Overall, it is easy to implement.

The solution's initial setup takes work. We have to organize multiple paths and many features.

The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities. 

If one goes the intelligent route, installation should take at least four to five hours. 

The deployment takes around two weeks to complete. Fine-tuning takes a longer time. I rate the initial setup a six out of ten.

Implementation is quite easy, and it takes about a week to deploy the solution. On a scale from one to five, with one being the worst and five being the best, I would give the setup process a four.

The initial setup is not straightforward because of all the integrations required. It needs the aggregate data, data concentrator, defense, correlation roots, and more. 

I rate the initial setup a five out of ten since the solution had to be implemented twice. It took more than half a year to deploy the solution. Some of the processes were set up with the first implementation very fast. However, the implementation was insufficient to use the solution with all the needed coverage. All the customizations and integrations can take a few months, and it's a long process.

The steps taken to deploy NetWitness Platform are like with any other product. We had to plan whether it was a low-level or high-level design. We had to see the scope of work for implementation, including all the integration processes and data connections.

Using the software is straightforward, but configuring it is complex. To achieve the best results, we need to set up the log system. We have an RSA team to integrate the log system with the SIEM.

The initial setup of RSA NetWitness Logs and Packets is not complicated, it is easy for us. However, there are some sizing limitations.

Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports.

The complexity of the deployment depends on the amount and type of log sources. Are there any custom home-grown log sources for which you need to create the custom parsers? How many different logs or log lines in a home grown application? These factors might make your parser development a bit cumbersome.

The product's initial setup phase was not at all difficult. The tool's upgrades and moving from old hardware to new hardware are difficult and time-consuming. If you have any hardware failures, as per the RMA offered by the tool, it takes a very long time to get some after-service. The product has not been working well in my region recently.

The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk. They are much easier to set up. It also depends on the client's infrastructure. It just needs some time and understanding to be deployed. 

Once it is deployed it requires maintenance. Whenever you work on such products, if you do not take the support or support services, it might take some time to work through some things. For some things, the documentation is not the best. Support is always recommended. If you do not buy support, it can be a disaster. 

The initial setup is complex. It requires some knowledge in order to set it up.

If one is the most difficult and ten is the easiest, I would rate it a three out of ten. It's quite complex.

Initially, we need to prepare the hardware boxes, whether they are physical or virtual or offered as a service. This involves imaging them with the appropriate functions for the module. Then, for network packet capture, the mirror ports must be connected to the packet capture box. Regarding logs, the configuration process involves making NetWitness boxes communicate with each other through the appropriate protocols and ports.

Following this, the next step involves configuring the log sources to send logs to the log box. This process requires the appropriate rules to be configured to initiate log transmission and generate metadata by appropriate parsers on NetWitness. After the setup, the focus shifts to building correlation rules, alerts, and other monitoring activities. These rules and alerts are crucial components for effective monitoring.

The deployment process can vary based on the specific environment and requirements, but typically it takes about one to two weeks to complete.

Maintaining the solution doesn't require a large number of resources. Typically, one or two capable resources are sufficient to maintain the solution effectively.

It's important to continuously monitor and ensure the health and proper functioning of the solution. This involves regularly checking the log sources to ensure that the logs are being ingested correctly and there are no issues such as overutilization or spikes in network traffic.

The installation is somewhat straightforward. For example, if they want a UBA or SOAR type of platform, then I don't have experience in integrating or installing the SOAR or UPA. If that kind of opportunity comes or a customer requests it, then we have to see. As it is now, RSA NetWitness Logs and Packets (RSA SIEM) installation is straightforward.

It is easy to deploy the appliance. Anyone can mount and configure it. There is a simple, pre-built OS that they just need to mount in the VM infrastructure, and that is clearly mentioned in the documentation. It will take two or three days to deploy, at most.

The challenge comes with trying to integrate with third-party application servers. 

The initial setup isn't much of a challenge and can be completed in under twelve hours.

The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

The initial set up was not very complex. The problem is with the use cases. You need to be very careful to not become overwhelmed with unnecessary data. You need to very carefully decide what should be filtered, what you need to be taken from the network or from the logs. You need to decide whether you need YouTube traffic at all, for example, because it consumes storage. It's a huge amount of data and that data is useless. It is not relevant to malicious activity and if you want to fully get the picture of the user activity or the motor activity you can have with data without Facebook, for example.

The initial setup is good, and it is not complex.

The length of time it takes to deploy depends on the type and size of the organization. It takes two to three days to implement this solution, including all of the installation and configuration. Once the company provides the requirements then we implement as per the organizational policy. 

The initial setup is straightforward. I am also coding so it is easy for me to adapt.

The initial setup is not complex, and more on the simple side. Our deployment took almost five months in total.

The initial setup is very complex. It requires having knowledge of what components do and which go where. An example is knowing which component will fetch data and where it goes. This is very difficult for somebody new and a person should have a minimum of one to two years of work experience.

Our deployment of the two solutions and having them work simultaneously took between four and five months.

I was not part of the initial setup, but I can tell you that managing the system, in general, is not straightforward. It is quite elusive and very confusing, even after calls to technical support.

The initial setup was straightforward, not at all complex.

There are approximately 1,400 devices that are integrated into RSA in my organization. While I was not a part of the integration, from my knowledge, it would take a week.

I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.

I was never involved in setting up the solution with any of my employers. I get to learn the architecture and see the environment once it's complete.

I've not been involved in initial setup, but I've seen upgrades. I think it's quite straightforward.

It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

I was not involved in the initial setup of this solution. 

It was very hard to implement. After implementation, we found e had to revise everything. With help of support, we eventually managed to stabilize it. But, it took a full year to do so.