RSA NetWitness Logs and Packets (RSA SIEM) Review

Overly complex and requires an army of people to keep it going

What is our primary use case?

We don't have a primary use case. There are many use cases that we have defined based on business needs.

What is most valuable?

The most valuable features are its

  • ingestion of logs 
  • raising of alerts based on those logs.

What needs improvement?

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

What about the implementation team?

We used RSA as our consultants. Our experience with them wasn't the most productive. We also have various other consultants in to help as well. Their ability to configure this particular platform is limited because it's such a complex product. There are so many classes you need to take in order to be proficient at it. There are so few people on the planet who can do it. You need an army of people to keep this thing going.

What other advice do I have?

It's supposed to help our security program maturity. Has it? I think that's another question.

I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email