We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's quite economical compared to other solutions in the market."
"The most valuable feature is the hunting ability to work in a CERT."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the integration and ease of use."
"The solution is really scalable for the high-end power, enterprise customer."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"McAfee as a whole is a good solution."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"Trellix ESM is very user-friendly."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The user interface is a little bit difficult for new users and it needs to be improved."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"There should be support for multitenancy in the product."
"I would like to see good analytics in future releases."
"The solution needs to improve case management. The UI is confusing."
"The support from McAfee ESM could improve. They could improve the speed."
"Tech support is required each time there is a system update of the solution."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The initial setup is difficult and could improve."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Trellix Helix. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.