NetWitness Platform vs Trellix Network Detection and Response comparison

"Offers a good wireless feature."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the hunting ability to work in a CERT."

"NetWitness can be highly beneficial for incident detection and response."

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"Incident management is its most valuable feature."

"The most valuable feature is the network security module."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The most valuable feature is the view into the application."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The solution can scale."

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."

"The user interface is a little bit difficult for new users and it needs to be improved."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"We have encountered issues with unresolved crashes."

"It is not so easy to customize this product."

"The initial setup is complex. There are other solutions that are easier to implement."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The initial setup was complex because it takes a lot of time to complete the implementation."

"It is an expensive solution."

"Management of the appliance could be greatly improved."

"The product's integration capabilities are an area of concern where improvements are required."

"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"It is very expensive, the price could be better."

"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"This is a pricey solution; it's not cheap."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The product is expensive."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Pricing and licensing are reasonable compared to competitors."

"The tool is a bit pricey."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"The user fee is not as high but the maintenance fee is expensive."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."