NetWitness Platform vs Trellix Network Detection and Response comparison

"NetWitness Platform is valuable for creating rules that the solution must detect."

"Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we only need the software license to put it up on our own cloud and deliver it to multiple clients."

"Overall, I feel that the product is very good and my biggest complaint is about their support."

"Prior to implementing the solution, the customers had no visibility of their assets, however, after adopting the solution, they have gained complete visibility over all their assets, including a comprehensive understanding of the network and attack symptoms."

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"Their customer service is excellent, one of the best."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"Overall, this is a good solution with suitable features and it very well fits our needs."

"The product is very easy to configure."

"It is stable and quite protective, and it has a lot of features to scan many malicious things and vulnerabilities."

"For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Both for our clients and for ourselves, ROI was almost 200% more than we expected."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised, FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"Cross Platform Integration could be improved."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"The implementation needs assistance."

"Technical support could be improved."

"Security needs improvement. We would still like to know how the traffic is entering the organization."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The product continues to crash. Even with tech support help, it does not resolve itself."

"The product is pricey. We'd like it to cost less. Not all customers can afford it."

"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."

"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"It is an expensive solution."

"It is very expensive, the price could be better."

"The initial setup was complex because of the nature of our environment."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"Our license is for one year."

"The product is expensive."

"The product price was reasonable for my region and the market."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"It’s cheaper to run virtual machines in a VMware environment."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"The user fee is not as high but the maintenance fee is expensive."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The tool is a bit pricey."

"It's an expensive solution."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"The pricing is a little high."