What is our primary use case?
I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.
We are also using it to facilitate monitoring and research.
What is most valuable?
Performance and reporting are very good.
What needs improvement?
The user interface is a little bit difficult for new users and it needs to be improved.
It takes a lot of time to register when compared to other solutions.
For how long have I used the solution?
I have been using this solution for about one year, although it has been in the company for a couple of years.
What do I think about the stability of the solution?
We did have some issues before our upgrade from version 10.6., although they were not major. Since the upgrade, I have noticed that some of these things have gotten better.
I would say that this is a stable solution, although there are some minor issues that need to be settled. Currently, they are being investigated.
What do I think about the scalability of the solution?
We have never had issues with scalability. We can reduce the usage as per our requirement and we increased our capacity in 2019. We are planning to further increase, either this year or next year. Scalability overall is quite easy.
How are customer service and technical support?
When we started finding problems, we got in touch with technical support and opened tickets. They worked with us to resolve them. I would rate them good, although not great. At times, I felt that they were being really short with me.
How was the initial setup?
I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.
What about the implementation team?
The deployment was done by my manager a couple of years ago.
What other advice do I have?
My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there.
I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?