RSA NetWitness Logs and Packets (RSA SIEM) Archived Reviews (More than two years old)

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Elias Lefate Tebele
Consultant
ACD - Level 3 Analyst at a tech services company with 10,001+ employees
Aug 28 2017

What is most valuable?

* Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs. * Broker service: Aggregate multiple concentrator devices deployed in various… more »

How has it helped my organization?

Reliable in terms of no data loss. Plays a huge role in device health checks (Event Source Monitor). Provides FSEs relevant information prior to end user problem solutions… more »

What needs improvement?

Advance monitoring and alerting feature is not stable (Event Stream Analysis). Does not allow certain use cases running parallel. The reporting module: If only their… more »

What's my experience with pricing, setup cost, and licensing?

RSA licensing ranges per core devices and services. An additional Designated Support Engineer can be acquired at quite a pricy cost. They are reliable as your system and… more »

Which solution did I use previously and why did I switch?

None in production other than RSA. However, I will be using IBM QRadar towards the end of this year.

What other advice do I have?

Either operating this solution in-house or reselling. First, outline all your data sources. Give more priority to the assets you want to protect. Event source type and… more »

Which other solutions did I evaluate?

Our partnership with RSA was already in place. No room for evaluation. Top SIEM tools such as HP Arcsight, McAfee ESM, and IBM QRadar.
Consultant
Founder & CEO at a tech services company with 11-50 employees
May 24 2017

What is most valuable?

RSA NetWitness is a SIEM and real-time network traffic solution. It collects logs/packets and applies a set of alerting, reporting and analysis rules on them. Thus, it provides the enterprise with a… more »

How has it helped my organization?

As mentioned elsewhere, this product provides full visibility for the activities in the networks and systems. For example, it provides detection of the attacks in early stages (brute-force attacks)… more »

What needs improvement?

* Out-of-the-box alerts and investigation rules * Health monitoring of the event sources and devices * Threat intelligence for data accuracy

What's my experience with pricing, setup cost, and licensing?

The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs).

What other advice do I have?

The only thing I advise others is to spend enough time for fine-tuning and the initial rule development. You should also develop a plan for the ongoing development and fine-tuning, as found in all the… more »

Which other solutions did I evaluate?

I did not evaluate other solutions.
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
439,184 professionals have used our research since 2012.
Consultant
Direct Sales Director at a tech services company with 501-1,000 employees
May 11 2017

What is most valuable?

Full packet capture: A must in an SOC Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network Built-in Incident… more »

How has it helped my organization?

We can monitor all traffic to/from our company. It is possible to track end user behaviour. With RSA NetWitness Endpoint, we are able to monitor not only the network, but… more »

What needs improvement?

Integration with external tools should be built-in, such as an external sandbox for files. We can import data using external feeds, using STIX or CVS files. The REST API… more »

What's my experience with pricing, setup cost, and licensing?

Prepare use cases, i.e., what to do and how. Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing… more »

Which solution did I use previously and why did I switch?

For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets… more »

What other advice do I have?

* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use. * Use RSA Professional Services or a partner. Don’t… more »

Which other solutions did I evaluate?

We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.
Vendor
Managing Architect at a tech company with 10,001+ employees
Aug 14 2014

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

Valuable Features

I have found the Security Intelligence most valuable.

Improvements to My Organization

Adding Threat Globe and SA(Analytics).

Room for Improvement

Cross Platform Integration could be improved.

Use of Solution

I have been using the solution for more than 8 Years.

Deployment Issues

No issues with deployment.

Stability Issues

No issues with stability.

Scalability Issues

Yes.

Customer Service and Technical Support

Customer Service: It's good for Enterprise Customer’s.Technical Support: It's good for Enterprise Customer’s.

ROI

Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.

Other Advice

This purely is an Enterprise Product and one has to have a defined budget and plan; it’s good to…

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.
Quick Links
Learn More: