NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"Their technical support responds quickly and are knowledgable."

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."

"The server appliance is good."

"The most valuable feature is the view into the application."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"The tool's integration capability isn't so great."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"The initial setup is complex. There are other solutions that are easier to implement."

"The initial setup is very complex and should be simplified."

"Its technical support could be better."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"We'd like the potential for better scaling."

"Management of the appliance could be greatly improved."

"It is an expensive solution."

"Cybersecurity posture has room for improvement."

"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"It’s cheaper to run virtual machines in a VMware environment."

"Compared to the competition, the is price is not that high."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"This is a pricey solution; it's not cheap."

"The product price was reasonable for my region and the market."

"We are on an annual license for the use of the solution."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"It's an expensive solution."

"Pricing and licensing are reasonable compared to competitors."

"The tool is a bit pricey."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."