Solved: Re: Is Cisco Stealthwatch separate from Cisco AMP?

UncleJP · ‎05-13-2020

Is Cisco Stealthwatch separate from Cisco AMP? Or, is it just another part of Cisco AMP, like WSA and ESA?

Any input is appreciated.

Rob Ingram · ‎05-13-2020

Hi,
Stealthwatch is separate from AMP, it provides visibility and network traffic analysis.
Stealthwatch is not another part of AMP like ESA or WSA.

HTH

View solution in original post

Rob Ingram · ‎05-13-2020

Hi,
Stealthwatch is separate from AMP, it provides visibility and network traffic analysis.
Stealthwatch is not another part of AMP like ESA or WSA.

HTH

bcoverstone · ‎03-21-2021

I think where this might be confusing is AMP for Networks instead of AMP for Endpoints.

The brochure information for AMP for Networks seems identical to Stealthwatch, so it's really confusing.

(Cisco renamed Stealthwatch, so I'm probably calling it the wrong thing)

Marvin Rhoads · ‎03-22-2021

AMP for Networks and AMP for Endpoints ("Cisco Secure Endpoint") both use components of Threatgrid in the backend to perform analysis or previously unseen files. They can only act on what they see passing through the firewall (mostly in plain text) or being acted upon by the endpoint.

Stealthwatch ("Cisco Secure Analytics") is a network detection and response solution that uses sensor information (primarily Netflow) to monitor and analyze the network comprehensively. It uses a much more advanced set of machine learning and artificial intelligence capabilities to draw inferences about behavior and threats based on analysis of that information. (And of course it's "reassuringly expensive" to account for that.)