If you were talking to someone whose organization is considering RSA NetWitness Logs and Packets (RSA SIEM), what would you say?
How would you rate it and why? Any other tips or advice?
I would recommend this solution. I rate this solution a nine out of 10.
RSA is something that I can recommend. I would rate this solution a six out of ten.
This is a product that I recommend. I would rate this solution an eight out of ten.
They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.
My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.
My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.
My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.
I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.
My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.
If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.
This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
It's supposed to help our security program maturity. Has it? I think that's another question. I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.
I would recommend this solution to somebody considering it. I would rate it a nine out of ten.
What do you like most about RSA NetWitness Logs and Packets (RSA SIEM)?
Thanks for sharing your thoughts with the community!