RSA NetWitness Logs and Packets (RSA SIEM) Room for Improvement

Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams. View full review »
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers. View full review »
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop. View full review »
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2019.
372,906 professionals have used our research since 2012.
SrManagee3c6
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex. View full review »
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
The implementation needs assistance. View full review »
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2019.
372,906 professionals have used our research since 2012.
Sign Up with Email