RSA NetWitness Endpoint Review

Good detection rate and tracking features but triaging of incidents needs improvement


What is our primary use case?

We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.

What is most valuable?

The detection rate and tracking features including historical tracking, tracking of the fires on the desk, and tracking of the file last monitored are all quite valuable for us.

What needs improvement?

The contamination feature could be improved.

For how long have I used the solution?

I've been using the solution for six years now.

What do I think about the stability of the solution?

The stability of the solution is good. I'd rate it seven out of ten overall. We've had minor technical issues.

What do I think about the scalability of the solution?

The solution is highly scalable. Users just need to install the agent on the products. Right now, we have about 1,000 users. We use the solution daily.

How are customer service and technical support?

We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.

Which solution did I use previously and why did I switch?

We didn't previously use another solution.

How was the initial setup?

The initial setup was pretty straightforward. We didn't run into any issues. I can't recall how long it took to deploy.

What about the implementation team?

We had a professional service assist us with the initial setup.

What other advice do I have?

We use the on-premises deployment model.

The contamination should be improved. If a new user needs better contamination capabilities, they should use something else.

I'd rate the solution seven out of ten. If it offered better triaging of incidents, I'd rate it higher.

Which version of this solution are you currently using?

4.1.8
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about RSA, Carbon Black, CrowdStrike and others in Endpoint Protection (EPP) for Business. Updated: May 2021.
510,882 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest