We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Incident management is its most valuable feature."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Their technical support responds quickly and are knowledgable."
"It's quite economical compared to other solutions in the market."
"The most valuable features are the integration and ease of use."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable feature is the network security module."
"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."
"The solution can scale."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"Health monitoring of the event sources and devices."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The tool's integration capability isn't so great."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"Technical packaging could be improved."
"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"It is very expensive, the price could be better."
"Management of the appliance could be greatly improved."
"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 37 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Fortinet FortiGate, Zscaler Internet Access and Symantec Advanced Threat Protection. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.