What is our primary use case?
I'm primarily using the solution on my client's site.
This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus.
With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP.
What is most valuable?
We have not evaluated this tool. It is evaluated by the client's company directly. That said, I have found it has good threat intel insights, comparatively speaking.
From the client-side, there are economical kinds of features. It's quite economical compared to other solutions in the market.
The solution is scalable.
The technical support is very good.
What needs improvement?
We are designing reports and automated rules and processes. We are defining them in relation to this product. With the help of automated rules and processes, this product will help the team when they go to production to do operations smoothly, as, most of the time, what happens when you put manual interference into such systems, it may be delayed. This can lead to vulnerabilities. Sometimes, if a hacker enters the system, he might only have a limited time where there is a window of access, however, in that time, he'll take what he can, and even if the vulnerability only lasted for a few minutes, in that time, items can get stolen.
Therefore, there needs to be more proactively to avoid any downtime. We're adding automating tools to help RSA Netwitness so that if anything happens, RSA can immediately shut anything down. We're in the process of configuring them and adding them in.
The initial setup is complex. There are solutions that are easier to implement.
For how long have I used the solution?
I've been using the solution for two and a half years.
Buyer's Guide
NetWitness Platform
December 2024
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is reliable. I won't say great, due to the fact that, naturally, if you compare it to other products it is not that great. That said, for the operations, it is good as long as you do not violate your license. The moment you violate your license, this will cause a quite delayed reaction, at least, that is what I've seen compared to Splunk and QRadar.
What do I think about the scalability of the solution?
While the solution isn't necessarily for small organizations, it is good for medium and large organizations.
The solution scales easily.
How are customer service and support?
Technical support is very good. They try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner. I'm happy with the support.
How was the initial setup?
The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk. They are much easier to set up. It also depends on the client's infrastructure. It just needs some time and understanding to be deployed.
Once it is deployed it requires maintenance. Whenever you work on such products, if you do not take the support or support services, it might take some time to work through some things. For some things, the documentation is not the best. Support is always recommended. If you do not buy support, it can be a disaster.
What's my experience with pricing, setup cost, and licensing?
It's my understanding that the pricing of the product is pretty good. Compared to other options on the market, it's reasonable.
I would say it's economical, as the licensing part is always a different ball game in the SIEM tools business, as everyone is running their business in a different manner. If you go to IBM, they will charge you in a different way, for example. RSA will charge you in a different way as well, and Splunk has its own unique licensing policies. I would say it's economical. I won't say it's cheap. It is in between.
Currently, there is only one license. There aren't different licensing models. Hardware is included in the price.
What other advice do I have?
I'm on the latest version of the solution. I tend to work on updated versions.
We are systems integrators. We have a partnership with RSA.
If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation.
I'd rate the solution at an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner