We just raised a $30M Series A: Read our story

Cisco Stealthwatch OverviewUNIXBusinessApplication

Cisco Stealthwatch is #3 ranked solution in top Network Detection and Response (NDR) tools and #5 ranked solution in Network Traffic Analysis tools. IT Central Station users give Cisco Stealthwatch an average rating of 8 out of 10. Cisco Stealthwatch is most commonly compared to Darktrace:Cisco Stealthwatch vs Darktrace. Cisco Stealthwatch is popular among the large enterprise segment, accounting for 71% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 36% of all views.
What is Cisco Stealthwatch?

Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.

Cisco Stealthwatch is also known as Cisco Stealthwatch Enterprise, Lancope StealthWatch.

Cisco Stealthwatch Buyer's Guide

Download the Cisco Stealthwatch Buyer's Guide including reviews and more. Updated: November 2021

Cisco Stealthwatch Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF

Cisco Stealthwatch Video

Pricing Advice

What users are saying about Cisco Stealthwatch pricing:
  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."

Cisco Stealthwatch Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JD
Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees
Real User
Top 20
Provides valuable security knowledge and helps us improve network performance

Pros and Cons

  • "It has definitely helped us improve our mean time to resolution on network issues."
  • "Many of these tools require extensive on-premises hardware to run."

What is our primary use case?

From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer.

We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network.

Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or from a performance perspective as well.

How has it helped my organization?

It has definitely helped us improve our mean time to resolution on network issues.

From a security perspective, I think they've been good as far as giving us knowledge.

I wouldn't say it's really transformed what we do. It's just another tool that gives us the information we need or helps alarms for us. But it only alarms on a handful of things. I think there are six or eight alerts that we've deemed critical.

Beyond that, it's just mostly the performance where I think it helps out. But that's like any NetFlow performance tool. Having insight into what's going across your network is critical for any huge network to function correctly.

What is most valuable?

The most valuable feature of this solution is the ability to do TAPs because we have a distributed network.

The ability to set up one tool to stream that data over to us has been helpful because that way, we don't have to have other infrastructure and be really close to where the activity is. 

The security features have been good for helping create some correlation. For example, when you tap in, what else happens from the network perspective. 

Otherwise, just the general network performance monitoring is probably the number one thing that gets used. If we're having slowness issues then it can tell us what the bandwidth and usage are. We can find things like what is using up all the bandwidth and then find out how can we break that apart or route that differently, through a different WAN connection or internet connection.

What needs improvement?

An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

For how long have I used the solution?

The company has been using Cisco Stealthwatch for a couple of years, but I have only been with the company for less than one year.

What do I think about the stability of the solution?

I have not been made aware of any stability issues with the tool. 

What do I think about the scalability of the solution?

My understanding is that it has been easy to scale, although I was not around for it. We have not had astronomical growth, but it sounds like it runs stable and there haven't been any performance issues with it.

We have 10 to 20 threat prevention engineers and network engineers of various levels who use it.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

I have not used another similar solution in the past. I think the only thing that would even come close was using Azure Advanced Threat Analytics, but that only really analyzes network traffic coming to the domain. It checks, for example, if there is sketchy network traffic hitting your domain controllers.

In my previous jobs, I used network performance tools, but nothing that was the same as StealthWatch where it combines that performance and security analysis together.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it.

Which other solutions did I evaluate?

I looked at the capabilities of SolarWinds NetFlow and realized that it can't replace our Cisco StealthWatch.

What other advice do I have?

We are using the previous version.

Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mark Lavine
Airway Transportation Service Specialist at Federal Aviation Administration
Real User
Allowed us to effectively monitor network traffic and analyze anomalies

Pros and Cons

  • "From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
  • "We determined that Stealthwatch wouldn't provide the machine learning model that we required."

What is our primary use case?

Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.

What is most valuable?

From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it. 

What needs improvement?

We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.

ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.

In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.

A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.

For how long have I used the solution?

I used Cisco Stealthwatch for a 30-day trial.

What do I think about the stability of the solution?

We didn't notice any bugs or glitches. 

What do I think about the scalability of the solution?

As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it. 

How are customer service and technical support?

We only needed to contact technical support once. They were very helpful. They walked us through everything. 

How was the initial setup?

It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.

What other advice do I have?

Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.

We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc. 

Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Cisco Stealthwatch. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.
JC
Chief Technology Officer at a tech services company with 51-200 employees
MSP
Top 20
Excellent network monitoring for anomaly detection and evaluation

Pros and Cons

  • "Great network monitoring, looking at anomaly detection and evaluation."
  • "The visualization could be improved, the GUI is not the best."

What is our primary use case?

Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco. 

How has it helped my organization?

The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.

What is most valuable?

The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch. 

What needs improvement?

The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

The solution is very stable. 

What do I think about the scalability of the solution?

This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.

How are customer service and technical support?

Technical support has been good, similar to other areas of Cisco support. 

How was the initial setup?

The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.

What other advice do I have?

If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

I rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
ML
National Offering Lead - Security Practice at a computer software company with 501-1,000 employees
MSP
Good detection capabilities but integration with Cisco ISE would improve it considerably

Pros and Cons

  • "We find that Stealthwatch can detect the unseen."
  • "It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."

What is our primary use case?

We are resellers, we provide solutions for our clients.

We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

What is most valuable?

We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

What needs improvement?

Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

The interface is an area that needs a bit more work, it's always been clunky.

For how long have I used the solution?

I have been working with Cisco Stealthwatch for approximately seven years.

What other advice do I have?

I would rate Cisco Stealthwatch a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
JB
Ingenieria at a tech services company with 11-50 employees
Real User
Good routing and switching with an easy implementation

Pros and Cons

  • "Overall, the implementation is very good."
  • "We would like the solution to make more advances in the way that Extreme Networks has been doing."

What is our primary use case?

We primarily handle the design, implementation, and support for the solution and we also manage collaboration, routing and switching, security products, et cetera.

What is most valuable?

Overall, the implementation is very good.

The solution offers good security. 

We find the solution is very good at collaborating with other solutions.

What needs improvement?

We don't really see any limitations on the product. Overall, it's been good.

We would like the solution to make more advances in the way that Extreme Networks has been doing.

For how long have I used the solution?

We've been using the solution for about two months. It hasn't been too long just yet.

How are customer service and technical support?

We can handle technical support if our clients run into any issues. It's part of the services we offer.

Which solution did I use previously and why did I switch?

We also use Extreme Networks. We find it is a bit better than Cisco. We're also partners with Fortinet.

How was the initial setup?

The implementation is very easy and straightforward. 

What about the implementation team?

We implement the solution for our clients. We're Cisco partners, and therefore can manage all kinds of deployments.

What other advice do I have?

We are a Cisco premier partner.

In general, I would rate the solution ten out of ten. We've had very good experiences so far.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JS
Senior Security Consultant at a tech services company with 51-200 employees
Real User
Easy to set up and has good stability

What is our primary use case?

My customers buy Stealthwatch for traffic analysis. 

What needs improvement?

Cisco could improve the administration for the customers.

For how long have I used the solution?

I have been selling Stealthwatch for one to two years. 

What do I think about the stability of the solution?

I haven't heard from my customers that they had any problems with stability. 

How was the initial setup?

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

What other advice do I have?

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

Which deployment model are you using for this solution?

On-premises

What is our primary use case?

My customers buy Stealthwatch for traffic analysis. 

What needs improvement?

Cisco could improve the administration for the customers.

For how long have I used the solution?

I have been selling Stealthwatch for one to two years. 

What do I think about the stability of the solution?

I haven't heard from my customers that they had any problems with stability. 

How was the initial setup?

It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal. 

What other advice do I have?

I would rate Stealthwatch a nine out of ten. To make it a ten, Cisco should offer more training. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Cisco Stealthwatch Report and get advice and tips from experienced pros sharing their opinions.