NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
NetWitness Platform can monitor network traffic, logs, and network captures, making it easy to pinpoint and correlate information. The solution's alerts and correlation tools are also helpful for identifying incidents and malware. The incident management feature is also highly valued. The SSA console is user-friendly and doesn't require learning another language. Additionally, the newer version has good mapping, and the solution is scalable and economically priced. Technical support is also highly praised by users.
Improvements that could be made to the NetWitness Platform include better integration with other products, a more user-friendly interface, simplification of the log system, enhancing threat detection and alert capabilities, and improving database search. Other enhancements include adding log storage and threat intelligence features, automating security incident response, providing more precise logs when integrating with Windows-based systems, and automating reviews for compliance control requirements. The installation process could also be simplified.
NetWitness Platform has proven to be financially beneficial for users. Many have reported positive returns on investment, indicating that the platform has helped them achieve their desired outcomes.
The NetWitness Platform may not be affordable for small and medium-sized businesses, but it is less costly than some SIEM solutions. Licensing costs are based on the volume of EPS and can be subscription-based or perpetual. There is only one licensing model and hardware included in the price.
Customers use NetWitness Platform to monitor security alerts by ingesting logs from all their assets. It is also used to create correlation rules to identify potential breaches or hacking attempts and receive notifications through the dashboard. The solution is employed for incident management, compliance and governance, network forensics, and to integrate with applications and systems like firewalls and routers. RSA NetWitness Logs and Packets are used for monitoring scenarios, insider threat analysis, and log retention.
Some users find the technical support staff to be responsive and helpful, while others feel that they lack expertise and knowledge about the product. Some users have had unresolved issues with database management. The availability of around-the-clock support is appreciated.
The initial setup for NetWitness Platform is complex and requires knowledge. It involves preparing hardware boxes, configuring log sources, and generating metadata. Correlation rules and alerts are crucial for effective monitoring. Reviewer ratings of the setup process range from three out of 10 to six or seven out of 10.
Configuring it can be complex. There are multiple connectors, including standard and specialized connectors, but the complexity of the deployment depends on the amount and type of log sources. Support is recommended.
It is important to continuously monitor and maintain the solution.
The scalability of the NetWitness Platform varies on factors such as the storage capacity of the servers it is deployed on and the size of the organization using it. Some reviewers rate its scalability as high, while others suggest that it could be improved. The solution is considered scalable for enterprise customers and larger organizations, but may not be as suitable for small organizations. It is also noted that the solution can be scaled in the cloud, but may require additional workers and hardware procurement for on-premises scaling.
The NetWitness Platform solution is stable and reliable, with some minor issues when integrating with Windows-based systems or performing updates and upgrades. The stability ultimately depends on how well the site is set up and the performance may suffer if CPU and OS utilization is too high. While not rated as great compared to other products like Splunk and QRadar, it is a good solution.
NetWitness Platform was previously known as RSA Security Analytics.
Los Angeles World Airports, Reply