Cisco Secure Network Analytics (formerly Stealthwatch) At-a-Glance

At a Glance

Available Languages

Download Options

  • PDF
    (188.3 KB)
    View with Adobe Reader on a variety of devices
Updated:July 1, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (188.3 KB)
    View with Adobe Reader on a variety of devices
Updated:July 1, 2021


Have you been compromised? How would you know?

You have already invested heavily in the IT infrastructure and security for your organization. Yet, attacks are getting through and hostile internal actors operate with impunity. Moreover, it takes months or even years to detect threats¹.This lack of threat visibility is a function of growing network complexity as well as constantly evolving attacks. And security teams, with their limited resources and disjointed tools, can only do so much. How do you know if your current security controls are working, managed, and configured properly? And how do you know these tools are doing the job that you need them to do?

Graphical user interfaceDescription automatically generated with medium confidence


Know every host. See every conversation. Understand what is normal. Be alerted to change. Respond to threats quickly.

      Continuously monitor and detect advanced threats that have either bypassed existing security controls or originate from within

      Focus on critical incidents, rather than noise with contextual, high-fidelity alarms prioritized by threat severity

      Respond quickly and effectively with complete knowledge of threat activity, network audit trails for forensic investigations, and integrations with existing security controls

      Scale security with growing business needs whether you are adding a new branch or a data center, moving workloads to the cloud, or simply adding more devices

      Ensure compliance with policy violation alarms that can be tuned to the business logic

      Integrated security ecosystem that eliminates complexity and makes security simpler with SecureX, Cisco’s built-in security platform

The solution: Network + Security

Network packet metadata can provide useful insights about who is connecting to the organization and what they are up to. Everything touches the network, so these insights can extend from the HQ to the branch, public cloud and private data centers, roaming users, and even Internet of Things (IoT). Analyzing this data can help detect threats that may have found a way to bypass your existing controls before they are able to have a major impact. It can also detect questionable behavior undertaken by hostile insiders. And, importantly, properly functioning analytics can lessen the burden on your security team and provide them with more opportunity to concentrate on high probability threats. This approach to advanced threat detection is:

Related image, diagram or screenshot

Gain confidence in your security effectiveness

Cisco Secure Network Analytics (formerly Stealthwatch) provides enterprise-wide visibility, from the private network to the public cloud to detect and respond to threats in real-time. It continuously analyses network activities and creates a baseline of normal network behavior and then uses this baseline, along with advanced machine learning algorithms, to detect anomalies. However, not everything weird is malicious and Secure Network Analytics can quickly and with high confidence correlate anomalies to threats such as C&C attacks, ransomware, DDoS attacks, illicit cryptomining, unknown malware, as well as insider threats.

With a single, agentless solution, you get comprehensive threat monitoring across the data center, branch, endpoint and cloud, regardless of the presence of network encryption.

Related image, diagram or screenshot

Contextual network-wide visibility

Cisco Secure Network Analytics provides agentless enterprise-wide visibility, across on-premises, as well as in all private and public cloud environments. With knowledge of who is on the network and what they are doing, it also helps organizations to implement smarter segmentation customized to the business logic. And it provides actionable intelligence enriched with context such as user, device, location, time-stamp, application, etc.

Additionally, by leveraging other Cisco Secure offerings, Secure Network Analytics now also offers expanded visibility and enhanced context beyond the parameters of both the traditional on-premises network, as well as public and private cloud network environments. This extended visibility and additional context can be attained by collecting data from integrated Cisco Secure solutions such as endpoint record telemetry data from the AnyConnect Network Visibility Module which enables users to capture a wide range of additional granular, endpoint-specific user and device context, or Cisco Firewall logs from Cisco’s Security Analytics and Logging offering to extend visibility to the network perimeter.

Users can also gain additional visibility and context through appliances like the Cisco Telemetry Broker, which is capable of brokering, filtering, and transforming data such as AWS VPC Flow Logs into IPFIX records and other Secure Network Analytics-compatible data formats, as well as through capabilities such as encrypted traffic analytics, a revolutionary technology that can analyze encrypted traffic without any decryption to effectively extend visibility into encrypted web traffic.

Continuous threat analytics

Cisco Secure Network Analytics uses a pipeline of analytical techniques to detect advanced threats before they can turn into a breach. Using network behavior analysis, it can pinpoint anomalies, which are further analyzed using a combination of supervised and unsupervised machine learning for high-fidelity threat detection. This allows your security team to focus on the most critical threats. The analytics engine is also powered by the industry-leading Cisco Talos threat intelligence, that has the most up-to-date information for local-to-global threat correlation.

Automated detection and response

The combination of this context-driven enterprise-wide visibility and the application of advanced analytical techniques helps organizations to detect threats like unknown or encrypted malware, insider threats, policy violations, anything that “hits the wire”.

Security teams can see alarms that are prioritized by threat severity, and have additional information to take actions easily. Cisco Secure Network Analytics also has the capability to store telemetry at scale, and provides network audit trails for forensic investigations into past events and for compliance monitoring.

Finally, it integrates with your existing security controls in order to respond to the threat, without any business shutdown. Cisco Secure Network Analytics also integrates with the Cisco SecureX platform to unify visibility, simplify threat response and enable automation across every threat vector and access point.

Remote Worker Monitoring

Secure Network Analytics has made endpoint Network Visibility Module (NVM) data a primary telemetry source. This has enabled organizations to gain full and continuous visibility into mobile remote worker endpoint activity, regardless of whether a user is using a single VPN session to work, optimizing their remote work experience using split tunneling or if they are disconnected from VPN entirely. This bolsters organizations’ security postures through visibility into activities that they were previously blind to such employees who are running older operating system versions with vulnerabilities that need patching, are engaged data hoarding and/or data exfiltration, and more.

Group Based Policy Reporting

Users can leverage Cisco Secure Network Analytics’ integration with the Cisco Identity Services Engine to accelerate their group-based policy adoption efforts by generating group-based policy reports that provide new ways to visualize group communications. Group-based policy reports enable users to effortlessly visualize, analyze, and drill down into any inter-group communication, validate the efficacy of policies, adopt the right policies based on their environment’s needs, and streamline their policy violation investigations via insights into relevant flows and associated IPs.

Graphical user interface, text, application, chat or text messageDescription automatically generated

Next Steps

To learn more, visit or sign up for a free 2-week visibility assessment here

To view buying options and speak with a Cisco sales representative, visit:




Learn more