We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the threat prediction and network forensics."
"The most valuable features are the integration and ease of use."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Offers a good wireless feature."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"McAfee as a whole is a good solution."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"I like the ease of deployment."
"The solution's technical support is great."
"It is easy to use."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"We have encountered issues with unresolved crashes."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The tool's integration capability isn't so great."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"It is not so easy to customize this product."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The user interface could be more user-friendly."
"The product's stability is an area of concern where improvements are required."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"Customized reports and alerting functionality could be included in the dashboard."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Trellix Helix. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.