NetWitness Platform vs Trellix Network Detection and Response comparison

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Offers a good wireless feature."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"Incident management is its most valuable feature."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"The most valuable feature is the network security module."

"Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall, and if you have these types of tools, your organization would benefit greatly."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"An area for improvement would be better automation and more inbuilt use cases."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"The implementation needs assistance."

"Security needs improvement."

"The user interface is a little bit difficult for new users and it needs to be improved."

"It is not so easy to customize this product."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"Technical support could be improved."

"Technical packaging could be improved."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"Management of the appliance could be greatly improved."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"It is not a very secure product."

"Compared to the competition, the is price is not that high."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It’s cheaper to run virtual machines in a VMware environment."

"It is cheap."

"The product is expensive."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"This is a pricey solution; it's not cheap."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"The tool is a bit pricey."

"Pricing and licensing are reasonable compared to competitors."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"The pricing is a little high."

"It's an expensive solution."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."