Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.
N/A
Trend Micro Deep Discovery
Score 10.0 out of 10
N/A
Trend Micro Deep Discovery is a family of advanced threat protection products that enables users to detect, analyze, and respond to today’s stealthy, targeted attacks. Deep Discovery blends specialized detection engines, custom sandboxing, and global threat intelligence from the Trend Micro Smart Protection Network, boasting a high detection rate against attacks that are invisible to standard security products. Deployed individually or as an integrated solution, Deep Discovery works with Trend…
Cisco Secure Network Analytics is a compulsion to any organization looking to secure their network in silence with a complete record and analysis of the threats. All the critical information of the client is also preserved for instance and assistance for future needs. Cyber-attacks can’t even think to roam about your network in any case.
If you are using TrendMicro IMSVA then [Deep Discovery Email Inspector] is a must-have add-on. This is the most comprehensive email security protection you will need. However, if you want next-gen email security like reactive security like where the email is deleted from the user inboxes once the analysis determines that the email is phishing after it is delivered. Then this is not what you are looking for.
It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.
Cisco Secure Network Analytics is a fantastic tool, but does require some setup and upkeep which may turn off smaller IT Security teams. However, once all the flows are set up and the product is functioning with the proper rules, the insight into your network is fantastic. For us, the product has a significant ROI and will be a product we keep up on.
Strong and complete tool which gives comprehensive methods to discover cyber security incidents and prevent data leakage. In case of common use of Cisco StealthWatch and Cisco ISE, you will receive [the] ability [to] not just discover cyber security incidents but also dynamically respond to them. This makes StealthWatch one of most valuable products through[out] [the] whole Cisco Security product portfolio.
We haven't had too many issues with the uptime and availability of CSNA, but the application does have a lot of dependancies and we have seen issues after an upgrade that caused an outage for several hours.
Overall winner because it exceeds our expectations by answering all our requirements and at the same time empowers our operations thru other built-in capabilities it has. Visibility is a key to security operations and Cisco StealthWatch really gives us a magnifying glass to check all logs in the network for threat intelligence and threat hunting.
Implementation of the product can be tedious, especially fine tuning its rules to customize it to your environment. However, after that is done, CSNA is a very useful and flexible product that would enhance the security posture of any corporate network.
While other platforms such as Nagios and Solarwinds NTA provide visibility of the traffic, it either (*) does not provide API/programmatic way to pull the data to other platforms or (*) does not interface with secondary security systems to report on malicious traffic activity. Ultimately, these platforms accomplish the visibility, but do little else in the overall IT/security ecosystem of product, making them "dead end" data flow products where data goes in but does not share elsewhere.
When you use Trend Micro Deep Discovery, it feels like you are running the SOC team of a company like Trend Micro in your own office. Other companies can also provide this, but the feeling it gives feels like they are providing service by phone from a distant city.
Once tuned and baselines established, it is far easier to identify issues on a network
Management is able to look at the dashboard and fairly quickly get an update on the status of how the network is performing and what threats may be out there
Reports can be scheduled to send on a regular basis to all involved with management of the infrastructure and the security team