Recently a customer asked if we had any documentation that would be helpful in his Lancope Stealthwatch Vs Plixer Scrutinizer decision. I wanted to take this opportunity to clarify a few points. After steering the customer to our 2500% ROI white paper, sitting in on 3 conference calls, two of which were very technical and product evaluations it became clear to him where the value lies in both products.
In the attempt to win a sale, many sales professionals will point out the weakness in the competitive product and of course highlight their respective strengths. As consumers, we expect this and many of us even ask for these details. What needs to be considered when asking a vendor for specifics on the competitors product is of course – the source. I agree that it can be a good idea to ask a Mercedes sales person for example “how they compare to BMW”. Mercedes will likely point out the engineering in the steering and handling, the breaking power, the torque of the engine, the gearing in the transmission and the awards the company has won. BMW would likely do the same.
My suggestion is that you take the list that they provide and give it to the competitor. Ask them to categorically comment on or refute the list. Here’s why: sales people highlight features that are unique to their product in an attempt to persuade the customer into thinking that not only is the feature important but, that it is absolutely necessary. My advice is to consider these “only us” features carefully to determine the value they will bring to your business.
Consider the following list from Lancope who develops StealthWatch:
Lancope has turned this into a Stealthwatch Vs Scrutinizer or Solarwind comparison (I.e. Lancope Competitors). Lets consider the accuracy from Plixer’s point of view:
- Low-cost: Yes, Scrutinizer can be less expensive than Stealthwatch. Is this a bad thing? We are privately held with zero debt and don’t have to answer to any venture capital investors. Lancope is heavily venture funded and the original founders lost all significant value in the company. In fact, eventually they all left in disappointment. Our founders are still part of Plixer and they invest our money into R&D.
- Software-only: Scrutinizer is available as a hardware and virtual appliance. I believe StealthWatch has both as well. How are they any less “Software-only” than Plixer?
- Scalability: Scrutinizer can collect over 100K flows per second. StealthWatch claims up to 120K flows per second. Because we successfully collected nearly 200K NetFlow v5 flows per second in our lab tests, should we market a bigger number? We don’t for a few reasons but, we stand behind our numbers with confidence. Scrutinizer (shown below in the trend) can chug right along under very heavy sustained flow volumes. Scrutinizer can even handle micro bursts reaching into the several hundred thousand levels but, that isn’t in our marketing material either.
- Data Retention: Scrutinizer can save the raw flows for decades and provide quick access (I.e. in seconds) to any and all of it. The roll ups are stored in the following intervals: raw flows (1min), 5min, 30min, 2 hour, 12 hour, 1 day and 7 day. We don’t have many complaints on our data retention capabilities. Archiving data for regulatory compliance was clearly considered in the architecture.
- Identity Awareness: Scrutinizer leverages Cisco ISE, Microsoft Active Directory, Radius or other authentication logs combined with NetFlow or IPFIX exports to display contextual details such as username for each IP address.
- Logical workflow from problem onset to identification to resolution: So says Lancope. We market List, Identify and Select.
Here are some items that the StealthWatch sales person may not want you to know about Lancope competitors or more specifically, Scrutinizer:
- Threat Detection: Scrutinizer constantly monitors all flows for various abnormal behavior patterns.
- Notifications: Scrutinizer does not require a 3rd party add on to send email notifications. Rate triggers are also supported.
- One collector for all: Scrutinizer supports the collection for all flow versions, variants (E.g. J-Flow, etc.) and sFlow on the same collector.
- IP Host Reputation: Scrutinizer was the first flow collection solution to compare hosts to IP address reputation lists. We did it years before any other vendor.
- Flexible Filtering: Scrutinizer allows unlimited filters. You can Include this, exclude that with Boolean expressions. ANY and ALL elements exported in the template are supported. Forensic investigations absolutely require this capability.
- End-to-End visibility: Scrutinizer provides Flow Hopper for true end to end, hop by hop visibility of the flow as it traverses the network in both directions. We filed a patent for this.
- Build your own: If Scrutinizer doesn’t have the report you were looking for, you can design the report you want. The report will appear in the web interface for any device exporting the elements necessary for the report.
- Scrutinizer supports 100% of all NetFlow fields (I.e. elements) exported by Cisco and allows you to report on them today. You can report on server and client round trip time, VoIP jitter, packet loss, packet size, retransmits and URLs. All of these can now be exported in NetFlow and IPFIX and you don’t have to wait for our next version to report on them.
There is no one stop guide to your next NetFlow and IPFIX appliance. You have to start by considering your business goals, the features you need in order to address those objectives and then ask questions, call references and evaluate. It’s a tried and true approach to make sure you purchase the best solution for your company. Check out our replacement program.
All trademarks are the property of the respective vendors.
Jimmy D the Netflow Detective
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Join the NetFlow Developments group on LinkedIn.Tags: cost, Lancope Competitors, Lancope Stealthwatch Vs Plixer Scrutinizer, Scrutinizer, Stealthwatch Vs. Scrutinizer