NetWitness Platform vs Trellix Network Detection and Response comparison

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Their technical support responds quickly and are knowledgable."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"Incident management is its most valuable feature."

"Very functional and good for detecting malicious traffic."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The product is very easy to configure."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"The server appliance is good."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"Health monitoring of the event sources and devices."

"The log system is a bit complex and has room for improvement."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"The initial setup is very complex and should be simplified."

"It is not so easy to customize this product."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."

"It is an expensive solution."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Technical packaging could be improved."

"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."

"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"Our license is for one year."

"We are on an annual license for the use of the solution."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"Compared to the competition, the is price is not that high."

"The pricing is a little high."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Pricing and licensing are reasonable compared to competitors."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"It's an expensive solution."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."