NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The most valuable features are the threat prediction and network forensics."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The product's initial setup phase was not at all difficult."

"The installation phase was easy."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"Support is very helpful and responsive."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The most valuable feature is the view into the application."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"We have encountered issues with unresolved crashes."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"An area for improvement would be better automation and more inbuilt use cases."

"More customizability is required, which is something that they need to improve on."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"The log system is a bit complex and has room for improvement."

"The implementation needs assistance."

"The tool's integration capability isn't so great."

"It is very expensive, the price could be better."

"The solution's support needs to improve their support."

"Stability issues manifested in terms of throughput maximization."

"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Management of the appliance could be greatly improved."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"The licenses are good but the cost is very expensive."

"It is cheap."

"Our license is for one year."

"Compared to the competition, the is price is not that high."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"We are on an annual license for the use of the solution."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The tool is a bit pricey."

"The pricing is a little high."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Pricing and licensing are reasonable compared to competitors."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"It's an expensive solution."