We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is the security that it provides."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is MVX, which tests all of the files that have been received in an email."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"The solution can scale."
"The installation phase was easy."
"The server appliance is good."
"The log system is a bit complex and has room for improvement."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The implementation needs assistance."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The product's licensing models are complex to understand. This particular area needs improvement."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"The world is currently shifting to AI, but FIreEye is not following suit."
"Cybersecurity posture has room for improvement."
"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"Technical packaging could be improved."
"It is very expensive, the price could be better."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 35 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Blocks traffic and DDoS attacks ". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Zabbix. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.