NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable feature is the hunting ability to work in a CERT."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The most valuable feature is the security that it provides."

"The most valuable features are the threat prediction and network forensics."

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The installation phase was easy."

"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."

"Support is very helpful and responsive."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"An area for improvement would be better automation and more inbuilt use cases."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"The user interface is a little bit difficult for new users and it needs to be improved."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."

"The product's integration capabilities are an area of concern where improvements are required."

"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"It’s cheaper to run virtual machines in a VMware environment."

"The licenses are good but the cost is very expensive."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"Compared to the competition, the is price is not that high."

"We are on an annual license for the use of the solution."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It is cheap."

"The pricing is a little high."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The tool is a bit pricey."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"Pricing and licensing are reasonable compared to competitors."

"The user fee is not as high but the maintenance fee is expensive."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."