NetWitness Platform vs Trellix Network Detection and Response comparison

"Their technical support responds quickly and are knowledgable."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"NetWitness can be highly beneficial for incident detection and response."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"The most valuable feature is the network security module."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"The solution can scale."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall, and if you have these types of tools, your organization would benefit greatly."

"Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch."

"The server appliance is good."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"Technical support could be improved."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"The initial setup was complex because it takes a lot of time to complete the implementation."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"We have encountered issues with unresolved crashes."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."

"The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"It is an expensive solution."

"Technical support could be improved."

"This is a pricey solution; it's not cheap."

"The product price was reasonable for my region and the market."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"Compared to the competition, the is price is not that high."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It’s cheaper to run virtual machines in a VMware environment."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"It's an expensive solution."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"The user fee is not as high but the maintenance fee is expensive."

"Pricing and licensing are reasonable compared to competitors."

"The pricing is a little high."