NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable features are the threat prediction and network forensics."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"The product's initial setup phase was not at all difficult."

"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"The most valuable feature is the security that it provides."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"The most valuable feature is the network security module."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"The installation phase was easy."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"The solution should have more integration capabilities with different platforms."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"The user interface is a little bit difficult for new users and it needs to be improved."

"The initial setup is complex. There are other solutions that are easier to implement."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"More customizability is required, which is something that they need to improve on."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"It is very expensive, the price could be better."

"We'd like the potential for better scaling."

"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"The product price was reasonable for my region and the market."

"Compared to the competition, the is price is not that high."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The licenses are good but the cost is very expensive."

"It is cheap."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"It's an expensive solution."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The tool is a bit pricey."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."