NetWitness Platform vs Trellix Network Detection and Response comparison

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The most valuable features are the threat prediction and network forensics."

"Their technical support responds quickly and are knowledgable."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The solution can scale."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"The initial setup was complex because it takes a lot of time to complete the implementation."

"More customizability is required, which is something that they need to improve on."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"We'd like the potential for better scaling."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"The solution's support needs to improve their support."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"The product is expensive."

"It’s cheaper to run virtual machines in a VMware environment."

"Our license is for one year."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Pricing and licensing are reasonable compared to competitors."

"It's an expensive solution."

"The tool is a bit pricey."