We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the hunting ability to work in a CERT."
"NetWitness can be highly beneficial for incident detection and response."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The newer 11.5 version that my team is using has found it to have good mapping."
"Their technical support responds quickly and are knowledgable."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"The most valuable feature is the view into the application."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."
"The installation phase was easy."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"Technical support could be improved."
"It is not so easy to customize this product."
"Its technical support could be better."
"The implementation needs assistance."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The log system is a bit complex and has room for improvement."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Technical packaging could be improved."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."
"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."
"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."
"Cybersecurity posture has room for improvement."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"We'd like the potential for better scaling."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 37 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Zabbix. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.