We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The main benefit is the ease of integration."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the threat prediction and network forensics."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Offers a good wireless feature."
"Their technical support responds quickly and are knowledgable."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the integration and ease of use."
"Trellix ESM is very user-friendly."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The product’s most valuable feature is log monitoring."
"McAfee as a whole is a good solution."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"Compared to other solutions, the user interface is good."
"I would like to see more AI used in processes."
"We are invoiced according to the amount of data generated within each log."
"I think the number one area of improvement for Sentinel would be the cost."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"It is not so easy to customize this product."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"An area for improvement would be better automation and more inbuilt use cases."
"We have encountered issues with unresolved crashes."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The solution needs to improve case management. The UI is confusing."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"There should be support for multitenancy in the product."
"I would like to see fingerprint recognition included in the next release of this solution."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"We cannot add new data sources to the most recent version."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.