We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"NetWitness can be highly beneficial for incident detection and response."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Their technical support responds quickly and are knowledgable."
"The product is very easy to configure."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."
"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."
"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."
"The most valuable feature is the view into the application."
"The most valuable feature is MVX, which tests all of the files that have been received in an email."
"It is not so easy to customize this product."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"More customizability is required, which is something that they need to improve on."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The solution should have more integration capabilities with different platforms."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."
"The product's integration capabilities are an area of concern where improvements are required."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"Cybersecurity posture has room for improvement."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"Management of the appliance could be greatly improved."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 18th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 37 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Fortinet FortiGate, Zscaler Internet Access and Symantec Advanced Threat Protection. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.