RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Hubert Luberek
Real User
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Aug 26 2019

What needs improvement?

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and… more»

What's my experience with pricing, setup cost, and licensing?

We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment.

If you previously used a different solution, which one did you use and why did you switch?

I have been using Fidelis and that works. It's all the same approach, but they only gather the metadata, not the full packet capture. If you want to compare those products together, I can safely say that RSA is much better because they… more»

What other advice do I have?

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use… more»

Which other solutions did I evaluate?

We have looked through the Cisco solution to expand more devices from Fidelis to cover more areas of our network. I also evaluated Symantec and I have seen FireEye but it's hard to even compare those products to RSA.
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
May 24 2019

What is most valuable?

The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

What needs improvement?

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have… more»

What's my experience with pricing, setup cost, and licensing?

This is a pricey solution; it's not cheap. Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

What other advice do I have?

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2019.
372,622 professionals have used our research since 2012.
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
Nov 07 2018

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We use it as a network tool to alert any anomalies on the network.

What is most valuable?

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product continues to crash. Even with tech support help, it does not resolve itself.

How is customer service and technical support?

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Mar 24 2019

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a… more»

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive.

If you previously used a different solution, which one did you use and why did you switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources.

What other advice do I have?

I would recommend this solution to somebody considering it. I would rate it a nine out of ten.

Which other solutions did I evaluate?

We also looked at IBM QRadar.
Real User
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Mar 27 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We don't have a primary use case. There are many use cases that we have defined based on business needs.

What is most valuable?

The most valuable features are its ingestion of logs  raising of alerts based on those logs.

What needs improvement?

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

What about the implementation team?

We used RSA as our consultants. Our experience with them wasn't the most productive. We also have various other consultants in to help as well. Their ability to configure this particular platform is limited because it's such a complex product. There are so many classes you need to take in order to be proficient at it. There are so few people on the planet who can do it. You…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Jan 20 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

How has it helped my organization?

The manner in which we can manage logs and information is very important for our organization. 

What is most valuable?

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

What needs improvement?

The implementation needs assistance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of this solution is good. 

What do I think about the scalability of the solution?

This solution meets our scalability needs. 

How is customer service and technical support?

The technical…

Articles

User Assessments By Topic About RSA NetWitness Logs and Packets (RSA SIEM)

Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2019.
372,622 professionals have used our research since 2012.

RSA NetWitness Logs and Packets (RSA SIEM) Questions

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about RSA, Splunk, IBM, and more!
Sign Up with Email