We performed a comparison between NetWitness Platform and Symantec Advanced Threat Protection based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."NetWitness can be highly beneficial for incident detection and response."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the threat prediction and network forensics."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"It's quite economical compared to other solutions in the market."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Symantec Endpoint Protection provides end-to-end protection. Along with antivirus protection, it has a lot of key areas, including intrusive prevention, firewall features, and application and device control."
"The most valuable feature is NetFlow threat protection."
"Real-time threat analysis is quick and takes action on threats immediately."
"Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied."
"You don't have to buy a separate email security platform. You can enable that using their endpoint, and I like that. You don't have to have two agents running on the same box."
"What I like most about Symantec Advanced Threat Protection is its notification capability."
"The great advantage in using this product is it creates multiple services."
"Endpoint to network protects the line."
"The solution should have more integration capabilities with different platforms."
"We have encountered issues with unresolved crashes."
"Health monitoring of the event sources and devices."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Technical support could be improved."
"The tool's integration capability isn't so great."
"It is not so easy to customize this product."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The security features need to be improved."
"Scalability could be better."
"Entire threat protection is not available for the advanced features."
"The support has dropped down to a five out of ten."
"It also needs network-based threat protection for shared folders and files."
"There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed."
"Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly."
"The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others."
More Symantec Advanced Threat Protection Pricing and Cost Advice →
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Symantec Advanced Threat Protection is ranked 18th in Advanced Threat Protection (ATP) with 14 reviews. NetWitness Platform is rated 7.4, while Symantec Advanced Threat Protection is rated 7.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Symantec Advanced Threat Protection writes "Provides end-to-end antivirus protection and has good stability ". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and Cisco Secure Network Analytics, whereas Symantec Advanced Threat Protection is most compared with Palo Alto Networks WildFire, Microsoft Defender for Office 365, Trellix Network Detection and Response, Check Point SandBlast Network and Fortinet FortiSandbox. See our NetWitness Platform vs. Symantec Advanced Threat Protection report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.