Cisco StealthWatch Reviews

8 Ratings
<a href='' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (1-5 of 5)

Companies can't remove reviews or game the system. Here's why.
Oleksandr Tsapenko | TrustRadius Reviewer
November 19, 2020

Cisco StealthWatch - visibility and security

Score 8 out of 10
Vetted Review
Review Source
The business problem which StealthWatch solves is visibility of the network traffic. Analyzing of flow (whether it is NetFlow or sFlow or IPfix) is very handy when it comes to troubleshooting, but StealthWatch extends usability of flow protocol beyond network operations. It gives possibility to use flow protocols data in cyber security domain to discover cyber security incidents by analyzing of network traffic behavior anomalies.
  • Operability with different protocols.
  • Strong visibility.
  • Integration with other Cisco Security products for complete defense.
  • More simplified implementation.
  • Deep integration with third-party security tools.
  • More simplified licensing.
Cisco StealthWatch is well suited when you need to deal with big amounts of traffic. For example, big enterprises, data centers, [and] banks. [In] other words, it does a good job in cases when you have a lot of users with different access levels from different departments and maybe in different regions. So you need to have a clear vision of what [is] happening in your network right now.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
When talk[ing] about StealthWatch support I can share my high marks for its wide integration options which expan day to day. Also need to admit that Cisco TAC [has] always be[en] trusted and showed high levesl of proficiency. This statement [is] also applicable regarding support of Cisco StealthWatch. In view of all the above, StealthWatch deserves high marks.
Read Oleksandr Tsapenko's full review
Ericson Aragoza | TrustRadius Reviewer
August 24, 2020

Cisco StealthWatch: An expensive must have

Score 9 out of 10
Vetted Review
Verified User
Review Source
This is used in the whole organization, which consists of multiple offices amongst several regions from EMEA, APAC, & CONUS. We highly rely on Cisco StealthWatch to identify and track what is going on in our corporate network and prevent possible breaches as well as remedy existing ones, if any.
  • Allows us to know what is exactly happening in our network (real-time & historical)
  • Allows us to identify "normal" traffic against others/Netflow
  • Allows us to easily track traffic flow
  • As with new technologies, learning curves are a given. On this one, there is a slight curve before you fully grasp it.
  • User interface can be improved to better user experience.
I would suggest performing an initial deep-dive and analysis of the current state of your network and workflow in terms of maintenance, deployment, and management. If it takes quite an amount of effort for a single person or a team, for an extended period of time, then I would highly recommend taking a look at and perhaps deploying Cisco StealthWatch as it will solve all of the items above.
We had an amazing experience with assistance during the deployment and hand-over phase to operations. They were very informative and provided proper guidance so that we can further develop on our own.

The downside is of course the monetary requirement, but it was very well worth it. It will allow the administrators, users, and support members to fully utilize the functionalities and tailor them to the day to day workflow and needs.
Read Ericson Aragoza's full review
John Patrick Duro | TrustRadius Reviewer
August 20, 2020

My Cisco StealthWatch Review

Score 7 out of 10
Vetted Review
Verified User
Review Source
Cisco StealthWatch is primarily used by my organization for security incident response, forensic, monitoring, analysis, and even for our threat hunting. It provides us centralized knowledge in our Security Operations field. It is being used across the whole organization. It addresses the following business problems that we have:
1. Regulatory requirements.
2. Simplifies network security, analysis, and monitoring.
3. Less reconfiguration to existing deployments or assets.
  • Management Consoles - they are simple, easy to understand, centralized, organized, and have complete visibility and control.
  • Encrypted Traffic Analytics (ETA) - golden functionality that provides us more visibility without the need to decrypt traffic.
  • Extended data - longer data retention that is very helpful to our scalability issues.
  • Expensive - it is a given fact especially for Cisco services.
  • Flow Sensor - it is very hard and complex to set up; receiving a lot of noise or false positives.
  • Flow Maps - same with flow sensor in terms of negative concerns.
We used Cisco StealthWatch for threat intelligence, threat mapping, threat hunting, information security analysis, monitoring, and compliance. Our security operations teams mainly used it for incident response, forensic and root cause analysis. Also, it is very useful for insider threats, zero day vulnerabilities and malware, encrypted malicious malware, and behavioral analysis too.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Read John Patrick Duro's full review
Anonymous | TrustRadius Reviewer
February 21, 2019

Watch that flow go!

Score 7 out of 10
Vetted Review
Verified User
Review Source
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is going through our network devices and allows us to provide this information to other departments in a much easier and digestible way than before. We have used it to help other departments in their decision making and analytics.
  • StealthWatch is very good at capturing NetFlow.
  • Stealthwatch is very good at presenting NetFlow data in easy to understands graphs and charts.
  • StealthWatch makes reporting on traffic much easier.
  • The StealthWatch interface is clunky and broken into 2 parts, both an HTML console and a JAVA console. This causes issues as one is completely different than the other.
  • Licenses are eaten up very quickly and can be pricey.
  • Upgrading StealthWatch is more tedious and time consuming than it should be.
I think a larger company that needs NetFlow data and has someone who can dedicate some time into learning the inner workings of StealthWatch could take advantage of all that StealWatch has to offer, but the suite itself may be too much to swallow for smaller staffed companies or companies that don't need this kind of visibility into network traffic.
Read this authenticated review
Matt Frederickson | TrustRadius Reviewer
January 16, 2018

Can You Answer Two Simple Questions - What's on Your Network and Is It Normal?

Score 10 out of 10
Vetted Review
Verified User
Review Source
We used this across the organization - 18 buildings spread across 72 square miles. It was used to identify and track Netflow data. It was originally purchased to answer two questions - what is happening on my network, and is it normal. Installation originally required two appliances, but by my third upgrade everything was 100% virtual.
  • Stellar at grabbing Netflow data - and really, really good at differentiating types of traffic.
  • Excellent at knowing which traffic was flowing from what endpoints - and then using some tie-ins to gather data about the endpoints.
  • Used this mostly for historic (what happened when) but also used it a few times for real-time analysis, looking for bandwidth hogs and help for troubleshooting issues.
  • Highly recommend as a forensic tool - doesn't do full packet capture, but for everything else it's awesome.
  • There is a slight learning curve with the UI - this could use some improvement. Once you learn though, it is not an obstacle.
  • Would like them to add a log correlation engine - that could tie into log files - but then it would be a SIEM.
If you can't answer two questions - I mentioned them before - about your network, then you really are not in a good place from a cyber security or even customer service standpoint. Regardless if your networking is outsourced to a vendor, you need some type of check and balance - and you NEED to know what's going on.

I was able to use this product to detect a botnet on our network - and using the details, and the ability to tie in other software, pivot from the endpoint (in Stealthwatch) to another program which allowed me to completely remediate the botnet before it spread.
Read Matt Frederickson's full review

About Cisco StealthWatch

The vendor states users can outsmart emerging threats in a digital business with machine learning and behavioral modeling, and know who is on the network and what they are doing using telemetry from the network infrastructure. Additionally, they say users can detect advanced threats and respond to them quickly, protect critical data with smarter network segmentation, and do it all with an agentless solution that grows with the business.

Cisco StealthWatch Downloadables

Cisco StealthWatch Competitors

Cisco StealthWatch Technical Details

Operating Systems: Unspecified
Mobile Application:No