RSA NetWitness Network Review

A stable solution that captures traffic with detailed communication logs


What is our primary use case?

We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.

What is most valuable?

The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.

What needs improvement?

When analyzing something, you have to click several times. It requires a lot of effort to find something. The sole purpose of NetWitness is to find text easily, so this is an area that needs to be improved.

The scalability needs improvement, but I think that it is technically difficult.

This is a complex tool to use.

In the next release, if they could include a detection feature or improve the detection then I would like it better.

For how long have I used the solution?

I have been working with this solution for about one year.

What do I think about the stability of the solution?

This solution is very stable.

What do I think about the scalability of the solution?

It does not scale. It's one network segment that captures all of the traffic, so it's not scalable at all.

We have six analysts who use this product, with maybe only three or four people in our company.

How are customer service and technical support?

For support, we contact our reseller.

How was the initial setup?

The initial setup is not complex, it was easy.

We deployed everything on port mirroring.

What about the implementation team?

I set up this solution by myself.

What other advice do I have?

Architects love to use this tool, but the analysis is very complex, which is the point of NetWitness Network.

It's not the best, but it's good. The analytics is probably a ten but because it is complex, but overall, I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest