RSA NetWitness Logs and Packets (RSA SIEM) Review

Detects ransomware in our internal network and offers good protection


What is our primary use case?

Our primary use case is for the administration of the internal network.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

How was the initial setup?

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive. 

Which other solutions did I evaluate?

We also looked at IBM QRadar.

What other advice do I have?

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Which version of this solution are you currently using?

10.6.0
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More RSA NetWitness Logs and Packets (RSA SIEM) reviews from users
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,249 professionals have used our research since 2012.
Add a Comment
Guest