Network visibility and security analytics

Cisco Stealthwatch goes beyond conventional threat detection and harnesses the power of NetFlow. With it, you get advanced network visibility, analytics, and protection. You see everything happening across your network and data center. And you can uncover attacks that bypass the perimeter and infiltrate your internal environment.

Cisco Stealthwatch in 2 Minutes

Cisco Stealthwatch in 2 Minutes

Get visibility and security intelligence across the extended enterprise.

Cisco Stealthwatch Learning Network License

Cisco Stealthwatch Learning Network License

Embed security anomaly detection into the network element, using machine learning for incident response and device level mitigation.

Features and Capabilities

Stealthwatch provides visibility and security intelligence across the extended enterprise and the entire attack continuum. That means before, during, and after an attack.

It also continuously monitors the network interior, where sophisticated attackers often lurk undetected.

Stealthwatch helps with:

  • Real-time threat detection
  • Incident response and forensics
  • Network segmentation
  • Network performance and capacity planning
  • Regulatory compliance

Extended Network Visibility

Stealthwatch ingests and conducts proprietary analytics on NetFlow data from the network infrastructure. It uncovers critical details on network traffic, including:

  • Source and destination IP addresses
  • Volumes of traffic being transmitted
  • User, device, and application data

You gain in-depth insight into everything going on across the network and can quickly baseline normal behavior. It's then much easier to pinpoint when something looks suspicious. Add-on capabilities like the Proxy License and Cloud License provide more layers of visibility and context.

Advanced Analytics and Threat Detection

Using NetFlow and advanced security analytics, Stealthwatch automatically detects anomalous network and user behaviors. It can identify malware, distributed denial-of-service (DDoS) attacks, advanced persistent threats (APTs), and insider threats. It monitors both north-south and east-west (lateral) movements to detect the widest range of attacks.

Accelerated Incident Response

Stealthwatch does more than improve real-time threat detection. It turns NetFlow and other types of network data into actionable intelligence to speed incident response. Network and security troubleshooting time is often reduced from days or months to just minutes.

Faster, More Accurate Forensic Investigations

Stealthwatch's ability to store network data for months or even years provides an invaluable historical audit trail of all network activity. This capability makes Stealthwatch essential for conducting faster, more precise post-incident forensic investigations.

Improved Network Segmentation, Operations, and Compliance

Stealthwatch works in tandem with the Cisco Identity Services Engine and Cisco TrustSec technology. With it, you can identify and appropriately segment critical network assets, as well as monitor usage policies, to improve access control and protection. With Stealthwatch, you can also dramatically streamline your network operations, performance, capacity planning, and regulatory compliance.

Comprehensive Services

Cisco provides a comprehensive range of services to help make the most of your Stealthwatch investment, including services for:

Specifications at a glance

  • Collects NetFlow inherent in Cisco and other types of networking devices
  • Supports up to 6 million flows per second (fps)
  • Conducts flow stitching and deduplication to eliminate redundant flows
  • Delivers application, identity, device, virtual, proxy, and other context
  • Stores terabytes of data long term for advanced forensics
  • Works as an integral part of the Cisco Network as a Sensor and Enforcer initiative with Cisco ISE and Cisco TrustSec technology
  • Components available as physical or virtual appliances
CODiE Award Winner

CODiE Award Winner

Stealthwatch is the 2016 CODiE winner for best network security solution.

Enhanced incident response

Our incident response team discusses the power of Stealthwatch. (4:26 min)

Use your network as a sensor

Use your network as a sensor

Detect suspicious traffic, policy violations, and compromised devices.

Additional Resources

Let Us Help