2019-02-11T08:11:00Z

What advice do you have for others considering RSA NetWitness Logs and Packets (RSA SIEM)?


If you were talking to someone whose organization is considering RSA NetWitness Logs and Packets (RSA SIEM), what would you say?

How would you rate it and why? Any other tips or advice?

Guest
88 Answers

author avatar
Top 10Real User

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.

2020-03-19T13:00:53Z
author avatar
Top 5LeaderboardReal User

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.

2020-01-19T06:38:00Z
author avatar
Top 5Real User

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.

2020-01-12T07:22:00Z
author avatar
Real User

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.

2020-01-09T06:15:00Z
author avatar
Top 5Real User

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.

2019-08-25T05:17:00Z
author avatar
Real User

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.

2019-05-22T07:18:00Z
author avatar
Real User

It's supposed to help our security program maturity. Has it? I think that's another question. I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.

2019-03-11T07:21:00Z
author avatar
Top 5Real User

I would recommend this solution to somebody considering it. I would rate it a nine out of ten.

2019-02-11T08:11:00Z
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,478 professionals have used our research since 2012.