avoid downtime and data breaches.

Likelihood to Recommend

Well Suited - There was a DDoS attack once in the customer network and this tool picked that threat and informed all the respective stakeholders on time. This has resulted in timely action on that threat resulting in no downtime or security issues for the customer.

Not Appropriate- Except the need for some presentation changes, making it lightweight, I did not see any such cons which could make it non-appropriate.

Use Cases and Deployment Scope

While many network behavioral detection systems exist on the market, many companies choose to install the agent on the endpoint. By using the Secure Network Analytics (SNA), *all* traffic is inspected as it passes through the infrastructure. SNA provides 2 major benefits to Enterprise Networks. First, all traffic is inspected, so anomalies to this traffic or unauthorized communication patterns can be detected and reported on. This detection can be tied into additional security products such as Cisco ISE to remove noncompliant endpoints from the network. Secondly, as all traffic is funneling through SNA, this can be used for numerous reporting and analytics. As an example, you can view how much traffic an endpoint generates or receives, what destinations are visited and if they are within the business objectives, and force compliance beyond just that of installing endpoint agents.

Likelihood to Recommend

Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.

Use Cases and Deployment Scope

Cisco Secure Network Analytics allows you to see everything on your network, whether it is wired or wireless. This is truly critical in security and it helps see what devices are doing, especially the ones that you cannot install an agent on. With its strong integrations we are able to provide a complete picture of what a device is and what it is doing on the network.

Likelihood to Recommend

I feel Cisco Secure Network Analytics should be used in every organization. The detection of anomalies and malicious actors is phenomenal. Being able to confidently talk to your manager and auditors about what is happening on your network is huge. Although if you cannot get reliable NetFlow from your network infrastructure this may not be the best tool for you.

Use Cases and Deployment Scope

Cisco

Secure Network Analytics with its Stealthwatch technology has the ability to

raise any organization’s defence by giving detailed notice of visibility while

providing security analytics. Access is provided to the organization to keep an

eye on each and every host. It records every conversation while knowing any

abnormality. It sends alerts to check the threats quickly. By using this tool,

an organization can easily increase its security and it has facilitated us in acknowledging

what is going on with the organization’s network. It is helpful for us keeping

record of Netflow data as well.

Likelihood to Recommend

Cisco

Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your

network in any case.

Use Cases and Deployment Scope

Cisco Secure Network Analytics (Stealthwatch) is being used as a monitoring tool for IT--specifically by IT security to be alerted when Cisco Secure Network Analytics (Stealthwatch) "thinks" things should be checked. It checks for nefarious events or events that are not normal to the normal workplace environment. Cisco Secure Network Analytics (Stealthwatch) has been setup to watch for anomalies on the network and then to alert IT. It was originally installed to quell an audit report that found a deficiency in our IT security and to help prevent new issues and to also possibly help discover where they may have originated on the network.

Likelihood to Recommend

Overall it's a great product that will help any IT experts see deeper into their network--specifically large networks that have thousands of users and traffic crossing around the globe. There could be need in a smaller network but it's probably not worth the cost. Cisco Secure Network Analytics (Stealthwatch) is another tool that is expensive but has a lot of configurability. Someone needs to be specifically responsible not just for keeping Cisco Secure Network Analytics (Stealthwatch) up to date but for following all the leads and rabbit holes it creates.

Use Cases and Deployment Scope

We got access to Stealthwatch with our Cisco Umbrella. We went with the on-premise version of Stealthwatch and like the product. We're sending in DNS, VPC Flow logs, etc and like how it pulls that and processes it and really cleans up the noise. Currently looking to get it fully-integrated with our SIEM.

Likelihood to Recommend

On of our use cases that we needed help with was around vulnerability data, netflow, and infrastructure logs all coming together to get anomaly detection. We are limited by what we can send to our SIEM, so seeing this do a lot of the leg work before we send it is very nice.

Use Cases and Deployment Scope

The business problem which StealthWatch solves is visibility of the network traffic. Analyzing of flow (whether it is NetFlow or sFlow or IPfix) is very handy when it comes to troubleshooting, but StealthWatch extends usability of flow protocol beyond network operations. It gives possibility to use flow protocols data in cyber security domain to discover cyber security incidents by analyzing of network traffic behavior anomalies.

Likelihood to Recommend

Cisco StealthWatch is well suited when you need to deal with big amounts of traffic. For example, big enterprises, data centers, [and] banks. [In] other words, it does a good job in cases when you have a lot of users with different access levels from different departments and maybe in different regions. So you need to have a clear vision of what [is] happening in your network right now.