We just raised a $30M Series A: Read our story
AdrianMache
RSA Specialist at a computer software company with 1,001-5,000 employees
Real User
Top 5
A user-friendly solution that integrates well with our system

Pros and Cons

  • "The most valuable features are the integration and ease of use."
  • "The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

What is our primary use case?

 Our customers are enterprise-level businesses.

What is most valuable?

The most valuable features are the integration and ease of use. It is a pretty simple platform that can integrate very well with our system.

What needs improvement?

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people.

I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches. 

For how long have I used the solution?

We began using RSA NetWitness Logs and Packets not long ago.

What do I think about the stability of the solution?

This is a very stable product.

How are customer service and technical support?

I have not been in contact with technical support.

I would say that RSA University is fair and square. It is a bit tricky because they have changed the learning platform and I had trouble enrolling in courses. I needed to contact Dell EMC support, which is the same support for RSA, and they assigned the courses to me in one or two hours. In the end, I was very satisfied. It is a bit expensive but the companies are paying for it.

How was the initial setup?

The initial setup is straightforward. I am also coding so it is easy for me to adapt.

What other advice do I have?

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use.

The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone.

I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation.

Overall, this is a good solution with suitable features and it very well fits our needs.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Rahul Patel
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Great wireless feature, provides many automatic rules that are very helpful

Pros and Cons

  • "Offers a good wireless feature."
  • "Technical support could be improved."

What is our primary use case?

The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in. 

What is most valuable?

The wireless feature is good, it tells you when to check a spot, which file it has used to encrypt, whether it is spreading and how many hosts have been infected. It's about data analysis. Looking at the network logs, it's difficult to figure out where the problem is coming from and where it's going, but those kinds of features help me a lot. The solution provides lots of automatic rules which is helpful. Technically speaking, this is a good product. 

What needs improvement?

I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's very costly. 

What do I think about the stability of the solution?

This is a stable product. 

What do I think about the scalability of the solution?

We're using the solution extensively in our shipping business so it is scalable. We probably have seven or eight users and the solution is in use 24/7. 

How are customer service and technical support?

Getting technical support takes time, they get a lot of calls and we generally only get a response the following day. Cisco is better with technical support. 

How was the initial setup?

The initial setup is not straightforward because of all the integrations required. It needs the aggregate data, data concentrator, defense, correlation roots, and more. 

What's my experience with pricing, setup cost, and licensing?

It would help if they could provide the malware analytics in the core package as that would make the cost more reasonable. Licensing is paid annually and I believe the cost is somewhere between 12,000 - 15,000 Pounds per year. It's very high. 

What other advice do I have?

I would recommend this solution. 

I rate this solution a nine out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,586 professionals have used our research since 2012.
AR
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Good packet inspection and automated incident response, but it needs to be more customizable

Pros and Cons

  • "The most valuable features are the packet inspection and the automated incident response."
  • "More customizability is required, which is something that they need to improve on."

What is our primary use case?

We are using this solution for security.

What is most valuable?

The most valuable features are the packet inspection and the automated incident response.

What needs improvement?

More customizability is required, which is something that they need to improve on.

When it comes to starting a log event, there are not many options available. It is very limited.

The log and event correlation need improvement.

The threat detection capability should be enhanced.

For how long have I used the solution?

I have been using this solution for one month.

What do I think about the stability of the solution?

We are using it on a daily basis and, so far, it has been stable.

What do I think about the scalability of the solution?

We have approximately 6000 employees, which means that we have 6000 endpoints that this product is working with. It is easy to scale it up to production.

How are customer service and technical support?

We have not had to contact technical support.

Which solution did I use previously and why did I switch?

In this company, they did not use a similar solution prior to this one. Personally, I used Splunk in my previous organization. Definitely, I prefer to use Splunk because there is more functionality, visibility, and options. You can do whatever you want with Splunk.

How was the initial setup?

The initial setup is not complex, and more on the simple side. Our deployment took almost five months in total.

What about the implementation team?

We had assistance from an integrator and the vendor for our deployment.

We have administrators in the company who take care of administration and maintenance. The vendor was only needed for the implementation.

What other advice do I have?

RSA is something that I can recommend.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MT
Security Engineer/Architect at Telecom Italia
Real User
Top 5
Offers good security, integrates well, and they have good technical support

Pros and Cons

  • "The most valuable feature is the security that it provides."
  • "It is not so easy to customize this product."

What is our primary use case?

We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

What is most valuable?

The most valuable feature is the security that it provides.

The log-related capabilities are good.

It integrates well with other risk-assessment tools.

What needs improvement?

It is not so easy to customize this product.

This product would be improved with the addition of machine learning functionality.

For how long have I used the solution?

I have been working with this product for perhaps eight years.

What do I think about the stability of the solution?

Stability is not a problem with NetWitness.

What do I think about the scalability of the solution?

We have not heard any complaints about scalability. This is generally for enterprise-level companies.

How are customer service and technical support?

The technical support is good and our customers are satisfied with it.

Which solution did I use previously and why did I switch?

We use McAfee for internal purposes.

How was the initial setup?

The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

What other advice do I have?

They have just introduced an orchestration tool, although I don't know how it works yet.

Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PR
Analyst at Microland Limited
Real User
Top 20
Easy to set up with good UEBA functionality

Pros and Cons

  • "What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
  • "Security needs improvement."

What is our primary use case?

The primary use case of this solution is for security.

We use the UEBA tool.

What is most valuable?

What we are mainly using are the RSA Concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.

What needs improvement?

Security needs improvement.

We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack.

There is no SIEM tool in the world that can provide 100% security.

For how long have I used the solution?

I have been using this solution for five months.

What do I think about the stability of the solution?

Stability has not been an issue with this product.

What do I think about the scalability of the solution?

It's a scalable solution.

How was the initial setup?

The initial setup was straightforward, not at all complex.

There are approximately 1,400 devices that are integrated into RSA in my organization. While I was not a part of the integration, from my knowledge, it would take a week.

Which other solutions did I evaluate?

We have looked at similar systems and find that the architecture is somewhat different, yet the functionality is similar.

What other advice do I have?

This is a product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.