NetWitness Platform vs Trellix Network Detection and Response comparison

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"NetWitness can be highly beneficial for incident detection and response."

"The most valuable features are the packet inspection and the automated incident response."

"The solution is really scalable for the high-end power, enterprise customer."

"The product's initial setup phase was not at all difficult."

"It's quite economical compared to other solutions in the market."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the hunting ability to work in a CERT."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"The installation phase was easy."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The tool's integration capability isn't so great."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"It is not so easy to customize this product."

"We have encountered issues with unresolved crashes."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response."

"Stability issues manifested in terms of throughput maximization."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."

"The world is currently shifting to AI, but FIreEye is not following suit."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"Compared to the competition, the is price is not that high."

"It’s cheaper to run virtual machines in a VMware environment."

"The product price was reasonable for my region and the market."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"This is a pricey solution; it's not cheap."

"It is cheap."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"It's an expensive solution."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"The user fee is not as high but the maintenance fee is expensive."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"The tool is a bit pricey."