NetWitness Platform vs Trellix Network Detection and Response comparison

"The product's initial setup phase was not at all difficult."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Incident management is its most valuable feature."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"The installation phase was easy."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The product is very easy to configure."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The initial setup was complex because it takes a lot of time to complete the implementation."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The solution should have more integration capabilities with different platforms."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"Management of the appliance could be greatly improved."

"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"It is not a very secure product."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"This is a pricey solution; it's not cheap."

"Our license is for one year."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The licenses are good but the cost is very expensive."

"It is cheap."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"Pricing and licensing are reasonable compared to competitors."

"The pricing is a little high."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"It's an expensive solution."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."