We performed a comparison between NetWitness Platform and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard that allows me to view all the incidents is the most valuable feature."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Free ingestion for Azure logs (with E5 licence)"
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable features are the threat prediction and network forensics."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"It's quite economical compared to other solutions in the market."
"Performance and reporting are very good."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable features are the packet inspection and the automated incident response."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"The most valuable features include predefined use cases and threatening states."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We are invoiced according to the amount of data generated within each log."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The AI capabilities must be improved."
"We have encountered issues with unresolved crashes."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Technical support could be improved."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"More customizability is required, which is something that they need to improve on."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"It should have more cloud connectors. It could also be cheaper."
"Integrations could be improved, and the dashboard could be a little better."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. NetWitness Platform is rated 7.4, while Trellix Helix is rated 8.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and USM Anywhere. See our NetWitness Platform vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.