NetWitness Platform vs Trellix Network Detection and Response comparison

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"The most valuable feature is the security that it provides."

"Offers a good wireless feature."

"The most valuable features are the threat prediction and network forensics."

"NetWitness can be highly beneficial for incident detection and response."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The installation phase was easy."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"We have encountered issues with unresolved crashes."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"The product's licensing models are complex to understand. This particular area needs improvement."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"Technical support could be improved."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"The world is currently shifting to AI, but FIreEye is not following suit."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The licenses are good but the cost is very expensive."

"It’s cheaper to run virtual machines in a VMware environment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"Pricing and licensing are reasonable compared to competitors."

"It's an expensive solution."

"The pricing is a little high."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The user fee is not as high but the maintenance fee is expensive."