TrustRadius: an HG Insights company

Cisco Secure Network Analytics

Score8.8 out of 10

35 Reviews and Ratings

What is Cisco Secure Network Analytics?

Cisco Stealthwatch is a network behavior analysis product based on technology acquired by Cisco with its Lancope acquisition in 2015.

Know your risk in a matter of minutes.

Use Cases and Deployment Scope

Cisco Secure Network Analytics is used as part of the security stack we have in our organization. With this tool we are able to analyze traffic patterns, identify potential issues, and address threats before they become more than just a warning sign. Through this product we were able to see some rogue actors on the network and get them shut down before they became more of a problem.

Pros

  • Ability to quickly see and address rogue actors
  • See what type of threats are on the network in a quick manner using the dashboard
  • Provide administrative reports to leadership to assist in their decision making process
  • See network communications flows between hosts

Cons

  • Some of the jobs can be difficult to setup until you know how they were designed
  • Unless coupled with other Cisco products, you may not get all of the information you would like to have
  • If you have a network that already has many issues it may take a lot of time to see the value in the product; it would take time to weed everything which this product will detect for you to use it to find that needle in the haystack

Return on Investment

  • Once tuned and baselines established, it is far easier to identify issues on a network
  • Management is able to look at the dashboard and fairly quickly get an update on the status of how the network is performing and what threats may be out there
  • Reports can be scheduled to send on a regular basis to all involved with management of the infrastructure and the security team

Alternatives Considered

Splunk Asset and Risk Intelligence, PRTG Network Monitor, SolarWinds Kiwi Syslog Server, SolarWinds NetFlow Traffic Analyzer (NTA), SolarWinds Network Performance Monitor (NPM) and SolarWinds Network Configuration Manager (NCM)

Other Software Used

PRTG Network Monitor, SolarWinds Network Performance Monitor (NPM), Splunk Attack Analyzer

Good solution for overview of your security posture

Use Cases and Deployment Scope

Within the SOC we use Cisco Secure Network Analytics as a dashboard to check our security status

Pros

  • Dashboards are very useful

Cons

  • Integration with Splunk

Return on Investment

  • Positive as part of the complete suite (ZDR, AMP and ISE)

Alternatives Considered

Cisco XDR and Cisco Secure Network Analytics

Other Software Used

Cisco XDR, Cisco Endpoint Security Analytics, Cisco Umbrella

Cisco Secure Network Analytics Review

Use Cases and Deployment Scope

We use it for some security alerts for different bad traffic, malware, and traffic-type things. We also use it to look for what we call deprecated protocols, things that aren't supposed to be on the network. We use secure network analytics to identify traffic that's not supposed to be in use by our users and applications.

Pros

  • It's really good at mapping out like what applications are, like who's talking to what. To see if someone thinks that a particular application is only being used a certain way and we can validate what's talking to that system with the tool.

Cons

  • There are things that you can search for a particular type of traffic, but you cannot create an alert to alert on that type of traffic. An example of that is a particular encryption type. So like RC4 encryption is prohibited within DHS. I can search for traffic using it, but I can't create a rule alerting on that traffic type.

Return on Investment

  • N/A

Other Software Used

Cisco Secure Workload

Stealth watch technology is a great experience and plausible

Use Cases and Deployment Scope

Cisco

Secure Network Analytics with its Stealthwatch technology has the ability to

raise any organization’s defence by giving detailed notice of visibility while

providing security analytics. Access is provided to the organization to keep an

eye on each and every host. It records every conversation while knowing any

abnormality. It sends alerts to check the threats quickly. By using this tool,

an organization can easily increase its security and it has facilitated us in acknowledging

what is going on with the organization’s network. It is helpful for us keeping

record of Netflow data as well.

Pros

  • A silent tool.
  • A great way to get visibility of all the conversations of the network.
  • Easy to find out the internal and the external threats.
  • Easy to track performance.
  • Network monitoring is very easy to understand and control.
  • Attacks can be easily detected along with encrypted traffic.
  • Historic records of the attack and reports make it even better.

Cons

  • The price of this tool is comparatively higher than other tools in the market.
  • The configuration process should be made easier.
  • The interface is also not user-friendly at all.

Most Important Features

  • Network Monitoring.
  • Performance tracking.
  • Security.
  • History record of attacks.

Return on Investment

  • Return on investment depends upon the quality of the tool, effortless to use, security and reports [user] friendly.
  • It allows multiple customizations along with the good customer support response.
  • Cisco has made it all to make us feel like we have got our return on investment.
  • A very close to perfect tool on the internet to secure any organization.
  • No negative impact on our business so far. Although has a few flaws which I admit, still we don't have any of its downsides to measure that have any negative impact on us or on our business.

Alternatives Considered

Wireshark

Other Software Used

Avast Business Antivirus, Cisco 3504 WLAN Controller

Cisco StealthWatch - visibility and security

Pros

  • Operability with different protocols.
  • Strong visibility.
  • Integration with other Cisco Security products for complete defense.

Cons

  • More simplified implementation.
  • Deep integration with third-party security tools.
  • More simplified licensing.

Return on Investment

  • Extended and complemented our company's product portfolio.
  • Increased customer interest in our services.
  • Gave competitive possibilities with other market competitors.

Usability

Other Software Used

Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco AnyConnect, Wireshark