We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Performance and reporting are very good."
"The product's initial setup phase was not at all difficult."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"The UI is very good."
"Very intuitive and easy to set up."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"The solution is very scalable in terms of the licensing model."
"The alerting to drive investigations and remediation has been its most valuable feature."
"InsightIDR helps us investigate an environment to discover information about incidents."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"An area for improvement would be better automation and more inbuilt use cases."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The implementation needs assistance."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Its technical support could be better."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"I feel it would greatly benefit from more supported log sources."
"Lacks a mobile application."
"The ability to tune the collector for custom logs would greatly help."
"They should add more configuration and security features to it."
"The main problem lies in the processes within the client's operating systems."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 9th in Security Information and Event Management (SIEM) with 30 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.