RSA NetWitness Logs and Packets (RSA SIEM) Reviews

RSA NetWitness Logs and Packets (RSA SIEM) is the #5 ranked solution of our top Advanced Threat Protection tools. It's rated 3.6 out of 5 stars, and is most commonly compared to IBM QRadar - RSA NetWitness Logs and Packets (RSA SIEM) vs IBM QRadar

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RamneshDubey
Real User
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Jan 11 2020

What is most valuable?

The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that… more »

What needs improvement?

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to… more »

What's my experience with pricing, setup cost, and licensing?

Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.

Which solution did I use previously and why did I switch?

We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro Focus ArcSight. The QRadar setup gave us no issues, and it also works with logs and packets. LogRhythm fulfills the GDPR compliance.

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM… more »
Hubert Luberek
Real User
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Aug 26 2019

What needs improvement?

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and… more »

What's my experience with pricing, setup cost, and licensing?

We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment.

Which solution did I use previously and why did I switch?

I have been using Fidelis and that works. It's all the same approach, but they only gather the metadata, not the full packet capture. If you want to compare those products together, I can safely say that RSA is much better because they… more »

What other advice do I have?

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use… more »

Which other solutions did I evaluate?

We have looked through the Cisco solution to expand more devices from Fidelis to cover more areas of our network. I also evaluated Symantec and I have seen FireEye but it's hard to even compare those products to RSA.
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
438,246 professionals have used our research since 2012.
VishalGilatar
Real User
IT Security Head with 1,001-5,000 employees
Jan 20 2020

What is most valuable?

The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it. With some other solutions, creating custom connectors is very costly. The dashboard is very… more »

What needs improvement?

The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall.

Which solution did I use previously and why did I switch?

We tried to implement Paladion but we were not about to complete our PoC because of problems.

What other advice do I have?

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they… more »

Which other solutions did I evaluate?

We did not evaluate other options.
Maor Hojberg
Real User
Team Leader & Head of MSSP at We Ankor
May 24 2019

What is most valuable?

The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

What needs improvement?

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have… more »

What's my experience with pricing, setup cost, and licensing?

This is a pricey solution; it's not cheap. Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

What other advice do I have?

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
Real User
IT and Cybersecurity Professional at a financial services firm
Jun 24 2020

What is most valuable?

The most valuable features are the threat prediction and network forensics. For example, if there is any malware on the network, I am able to see who received it and who clicked on it. I like this functionality the most. The deployment of the appliance is easy, where even a non-technical person can… more »

What needs improvement?

The SOAR (security orchestration, automation, and response) component has areas for improvement. Technical support needs to be improved. Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM. Lots of… more »

Which solution did I use previously and why did I switch?

I have used RSA enVision and ArcSight in the past. We migrated from RSA enVision because they had declared the product end-of-life and upgraded to the NetWitness platform. The Logs component is similar to what other competitors, such as IBM, ArcSight, and LogRhythm have. What distinguishes this… more »

What other advice do I have?

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and… more »
Real User
Information Securuty Analyst at a tech services company with 11-50 employees
Mar 22 2020

What is most valuable?

Performance and reporting are very good.

What needs improvement?

The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions.

What other advice do I have?

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is… more »
AdrianMache
Real User
RSA Specialist at a computer software company with 1,001-5,000 employees
Feb 04 2020

What is most valuable?

The most valuable features are the integration and ease of use. It is a pretty simple platform that can integrate very well with our system.

What needs improvement?

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when… more »

What other advice do I have?

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first… more »
Real User
Security Engineer at a comms service provider with 10,001+ employees
Jul 19 2020

What is most valuable?

The most valuable feature is the security that it provides. The log-related capabilities are good. It integrates well with other risk-assessment tools.

What needs improvement?

It is not so easy to customize this product. This product would be improved with the addition of machine learning functionality.

Which solution did I use previously and why did I switch?

We use McAfee for internal purposes.

What other advice do I have?

They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.
See 5 More RSA NetWitness Logs and Packets (RSA SIEM) Reviews

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

Read Archived Reviews