NetWitness Platform vs Trellix Network Detection and Response comparison

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Incident management is its most valuable feature."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The newer 11.5 version that my team is using has found it to have good mapping."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"Very functional and good for detecting malicious traffic."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"The user interface is a little bit difficult for new users and it needs to be improved."

"Health monitoring of the event sources and devices."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"The product's licensing models are complex to understand. This particular area needs improvement."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"Its technical support could be better."

"The tool's integration capability isn't so great."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Technical packaging could be improved."

"The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response."

"We'd like the potential for better scaling."

"Our license is for one year."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"It’s cheaper to run virtual machines in a VMware environment."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"This is a pricey solution; it's not cheap."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"It's an expensive solution."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."