RSA NetWitness Endpoint Review

Enables us to detect any malware and analyze it before it can impact and do harm to our business

What is our primary use case?

We've been using this solution for three years now for endpoint detection and response.

How has it helped my organization?

This solution allows us to detect any threat in the form of malware that sabotages the organization's database. Now we can pick that malware and we analyze them before they can impact and do harm to our business.

What is most valuable?

This solution comes with the packages, which is the endpoint and detection response. So the reason why I like RSA NetWitness Suite is that, compared to IBM Curator, it offers endpoint detection and response. When we used other solutions, we had to solve it from another vendor and sometimes integration became a problem. It makes it easier to review. 

What needs improvement?

At the moment the solution is working perfectly. I would, however, like to see an improvement in the interface. The only challenge that I see is when you access it through the VPN, you can't always use the interface because it's slow to respond. When you're on-site, however, it works perfectly. 

I also think that they should adopt multiple identifications in the long run, as well as a web-based graphical interface for the data. 

What do I think about the stability of the solution?

Our customers are so happy about the fact that they now have visibility over all the threats that are coming in after getting endpoint. The solution is extremely stable.

What do I think about the scalability of the solution?

This solution is very scalable. I am currently working on it with clients and I have also deployed it for more than 1,500 users. I would say that, when the solution is deployed for 1,500 people, you need we are about three technical consultants.

How are customer service and technical support?

Technical support usually takes place through RSA directly. I'm a gold member of RSA so when I need support, they give me 100% support through their portal.

How was the initial setup?

The initial setup was straightforward and deployment took me about a week. It all depends on the number of assets that you deploy. For example, when talking about endpoint searching for RSA, it works better compared to other endpoint detection solutions. You can use this solution on Linux, on MacBook, and on Windows.

What's my experience with pricing, setup cost, and licensing?

Licensing will depend on the number of assets. It is a very cheap solution. Their licensing is dependent on the contract, for example, if the contract is for three years, the license will be perpetual. If you plan to use it for one year only, they will give you annual licensing. Compared to other vendors it is very affordable.

What other advice do I have?

My advice would be to go for it! It's a good solution and you will always have visibility over suspicious compromisers. It's an interesting solution that is very easy to deploy and you won't know there is this endpoint solution in your environment until someone tells you so. I rate this solution a ten out of ten.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment