SNA for Security and Visibility
May 01, 2023

SNA for Security and Visibility

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review

Overall Satisfaction with Cisco Secure Network Analytics

While many network behavioral detection systems exist on the market, many companies choose to install the agent on the endpoint. By using the Secure Network Analytics (SNA), *all* traffic is inspected as it passes through the infrastructure. SNA provides 2 major benefits to Enterprise Networks. First, all traffic is inspected, so anomalies to this traffic or unauthorized communication patterns can be detected and reported on. This detection can be tied into additional security products such as Cisco ISE to remove noncompliant endpoints from the network. Secondly, as all traffic is funneling through SNA, this can be used for numerous reporting and analytics. As an example, you can view how much traffic an endpoint generates or receives, what destinations are visited and if they are within the business objectives, and force compliance beyond just that of installing endpoint agents.

Pros

  • Network Traffic Pattern
  • Traffic Behavior Detection
  • API Integration

Cons

  • User Interface
  • Pre-Canned Data Reports
  • User Input for Machine Learning Models
  • SNA assists in man-hours in security forensics
  • SNA provides data around traffic pattern and business intents
  • SNA licensing and software does have a higher price point than competitors
  • Integration with other security tools provides automated reporting
  • SolarWinds NetFlow Traffic Analyzer (NTA)
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. Ultimately, these platforms accomplish the visibility, but do little else in the overall IT/security ecosystem of product, making them "dead end" data flow products where data goes in but does not share elsewhere.

Do you think Cisco Secure Network Analytics delivers good value for the price?

Yes

Are you happy with Cisco Secure Network Analytics's feature set?

Yes

Did Cisco Secure Network Analytics live up to sales and marketing promises?

Yes

Did implementation of Cisco Secure Network Analytics go as expected?

Yes

Would you buy Cisco Secure Network Analytics again?

Yes

Cisco Identity Services Engine (ISE), Nessus, Cisco DNA Center
Few products operate off the Netflow or RAP/SPAN traffic versus the endpoint. Of those products, many operate from the aggregate traffic of uplinks/downlinks, whereas Secure Network Analytics focuses on viewing all traffic to give per-endpoint comprehensive data analytics. SNA is a great product for network visibility and detection, and to preserve that focus, other options such as remediation or quarantined are deferred to other products in the security ecosystem. SNA uses Machine Learning models to determine traffic behavioral compliance, which is a double-edged sword. On one hand, it mitigates zero day attacks changing traffic patterns, but conversely, it requires training to know acceptable traffic patterns. Unfortunately, many adopters of SNA do not spend the time giving it the user input and so the ML models never gets the correct weights and parameters to work from.

Comments

More Reviews of Cisco Secure Network Analytics