RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:Reset all filters
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
RamneshDubey
Real User
Senior Cyber Security Specialist at HCL Technologies
Jan 11 2020

What is most valuable?

The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that… more»

What needs improvement?

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to… more»

What's my experience with pricing, setup cost, and licensing?

Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.

Which solution did I use previously and why did I switch?

We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro Focus ArcSight. The QRadar setup gave us no issues, and it also works with logs and packets. LogRhythm fulfills the GDPR compliance.

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM… more»
Hubert Luberek
Real User
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Aug 26 2019

What needs improvement?

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and… more»

What's my experience with pricing, setup cost, and licensing?

We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment.

Which solution did I use previously and why did I switch?

I have been using Fidelis and that works. It's all the same approach, but they only gather the metadata, not the full packet capture. If you want to compare those products together, I can safely say that RSA is much better because they… more»

What other advice do I have?

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use… more»

Which other solutions did I evaluate?

We have looked through the Cisco solution to expand more devices from Fidelis to cover more areas of our network. I also evaluated Symantec and I have seen FireEye but it's hard to even compare those products to RSA.
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: February 2020.
399,540 professionals have used our research since 2012.
Real User
IT Security Head with 1,001-5,000 employees
Jan 20 2020

What is most valuable?

The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it. With some other solutions, creating custom connectors is very costly. The dashboard is very… more»

What needs improvement?

The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall.

Which solution did I use previously and why did I switch?

We tried to implement Paladion but we were not about to complete our PoC because of problems.

What other advice do I have?

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they… more»

Which other solutions did I evaluate?

We did not evaluate other options.
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
May 24 2019

What is most valuable?

The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

What needs improvement?

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have… more»

What's my experience with pricing, setup cost, and licensing?

This is a pricey solution; it's not cheap. Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

What other advice do I have?

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
AdrianMache
Real User
RSA Specialist at a software R&D company with 1,001-5,000 employees
Feb 04 2020

What is most valuable?

The most valuable features are the integration and ease of use. It is a pretty simple platform that can integrate very well with our system.

What needs improvement?

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when… more»

What other advice do I have?

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first… more»
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
Nov 07 2018

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We use it as a network tool to alert any anomalies on the network.

What is most valuable?

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product continues to crash. Even with tech support help, it does not resolve itself.

How are customer service and technical support?

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Mar 24 2019

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a… more»

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive.

Which solution did I use previously and why did I switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources.

What other advice do I have?

I would recommend this solution to somebody considering it. I would rate it a nine out of ten.

Which other solutions did I evaluate?

We also looked at IBM QRadar.
Real User
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Mar 27 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We don't have a primary use case. There are many use cases that we have defined based on business needs.

What is most valuable?

The most valuable features are its ingestion of logs  raising of alerts based on those logs.

What needs improvement?

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

What about the implementation team?

We used RSA as our consultants. Our experience with them wasn't the most productive. We also have various other consultants in to help as well. Their ability to configure this particular platform is limited because it's such a complex product. There are so many classes you need to take in order to be proficient at it. There are so few people on the planet who can do it. You…
See 1 More RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Articles

User Assessments By Topic About RSA NetWitness Logs and Packets (RSA SIEM)

Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: February 2020.
399,540 professionals have used our research since 2012.

RSA NetWitness Logs and Packets (RSA SIEM) Questions

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about RSA, Splunk, IBM, and more!