We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"NetWitness can be highly beneficial for incident detection and response."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Offers a good wireless feature."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The product’s most valuable feature is log monitoring."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"Trellix ESM is very user-friendly."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"The most valuable feature is the correlation rules."
"Its technical support could be better."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Health monitoring of the event sources and devices."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"I would like to see good analytics in future releases."
"Product currently requires Flash."
"The support from McAfee ESM could improve. They could improve the speed."
"The solution needs to improve case management. The UI is confusing."
"We cannot add new data sources to the most recent version."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Trellix Helix. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.