NetWitness Platform vs Trellix Network Detection and Response comparison

"Offers a good wireless feature."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"NetWitness can be highly beneficial for incident detection and response."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"Very functional and good for detecting malicious traffic."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"The most valuable feature is the network security module."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"The user interface is a little bit difficult for new users and it needs to be improved."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"Security needs improvement."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."

"The world is currently shifting to AI, but FIreEye is not following suit."

"The solution's support needs to improve their support."

"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"Management of the appliance could be greatly improved."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"Compared to the competition, the is price is not that high."

"The licenses are good but the cost is very expensive."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"It’s cheaper to run virtual machines in a VMware environment."

"The product is expensive."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"The pricing is a little high."

"It's an expensive solution."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."