NetWitness Platform vs Trellix Network Detection and Response comparison

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The most valuable features are the packet inspection and the automated incident response."

"Incident management is its most valuable feature."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Support is very helpful and responsive."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"The server appliance is good."

"The most valuable feature is MVX, which tests all of the files that have been received in an email."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"We have encountered issues with unresolved crashes."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."

"It is very expensive, the price could be better."

"We'd like the potential for better scaling."

"The world is currently shifting to AI, but FIreEye is not following suit."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"The product price was reasonable for my region and the market."

"It’s cheaper to run virtual machines in a VMware environment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The licenses are good but the cost is very expensive."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The tool is a bit pricey."

"The user fee is not as high but the maintenance fee is expensive."

"It's an expensive solution."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."