NetWitness Platform vs Trellix Network Detection and Response comparison

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The most valuable features are the threat prediction and network forensics."

"The most valuable features are the packet inspection and the automated incident response."

"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"Offers a good wireless feature."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The most valuable feature is the hunting ability to work in a CERT."

"Support is very helpful and responsive."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment."

"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"Very functional and good for detecting malicious traffic."

"The solution should have more integration capabilities with different platforms."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"We'd like the potential for better scaling."

"Stability issues manifested in terms of throughput maximization."

"The solution's support needs to improve their support."

"The product's integration capabilities are an area of concern where improvements are required."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"We are on an annual license for the use of the solution."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It is cheap."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"It’s cheaper to run virtual machines in a VMware environment."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The user fee is not as high but the maintenance fee is expensive."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"Pricing and licensing are reasonable compared to competitors."

"The pricing is a little high."

"It's an expensive solution."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."