We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The product's initial setup phase was not at all difficult."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Offers a good wireless feature."
"The most valuable feature is the security that it provides."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"I like the ease of deployment."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"This solution integrates easily and very well with other technologies."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The product’s most valuable feature is log monitoring."
"The solution's technical support is great."
"I would like to see more AI used in processes."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"Security needs improvement."
"Technical support could be improved."
"There's no software support from McAfee."
"Customized reports and alerting functionality could be included in the dashboard."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"The support from McAfee ESM could improve. They could improve the speed."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.