NetWitness Platform vs Trellix Network Detection and Response comparison

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The most valuable feature is the security that it provides."

"The most valuable features are the packet inspection and the automated incident response."

"Stability has not been an issue with this product."

"The newer 11.5 version that my team is using has found it to have good mapping."

"Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents."

"Thanks to this tool, we have a small SOC running in our company."

"Offers a good wireless feature."

"The most valuable feature is the network security module."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"The product is very easy to configure."

"Support is very helpful and responsive."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"Because of what the FireEye product does, it has significantly decreased our meantime in being able to identify and detect malicious threats."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The initial setup is very complex and should be simplified."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"One thing to be improved in NetWitness is the capability to correlate event logs in a general sense."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"Security needs improvement. We would still like to know how the traffic is entering the organization."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage, however, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"Stability is fine as long as we don't go deeper into the system. Once we go deeper into the SSM, inspection, and decryption, we get some issues."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"Cybersecurity posture has room for improvement."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"The solution's support needs to improve their support."

"The product is expensive."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"Compared to the competition, the is price is not that high."

"Our license is for one year."

"It’s cheaper to run virtual machines in a VMware environment."

"The product price was reasonable for my region and the market."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The user fee is not as high but the maintenance fee is expensive."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"It's an expensive solution."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"The pricing is a little high."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."