Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.
N/A
Splunk Enterprise
Score 8.5 out of 10
N/A
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
N/A
Pricing
Cisco Secure Network Analytics
Splunk Enterprise
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Secure Network Analytics
Splunk Enterprise
Free Trial
No
Yes
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Cisco Secure Network Analytics
Splunk Enterprise
Features
Cisco Secure Network Analytics
Splunk Enterprise
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Cisco Secure Network Analytics
-
Ratings
Splunk Enterprise
7.1
Ratings
9% below category average
Centralized event and log data collection
00 Ratings
9.00 Ratings
Correlation
00 Ratings
9.00 Ratings
Event and log normalization/management
00 Ratings
9.40 Ratings
Deployment flexibility
00 Ratings
7.00 Ratings
Integration with Identity and Access Management Tools
Cisco Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your network in any case.
Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.
It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
Splunk Enterprise has plenty of storage space for security logs and can search and correlate suspicious activities up to 30+ days back. Splunk Enterprise can integrate with a ticketing system to track threats and correlate with IoC between security events. Splunk Enterprise can provide reports of account lockouts. Splunk Enterprise can consolidate multiple security alerts into one entry with a number showing how many events occurred.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.
The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. Ultimately, these platforms accomplish the visibility, but do little else in the overall IT/security ecosystem of product, making them "dead end" data flow products where data goes in but does not share elsewhere.
A lot of products have natively inside their own dashboards and or their own logging repositories. And each one is difficult to learn or they're too complex or they're not verbose in the sense that they're not easy to mine the data that you're looking for. So that could be anything from the native logging that you find in other Cisco products. It's easier to use Splunk to draw the data that you're looking for as opposed to going to the individual's products themselves to get the logs that you're looking for.
Once tuned and baselines established, it is far easier to identify issues on a network
Management is able to look at the dashboard and fairly quickly get an update on the status of how the network is performing and what threats may be out there
Reports can be scheduled to send on a regular basis to all involved with management of the infrastructure and the security team
Splunk has allowed developers to diagnose production issues when access of control was taken away from them to be allowed to view items in production environments and I believe that is invaluable.
At times some developers weren't super happy about using it, but it was more of the fact that they were used to having production access and not creating their splunk queries to get information.
Going one place to view logs was very beneficial to have.
