Watch that flow go!
Updated July 05, 2022
Watch that flow go!
Technician in Information TechnologyHospital & Health Care Company, 1001-5000 employees
Score 7 out of 10
Overall Satisfaction with Cisco Secure Network Analytics (Stealthwatch)
StealthWatch is currently being used to analyze NetFlow in our organization. This gives us important insight into what kinds of traffic is going through our network devices and allows us to provide this information to other departments in a much easier and digestible way than before. We have used it to help other departments in their decision making and analytics.
- StealthWatch is very good at capturing NetFlow.
- Stealthwatch is very good at presenting NetFlow data in easy to understands graphs and charts.
- StealthWatch makes reporting on traffic much easier.
- The StealthWatch interface is clunky and broken into 2 parts, both an HTML console and a JAVA console. This causes issues as one is completely different than the other.
- Licenses are eaten up very quickly and can be pricey.
- Upgrading StealthWatch is more tedious and time consuming than it should be.
- StealthWatch helps other departments make decisions quickly based on NetFlow data.
- StealthWatch can bring a lot of reporting to the table that can be used to advance project necessities and prove data necessities to management.
I think a larger company that needs NetFlow data and has someone who can dedicate some time into learning the inner workings of StealthWatch could take advantage of all that StealWatch has to offer, but the suite itself may be too much to swallow for smaller staffed companies or companies that don't need this kind of visibility into network traffic.
Resilience and Reliability
Cisco Secure Network Analytics can definitely provide more visibility into your network environment, allowing you to monitor East-West traffic as well as North-South traffic. This can be essential for a NOC or your I.T Security team and well worth the investment in setting up the netflows across your environment in order to get the most out of this product.
Leaders need to realize that we are long past the point where just an egress firewall is enough to maintain a good security posture. Corporations need to monitor the traffic both coming into their network and the traffic traversing inside of their network. Products like this allow a lot more visibility into your network that is not availability with just a firewall or syslog.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
CSNA integrates very well with other Cisco products and has some API options, but I have not integrated it much beyond that point so I can't attest to how it would integrate with 3rd party products.