My Cisco StealthWatch Review
August 20, 2020

My Cisco StealthWatch Review

John Patrick Duro | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco StealthWatch

Cisco StealthWatch is primarily used by my organization for security incident response, forensic, monitoring, analysis, and even for our threat hunting. It provides us centralized knowledge in our Security Operations field. It is being used across the whole organization. It addresses the following business problems that we have:
1. Regulatory requirements.
2. Simplifies network security, analysis, and monitoring.
3. Less reconfiguration to existing deployments or assets.
  • Management Consoles - they are simple, easy to understand, centralized, organized, and have complete visibility and control.
  • Encrypted Traffic Analytics (ETA) - golden functionality that provides us more visibility without the need to decrypt traffic.
  • Extended data - longer data retention that is very helpful to our scalability issues.
  • Expensive - it is a given fact especially for Cisco services.
  • Flow Sensor - it is very hard and complex to set up; receiving a lot of noise or false positives.
  • Flow Maps - same with flow sensor in terms of negative concerns.
  • ROI - it has good ROI in terms of functionalities and after-sales support.
  • Management - it is easy to handle and understand, it has all the functionalities to control the administrative tasks.
  • Available resources online from Cisco and vendors and good testimonials, too, from partners and existing customers.
Cisco has advantages in terms of the following:
1. Encrypted Traffic Analytics provides visibility and control to traffic without the need to decrypt it.
2. Threat detection that collects proxy records and associates them with flow records, delivering the user application, and URL details. This is very handy in identifying well-hidden threats and anomalous behavior.
Competitors that I have tried do not have the above items and that made us decide on Cisco StealthWatch.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.

Do you think Cisco Secure Network Analytics (Stealthwatch) delivers good value for the price?

Yes

Are you happy with Cisco Secure Network Analytics (Stealthwatch)'s feature set?

Yes

Did Cisco Secure Network Analytics (Stealthwatch) live up to sales and marketing promises?

Yes

Did implementation of Cisco Secure Network Analytics (Stealthwatch) go as expected?

Yes

Would you buy Cisco Secure Network Analytics (Stealthwatch) again?

Yes

We used Cisco StealthWatch for threat intelligence, threat mapping, threat hunting, information security analysis, monitoring, and compliance. Our security operations teams mainly used it for incident response, forensic and root cause analysis. Also, it is very useful for insider threats, zero day vulnerabilities and malware, encrypted malicious malware, and behavioral analysis too.