We performed a comparison between NetWitness Platform, RiskIQ Illuminate, and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"Incident management is its most valuable feature."
"The most valuable feature is the security that it provides."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"It's quite economical compared to other solutions in the market."
"Offers a good wireless feature."
"The solution is stable with 12 years of established historical data."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."
"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."
"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
"Very functional and good for detecting malicious traffic."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"More customizability is required, which is something that they need to improve on."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Its technical support could be better."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"We have encountered issues with unresolved crashes."
"Technical support could be improved."
"A low-cost service to evaluate the risk score of a supply chain would be very helpful."
"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"Cybersecurity posture has room for improvement."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"It is an expensive solution."
"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."
"The product's integration capabilities are an area of concern where improvements are required."
More Trellix Network Detection and Response Pricing and Cost Advice →
Earn 20 points