NetWitness Platform vs Trellix Network Detection and Response comparison

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"Their technical support responds quickly and are knowledgable."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"The product's initial setup phase was not at all difficult."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"The most valuable features are the threat prediction and network forensics."

"Performance and reporting are very good."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The product is very easy to configure."

"The log system is a bit complex and has room for improvement."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"The initial setup is complex. There are other solutions that are easier to implement."

"The tool's integration capability isn't so great."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"Technical support could be improved."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"It is very expensive, the price could be better."

"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"This is a pricey solution; it's not cheap."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"Compared to the competition, the is price is not that high."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"It's an expensive solution."

"The user fee is not as high but the maintenance fee is expensive."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Pricing and licensing are reasonable compared to competitors."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"The pricing is a little high."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."