NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"NetWitness can be highly beneficial for incident detection and response."

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall, and if you have these types of tools, your organization would benefit greatly."

"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"The tool's integration capability isn't so great."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"The implementation needs assistance."

"Its technical support could be better."

"Technical support could be improved."

"Security needs improvement."

"It is not so easy to customize this product."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents."

"The product's integration capabilities are an area of concern where improvements are required."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"Stability issues manifested in terms of throughput maximization."

"We'd like the potential for better scaling."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The licenses are good but the cost is very expensive."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"The product price was reasonable for my region and the market."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"This is a pricey solution; it's not cheap."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The user fee is not as high but the maintenance fee is expensive."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"It's an expensive solution."

"The tool is a bit pricey."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."