NetWitness Platform vs Trellix Network Detection and Response comparison

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"The most valuable features are the packet inspection and the automated incident response."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"The solution is really scalable for the high-end power, enterprise customer."

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The most valuable feature is the network security module."

"Very functional and good for detecting malicious traffic."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"An area for improvement would be better automation and more inbuilt use cases."

"The product's licensing models are complex to understand. This particular area needs improvement."

"More customizability is required, which is something that they need to improve on."

"It is not so easy to customize this product."

"Health monitoring of the event sources and devices."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"The initial setup is complex. There are other solutions that are easier to implement."

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"Technical support could be improved."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"Technical packaging could be improved."

"We'd like the potential for better scaling."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"The product price was reasonable for my region and the market."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"The licenses are good but the cost is very expensive."

"The product is expensive."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Pricing and licensing are reasonable compared to competitors."

"The user fee is not as high but the maintenance fee is expensive."

"It's an expensive solution."

"The pricing is a little high."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."