RSA NetWitness Logs and Packets (RSA SIEM) Room for Improvement

Senior Cyber Security Specialist at a computer software company with 10,001+ employees
The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem. View full review »
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams. View full review »
IT Security Head with 1,001-5,000 employees
The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall. View full review »
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
466,310 professionals have used our research since 2012.
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers. View full review »
IT and Cybersecurity Professional at a financial services firm
The SOAR (security orchestration, automation, and response) component has areas for improvement. Technical support needs to be improved. Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM. Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support. View full review »
Information Securuty Analyst at a tech services company with 11-50 employees
The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions. View full review »
RSA Specialist at a computer software company with 1,001-5,000 employees
The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches. View full review »
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
More customizability is required, which is something that they need to improve on. When it comes to starting a log event, there are not many options available. It is very limited. The log and event correlation need improvement. The threat detection capability should be enhanced. View full review »
Maurizio Testa
Security Engineer/Architect at Telecom Italia
It is not so easy to customize this product. This product would be improved with the addition of machine learning functionality. View full review »
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop. View full review »
Pasupuelepi Ram
Analyst at Microland Limited
Security needs improvement. We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack. There is no SIEM tool in the world that can provide 100% security. View full review »
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex. View full review »
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
466,310 professionals have used our research since 2012.