RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
May 24 2019

What is most valuable?

The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

What needs improvement?

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have… more»

What's my experience with pricing, setup cost, and licensing?

This is a pricey solution; it's not cheap. Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

What other advice do I have?

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
Elias Lefate Tebele
Consultant
ACD - Level 3 Analyst at a tech services company with 10,001+ employees
Aug 28 2017

What is most valuable?

* Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs. * Broker service: Aggregate multiple concentrator devices deployed in various… more»

How has it helped my organization?

Reliable in terms of no data loss. Plays a huge role in device health checks (Event Source Monitor). Provides FSEs relevant information prior to end user problem solutions… more»

What needs improvement?

Advance monitoring and alerting feature is not stable (Event Stream Analysis). Does not allow certain use cases running parallel. The reporting module: If only their… more»

What's my experience with pricing, setup cost, and licensing?

RSA licensing ranges per core devices and services. An additional Designated Support Engineer can be acquired at quite a pricy cost. They are reliable as your system and… more»

If you previously used a different solution, which one did you use and why did you switch?

None in production other than RSA. However, I will be using IBM QRadar towards the end of this year.

What other advice do I have?

Either operating this solution in-house or reselling. First, outline all your data sources. Give more priority to the assets you want to protect. Event source type and… more»

Which other solutions did I evaluate?

Our partnership with RSA was already in place. No room for evaluation. Top SIEM tools such as HP Arcsight, McAfee ESM, and IBM QRadar.
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2019.
353,599 professionals have used our research since 2012.
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
Nov 07 2018

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We use it as a network tool to alert any anomalies on the network.

What is most valuable?

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product continues to crash. Even with tech support help, it does not resolve itself.

How is customer service and technical support?

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Mar 24 2019

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a… more»

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive.

If you previously used a different solution, which one did you use and why did you switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources.

What other advice do I have?

I would recommend this solution to somebody considering it. I would rate it a nine out of ten.

Which other solutions did I evaluate?

We also looked at IBM QRadar.
Real User
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Mar 27 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We don't have a primary use case. There are many use cases that we have defined based on business needs.

What is most valuable?

The most valuable features are its ingestion of logs  raising of alerts based on those logs.

What needs improvement?

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

What about the implementation team?

We used RSA as our consultants. Our experience with them wasn't the most productive. We also have various other consultants in to help as well. Their ability to configure this particular platform is limited because it's such a complex product. There are so many classes you need to take in order to be proficient at it. There are so few people on the planet who can do it. You…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Jan 20 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

How has it helped my organization?

The manner in which we can manage logs and information is very important for our organization. 

What is most valuable?

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

What needs improvement?

The implementation needs assistance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of this solution is good. 

What do I think about the scalability of the solution?

This solution meets our scalability needs. 

How is customer service and technical support?

The technical…

Articles

User Assessments By Topic About RSA NetWitness Logs and Packets (RSA SIEM)

Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2019.
353,599 professionals have used our research since 2012.

RSA NetWitness Logs and Packets (RSA SIEM) Questions

RSA NetWitness Logs and Packets (RSA SIEM) Projects By Members

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about RSA, Splunk, IBM, and more!
Sign Up with Email