The threat intelligence could improve in RSA NetWitness Endpoint.
Scalable and useful single location management
Pros and Cons
- "The stability of the RSA NetWitness Endpoint is very good."
- "The threat intelligence could improve in RSA NetWitness Endpoint."
What needs improvement?
For how long have I used the solution?
I have been using RSA NetWitness Endpoint for approximately seven years.
What do I think about the stability of the solution?
The stability of the RSA NetWitness Endpoint is very good.
What do I think about the scalability of the solution?
RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution. This solution has hard-coded IP addresses in its agents. When somebody wants to migrate from one data center to another data center, they have to reinstall all the agents. They can't change the hard-coded IP address to allow communication with the target server. That is the largest problem of the solution. Otherwise, in terms of scalability, it's fine.
If they are able to provide provisioning of the IP address change in the agents only when somebody migrates the hardware appliances from one data center to another data center. It would be a great improvement for those who want to migrate.
Buyer's Guide
NetWitness NDR
October 2024
Learn what your peers think about NetWitness NDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What other advice do I have?
I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution. They have a single solution in which they can pivot from the NetWitness to the endpoint. Everything is combined in a single pane of glass.
Earlier, they used to have distinct solutions. The NetWitness EDI used another pane of glass and then the EDR used a different one. Now the EDR and MDR have been combined into a single solution. That is an advantage from the security perspective. They can use a lateral movement and see all aspects in a single pane of glass. It's an easy investigation for everyone. I would definitely recommend this solution.
I rate RSA NetWitness Endpoint an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager, Soc
Log correlation is good, but the solution is slow and there are many licensing complications
Pros and Cons
- "The log correlation is good."
- "The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
What is our primary use case?
The product is mainly used for security, log reviews, and monitoring.
In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.
What is most valuable?
The log correlation is good. There may be some benefits to the solution, but most of my time has gone to configure it rather than to work with it. So maybe I'm not so aware of that.
What needs improvement?
The problem with this product is that it's a bit slow. I am not very happy with this product. In the past, I have worked with a different tool, which was only maintaining a log, but I found that solution much better than NetWitness. It is not properly configured yet.
One part of this product that needs to be improved is the log passing. Often, it doesn't work or logs go missing. There are many licensing complications as well.
For how long have I used the solution?
I have been working with this product for almost one year. I'm not working directly with the product. I do the implementation for companies. We use the latest versions of the solution.
I'm technically not hands-on with these tools because I manage the team, so I am not exposed to anything.
What do I think about the stability of the solution?
My own network is very complex. It might be stable, but many times, even our appliances are not. We have had improper shutdowns, so I will not blame RSA. If an improper shutdown happens, then it takes a lot of time to make it up. It doesn't work until you start the machine, and it will work. Finally, you have to get a ticket, then they will do lots of things on them. The services will start and then it will work. We've been having some power issues in my previous assignments, and a lot of trouble in that way.
What do I think about the scalability of the solution?
The solution is scalable. It creates 3,000 lab logs per second. I think the solution is suitable for large companies, or medium to large companies.
How are customer service and support?
I don't think RSA has good support.
How was the initial setup?
The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is troubleshooting and working with technical support. Log passing is also one of the biggest challenges. Sometimes you don't get the logs, but even when we make the log passes, they don't work. They suddenly stop working. It might just be a problem from my side as well, but the end result is that it is not working as smoothly as it should.
Deployment time just depends on different circumstances. Many times, our men were unable to get to the data center. There were some wiring problems and improper shutdowns. We did have trouble with connecting with other people in our department. It took an unusual amount of time. I think we should have been done in 45 to 60 days, but it took us more than eight or nine months to get it done. The deployment time just depends on the current scenario. Tech support would say, "We don't do this, we don't do that. You have to purchase that service and that service."
What's my experience with pricing, setup cost, and licensing?
The pricing is not very economical. It is a costly product for India. When you purchase it, you have to purchase a module separately.
What other advice do I have?
I would rate this solution 4 out of 10. I would not suggest that someone use this solution because support is a main issue. I would prefer to go with IBM QRadar or some other new AI-based tools.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
NetWitness NDR
October 2024
Learn what your peers think about NetWitness NDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Security information and incident handling. at a financial services firm with 501-1,000 employees
Provides great protection against malicious files
Pros and Cons
- "Ability to isolate the machine when there are malicious files."
- "The solution lacks a reporting engine."
What is our primary use case?
We are customers of RSA.
What is most valuable?
The valuable feature is being able to isolate the machine when there are malicious files.
What needs improvement?
The solution doesn't have a reporting engine which would be helpful. I've also found that the UI times out too quickly and you have to close and reopen. It should allow for a longer session time.
For how long have I used the solution?
I've been using this solution for four years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable in terms of coverage. We have more than 2500 endpoints with different levels of users and operating systems.
How are customer service and support?
Custome support is very good in terms of the knowledge base but the response time is too long. It can sometimes take two days before you get a reply.
How was the initial setup?
The initial setup was relatively straightforward because we only had to provision the SQL server and then run the setup. We deployed in-house with a DBA and the deployment took a day. We have an external maintenance contract.
What was our ROI?
We've seen a good ROI.
What other advice do I have?
I rate this solution eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Account Manager at a tech services company with 11-50 employees
Helps our security team respond more accurately when there are threats
Pros and Cons
- "It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
- "RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
- "The initial setup requires a high level of skill."
- "The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
What is our primary use case?
It is mainly for market analysis. It has been performing exceedingly well.
How has it helped my organization?
It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.
What is most valuable?
RSA NetWitness does market analysis in a more granular form. It gives you full visibility. You have good visibility across the flow of markets, then you can connect with more security devices across the network.
What needs improvement?
The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution. However, customers understand the model, so they buy them in modules and put them together.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is good. It does not fail.
What do I think about the scalability of the solution?
It is highly scalable. It can be bought based on your requirements.
How are customer service and technical support?
The product has excellent support.
How was the initial setup?
The initial setup requires a high level of skill, then the setup is good and smooth. If you have the skill, then you will get through it easily.
What's my experience with pricing, setup cost, and licensing?
The pricing is good. It is competitive. With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing. They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend.
What other advice do I have?
I would highly recommend the solution. Just go ahead and get it. It is the best you can get.
We chose a solution of RSA endpoint protection because of the value proposition they offered. It became clear that they have the right solution for a serious enterprise and the security operation center (SOC), and they offered the right value.
It meets our major requirements and gives you peace of mind.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at Global Solutions
Great visualizations, stable, and easy to use and deploy
Pros and Cons
- "It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
- "Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
What is our primary use case?
It is our all-in-one platform for logs and packets for our network and for EDR.
What is most valuable?
It is very easy to use, and its usability is great. The use cases are also very easy.
The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great.
What needs improvement?
Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training.
For how long have I used the solution?
I have been using this solution for about two or three years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is not meant for small businesses. It is for medium to very large enterprises.
How are customer service and technical support?
They have very good staff in tech support.
How was the initial setup?
Its installation is easy.
What about the implementation team?
I did it myself.
What's my experience with pricing, setup cost, and licensing?
It is an expensive product.
What other advice do I have?
I would rate RSA NetWitness Network a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO & Founder at a tech services company with 1-10 employees
A stable solution that captures traffic with detailed communication logs
Pros and Cons
- "The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
- "When analyzing something, you have to click several times. It requires a lot of effort to find something."
What is our primary use case?
We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.
What is most valuable?
The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.
What needs improvement?
When analyzing something, you have to click several times. It requires a lot of effort to find something. The sole purpose of NetWitness is to find text easily, so this is an area that needs to be improved.
The scalability needs improvement, but I think that it is technically difficult.
This is a complex tool to use.
In the next release, if they could include a detection feature or improve the detection then I would like it better.
For how long have I used the solution?
I have been working with this solution for about one year.
What do I think about the stability of the solution?
This solution is very stable.
What do I think about the scalability of the solution?
It does not scale. It's one network segment that captures all of the traffic, so it's not scalable at all.
We have six analysts who use this product, with maybe only three or four people in our company.
How are customer service and technical support?
For support, we contact our reseller.
How was the initial setup?
The initial setup is not complex, it was easy.
We deployed everything on port mirroring.
What about the implementation team?
I set up this solution by myself.
What other advice do I have?
Architects love to use this tool, but the analysis is very complex, which is the point of NetWitness Network.
It's not the best, but it's good. The analytics is probably a ten but because it is complex, but overall, I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech services company with 10,001+ employees
Good SIEM solution
Pros and Cons
- "It is stable. We have been using it for some time, without any issues."
- "This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
What is our primary use case?
We are using it as a SIEM tool.
What is most valuable?
One of the most valuable features is the Orchestrator.
What needs improvement?
This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is stable. We have been using it for some time, without any issues.
What do I think about the scalability of the solution?
I think it would scale nicely but we have not needed to expand our organizational needs yet.
How was the initial setup?
The initial setup was not complex.
What's my experience with pricing, setup cost, and licensing?
I do not have any opinion on the pricing or licensing of the product.
Which other solutions did I evaluate?
I used other solutions such as EnVision in the past.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free NetWitness NDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Network Detection and Response (NDR) Endpoint Protection Platform (EPP) Threat Intelligence Platforms Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
SentinelOne Singularity Complete
Darktrace
Cortex XDR by Palo Alto Networks
Elastic Security
Symantec Endpoint Security
Trend Vision One Endpoint Security
Trellix Endpoint Security
Tanium
Vectra AI
AWS Security Hub
Palo Alto Networks Cortex XSOAR
VMware Carbon Black Endpoint
Buyer's Guide
Download our free NetWitness NDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Network Detection and Response (NDR) Differ from SIEM?
- What aspects of network security are more concerning to small and medium-sized enterprises?
- What are the best practices for Security Operations Center (SOC)?
- What is the future of the Network Operation Center (NOC)?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- Why is Network Detection and Response (NDR) important for companies?
- GoDaddy has been hacked again. What can be done better?
- What is Data-Centric vs Application-Centric security architecture?
- What are your top Extended Detection and Response (XDR) predictions for 2022?