RSA NetWitness Logs and Packets (RSA SIEM) Room for Improvement

RamneshDubey
Senior Cyber Security Specialist at a software R&D company with 10,001+ employees
The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem. View full review »
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams. View full review »
reviewer1263441
IT Security Head with 1,001-5,000 employees
The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall. View full review »
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: March 2020.
408,459 professionals have used our research since 2012.
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers. View full review »
reviewer1308300
Information Securuty Analyst at a tech services company with 11-50 employees
The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions. View full review »
AdrianMache
RSA Specialist at a software R&D company with 1,001-5,000 employees
The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches. View full review »
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop. View full review »
SrManagee3c6
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex. View full review »
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
The implementation needs assistance. View full review »
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: March 2020.
408,459 professionals have used our research since 2012.