RSA NetWitness Logs and Packets (RSA SIEM) Overview

RSA NetWitness Logs and Packets (RSA SIEM) is the #5 ranked solution in our list of top Advanced Threat Protection tools. It is most often compared to IBM QRadar: RSA NetWitness Logs and Packets (RSA SIEM) vs IBM QRadar

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

RSA NetWitness Logs and Packets (RSA SIEM) is also known as RSA Security Analytics.

RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide

Download the RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide including reviews and more. Updated: December 2020

RSA NetWitness Logs and Packets (RSA SIEM) Customers

Los Angeles World Airports, Reply

RSA NetWitness Logs and Packets (RSA SIEM) Video

Pricing Advice

What users are saying about RSA NetWitness Logs and Packets (RSA SIEM) pricing:
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "This is a pricey solution; it's not cheap."

RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RamneshDubey
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Real User
Jan 11, 2020
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time

What is our primary use case?

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.

Pros and Cons

  • "The most valuable features are the packet decoder, log decoder, and concentrator."
  • "Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware…
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
Top 5
Aug 26, 2019
Provides accurate information, quick analysis from the endpoint perspective, and quick identification of any potential malware

What is our primary use case?

We use the on-premise deployment model of this solution. Our primary use case of this solution is for malware detection and for reconstruction during the incident and forensic analysis.

Pros and Cons

  • "It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
  • "They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

What other advice do I have?

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
455,108 professionals have used our research since 2012.
VishalGilatar
IT Security Head with 1,001-5,000 employees
Real User
Top 5Leaderboard
Jan 20, 2020
Has a simple dashboard and you can develop connectors for any application, but it is difficult to set up

What is our primary use case?

The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

Pros and Cons

  • "The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
  • "The initial setup is very complex and should be simplified."

What other advice do I have?

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
Real User
May 24, 2019
Good features for investigating network problems but it is pricey and lacking in usability

What is our primary use case?

We are no longer using this solution, however, it was used mostly for network monitoring.

Pros and Cons

  • "The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
  • "The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

What other advice do I have?

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
reviewer1372137
IT and Cybersecurity Professional at a financial services firm
Real User
Jun 24, 2020
Easy to deploy with powerful threat prediction and network forensics capabilities

What is our primary use case?

Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.

Pros and Cons

  • "The most valuable features are the threat prediction and network forensics."
  • "Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

What other advice do I have?

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.
reviewer1308300
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
Top 10
Mar 22, 2020
Good performance, reporting, and log archiving capability

What is our primary use case?

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years. We are also using it to facilitate monitoring and research.

Pros and Cons

  • "Performance and reporting are very good."
  • "The user interface is a little bit difficult for new users and it needs to be improved."

What other advice do I have?

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.
AdrianMache
RSA Specialist at a computer software company with 1,001-5,000 employees
Real User
Top 5
Feb 4, 2020
A user-friendly solution that integrates well with our system

What is our primary use case?

Our customers are enterprise-level businesses.

Pros and Cons

  • "The most valuable features are the integration and ease of use."
  • "The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

What other advice do I have?

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our…
reviewer1442106
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
Real User
Oct 31, 2020
Good packet inspection and automated incident response, but it needs to be more customizable

What is our primary use case?

We are using this solution for security.

Pros and Cons

  • "The most valuable features are the packet inspection and the automated incident response."
  • "More customizability is required, which is something that they need to improve on."

What other advice do I have?

RSA is something that I can recommend. I would rate this solution a six out of ten.
See 5 more RSA NetWitness Logs and Packets (RSA SIEM) Reviews
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.