NetWitness Platform vs Trellix Network Detection and Response comparison

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The product's initial setup phase was not at all difficult."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"Overall, I feel that the product is very good and my biggest complaint is about their support."

"The most valuable feature is the view into the application."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"It has provided us with better malware, intrusion and incident detection."

"I would definitely recommend this product because I have seen many cases where other solutions were not able to catch malware, but FireEye raised a red flag."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised, FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"The tool's integration capability isn't so great."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"More customizability is required, which is something that they need to improve on."

"The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk; they are much easier to set up."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions."

"The initial setup was complex because it took a lot of time to complete the implementation."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."

"FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"The initial setup was complex because of the nature of our environment."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"Technical support could be improved."

"On a scale of one to 10, with one being the worst and 10 being the best, I would you rate this product an 8. From a security perspective, it's pretty decent. It's just that I have seen it miss some semi loads or triggers when it's integrated with other products."

"It is cheap."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"Compared to the competition, the is price is not that high."

"We are on an annual license for the use of the solution."

"It’s cheaper to run virtual machines in a VMware environment."

"Pricing and licensing are reasonable compared to competitors."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"The user fee is not as high but the maintenance fee is expensive."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"The tool is a bit pricey."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."