RSA NetWitness Logs and Packets (RSA SIEM) Review

Detects ransomware in our internal network and offers good protection

What is our primary use case?

Our primary use case is for the administration of the internal network.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

How was the initial setup?

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive. 

Which other solutions did I evaluate?

We also looked at IBM QRadar.

What other advice do I have?

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment