NetWitness Platform vs Trellix Network Detection and Response comparison

"The detection of ransomware in the internal network has benefited my organization."

"The development of use cases on the SSA console is quite user friendly, which means that the security analyst or the researcher does not have to learn another language."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"RSA NetWitness is a SIEM and real-time network traffic solution that collects logs and packets, applies a set of alerting, reporting, and analysis rules on them, and thus provides the enterprise with full visibility of the networks and activities of the systems."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"After all of our testing was conducted we felt confident that this was the right approach to safeguard the bank from advanced malware, zero-day and targeted attacks."

"It is a good product to implement, especially where the existing technology fails to detect zero day attacks."

"Both for our clients and for ourselves, ROI was almost 200% more than we expected."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The initial setup was straightforward, you can do it by yourself, you don't have to find a partner or a FireEye expert."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"We see ROI in the sense that we don't have to react because it stops anything from hurting the network."

"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."

"It is not so easy to customize this product."

"The product continues to crash. Even with tech support help, it does not resolve itself."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"Technical support could be improved."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"Advance monitoring and alerting feature is not stable (Event Stream Analysis)."

"It is not so easy to customize this product."

"The support from FireEye Network Security is not very good."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Technical support could be improved."

"The one thing that needs to improve is that they use guidance or FDK for max data."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage, however, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"Our license is for one year."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"It is cheap."

"It’s cheaper to run virtual machines in a VMware environment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"Compared to the competition, the is price is not that high."

"This is a pricey solution; it's not cheap."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The pricing is a little high."

"It's an expensive solution."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"The user fee is not as high but the maintenance fee is expensive."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."