Try our new research platform with insights from 80,000+ expert users
Computer Security Consultant at SECURE SOFT
Real User
Top 20
Deployment flexibility and robust integration enhance reporting and analytics capabilities in financial industry
Pros and Cons
  • "NetWitness Platform offers flexibility for deployment and robust integration capabilities."

    What is our primary use case?

    I use NetWitness Platform in the financial industry as a good product with excellent capabilities and integration with various devices.

    What is most valuable?

    NetWitness Platform offers flexibility for deployment and robust integration capabilities. It excels in research events, analytics data, and reporting. It is particularly beneficial for reporting purposes, offering efficient solutions.

    What needs improvement?

    There is currently no need for improvement in the SIEM, though there could be potential enhancements by integrating with AI.

    How are customer service and support?

    The support is good, and I would rate it nine out of ten.
    Buyer's Guide
    NetWitness Platform
    March 2025
    Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
    842,690 professionals have used our research since 2012.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In the financial industry, I used other solutions like Exabeam or UEBA from other providers.

    How was the initial setup?

    The initial setup was not complex. On a scale of zero to ten, where ten is the easiest, I would rate it seven or eight.

    What was our ROI?

    The solution is efficient, though I do not provide specific ROI details.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

    Which other solutions did I evaluate?

    I used alternatives like Exabeam or UEBA from other providers in other industries.

    What other advice do I have?

    I would rate the SIEM eight out of ten.

    Which deployment model are you using for this solution?

    I am using the on-premises deployment model.
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    reviewer1417383 - PeerSpot reviewer
    Presales Manager at a tech services company with 51-200 employees
    Real User
    Enables incident response team to correlate logs to identify any kind of problem, both for logs and packets
    Pros and Cons
    • "It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
    • "If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

    What is our primary use case?

    This solution is deployed on-premise.

    What is most valuable?

    It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets. I think the most important thing was that it gives the customer the capability to discover and respond to an incident. It gives customers visibility about their most important servers and devices.

    Regarding the packet model, the most important thing is how easy it is to rebuild the raw data. Through one click, you can see an email that was sent even without accessing the mailbox from the user. It's easy to rebuild the raw data, especially the packet.

    What needs improvement?

    If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.

    NetWitness has a malware appliance, but in terms of dynamic analysis, we need to integrate with 30 vendors. It would be great to have a sandbox produced by the RSA and the SSL appliance also.

    For how long have I used the solution?

    I have been working with this solution for six years.

    Which solution did I use previously and why did I switch?

    I have worked with ArcSight from Micro Focus. One thing to be improved in NetWitness is the capability to correlate event logs in a general sense. We have less resources in the NetWitness correlation engine compared with ArcSight.

    What other advice do I have?

    I would rate this solution 8 out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    NetWitness Platform
    March 2025
    Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
    842,690 professionals have used our research since 2012.
    Francesco Ritrovato - PeerSpot reviewer
    Security Analyst at Sogei
    Real User
    Cost-effective and stable
    Pros and Cons
    • "The most valuable feature is the hunting ability to work in a CERT."
    • "The log system is a bit complex and has room for improvement."

    What is our primary use case?

    We have been using the RSA SIEM with the NetWitness Platform for a long time.

    What is most valuable?

    The most valuable feature is the hunting ability to work in a CERT.

    What needs improvement?

    The log system is a bit complex and has room for improvement.

    For how long have I used the solution?

    I have been using the solution for a few years.

    What do I think about the stability of the solution?

    The solution is stable and is able to work with a lot of complex data.

    How was the initial setup?

    Using the software is straightforward, but configuring it is complex. To achieve the best results, we need to set up the log system. We have an RSA team to integrate the log system with the SIEM.

    What's my experience with pricing, setup cost, and licensing?

    In comparison to other SIEM solutions such as Splunk, NetWitness is less costly.

    What other advice do I have?

    I give the solution a nine out of ten.

    I recommend the solution to others.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Program Manager at EGYANAM TECH
    Real User
    Economical with good technical support and is easily scalable
    Pros and Cons
    • "It's quite economical compared to other solutions in the market."
    • "The initial setup is complex. There are other solutions that are easier to implement."

    What is our primary use case?

    I'm primarily using the solution on my client's site. 

    This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus. 

    With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP. 

    What is most valuable?

    We have not evaluated this tool. It is evaluated by the client's company directly. That said, I have found it has good threat intel insights, comparatively speaking. 

    From the client-side, there are economical kinds of features.  It's quite economical compared to other solutions in the market. 

    The solution is scalable. 

    The technical support is very good.

    What needs improvement?

    We are designing reports and automated rules and processes. We are defining them in relation to this product. With the help of automated rules and processes, this product will help the team when they go to production to do operations smoothly, as, most of the time, what happens when you put manual interference into such systems, it may be delayed. This can lead to vulnerabilities. Sometimes, if a hacker enters the system, he might only have a limited time where there is a window of access, however, in that time, he'll take what he can, and even if the vulnerability only lasted for a few minutes, in that time, items can get stolen. 

    Therefore, there needs to be more proactively to avoid any downtime. We're adding automating tools to help RSA Netwitness so that if anything happens, RSA can immediately shut anything down. We're in the process of configuring them and adding them in.

    The initial setup is complex. There are solutions that are easier to implement.

    For how long have I used the solution?

    I've been using the solution for two and a half years.

    What do I think about the stability of the solution?

    The solution is reliable. I won't say great, due to the fact that, naturally, if you compare it to other products it is not that great. That said, for the operations, it is good as long as you do not violate your license. The moment you violate your license, this will cause a quite delayed reaction, at least, that is what I've seen compared to Splunk and QRadar.

    What do I think about the scalability of the solution?

    While the solution isn't necessarily for small organizations, it is good for medium and large organizations.

    The solution scales easily.

    How are customer service and technical support?

    Technical support is very good. They try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner. I'm happy with the support.

    How was the initial setup?

    The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk. They are much easier to set up. It also depends on the client's infrastructure. It just needs some time and understanding to be deployed. 

    Once it is deployed it requires maintenance. Whenever you work on such products, if you do not take the support or support services, it might take some time to work through some things. For some things, the documentation is not the best. Support is always recommended. If you do not buy support, it can be a disaster. 

    What's my experience with pricing, setup cost, and licensing?

    It's my understanding that the pricing of the product is pretty good. Compared to other options on the market, it's reasonable. 

    I would say it's economical, as the licensing part is always a different ball game in the SIEM tools business, as everyone is running their business in a different manner. If you go to IBM, they will charge you in a different way, for example. RSA will charge you in a different way as well, and Splunk has its own unique licensing policies. I would say it's economical. I won't say it's cheap. It is in between.

    Currently, there is only one license. There aren't different licensing models. Hardware is included in the price.

    What other advice do I have?

    I'm on the latest version of the solution. I tend to work on updated versions.

    We are systems integrators. We have a partnership with RSA.

    If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation.

    I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    IT Security Head with 1,001-5,000 employees
    Real User
    Has a simple dashboard and you can develop connectors for any application, but it is difficult to set up
    Pros and Cons
    • "The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
    • "The initial setup is very complex and should be simplified."

    What is our primary use case?

    The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

    What is most valuable?

    The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it. With some other solutions, creating custom connectors is very costly.

    The dashboard is very simple to use.

    What needs improvement?

    The initial setup is very complex and should be simplified.

    We had some trouble integrating with our Check Point firewall.

    For how long have I used the solution?

    I used RSA NetWitness for a couple of months in my previous company.

    What do I think about the stability of the solution?

    It was too early to say whether this solution was stable because you need at least a year to determine that. In the initial stages, we were still getting a lot of alerts because there was no time to fine-tune it. Maybe after six or eight months, we would have been able to say whether the product was stable. Just before reaching that point, I left the organization.

    What I can say is that for the time I was there, we did not experience any bugs, crashes, or glitches.

    What do I think about the scalability of the solution?

    This solution is scalable. We had between 20 and 25 users, although, on a daily basis, I would say that 13 to 16 people used it.

    How are customer service and technical support?

    We did not interact with technical support because we were working with the vendor, and the vendor was working with them.

    Which solution did I use previously and why did I switch?

    We tried to implement Paladion but we were not about to complete our PoC because of problems.

    How was the initial setup?

    The initial setup is very complex. It requires having knowledge of what components do and which go where. An example is knowing which component will fetch data and where it goes. This is very difficult for somebody new and a person should have a minimum of one to two years of work experience.

    Our deployment of the two solutions and having them work simultaneously took between four and five months.

    What about the implementation team?

    We have an in-house team, but the vendor gave us support as well. The initial setup was very tough, which is why it took four or five months to implement everything and make sure that it was configured as per our requirements.

    There were six people involved in the deployment. Three from the vendor's team and three from my team. They were working day and night to make sure that things worked well.

    The number of people required for maintenance depends on the hours of operation. If the business hours are 24/7 for the entire year then two people are required for maintenance.

    Which other solutions did I evaluate?

    We did not evaluate other options.

    What other advice do I have?

    My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all.

    Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product.

    I would rate this solution a six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Security Engineer/Architect at Telecom Italia
    Real User
    Offers good security, integrates well, and they have good technical support
    Pros and Cons
    • "The most valuable feature is the security that it provides."
    • "It is not so easy to customize this product."

    What is our primary use case?

    We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

    What is most valuable?

    The most valuable feature is the security that it provides.

    The log-related capabilities are good.

    It integrates well with other risk-assessment tools.

    What needs improvement?

    It is not so easy to customize this product.

    This product would be improved with the addition of machine learning functionality.

    For how long have I used the solution?

    I have been working with this product for perhaps eight years.

    What do I think about the stability of the solution?

    Stability is not a problem with NetWitness.

    What do I think about the scalability of the solution?

    We have not heard any complaints about scalability. This is generally for enterprise-level companies.

    How are customer service and technical support?

    The technical support is good and our customers are satisfied with it.

    Which solution did I use previously and why did I switch?

    We use McAfee for internal purposes.

    How was the initial setup?

    The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

    What other advice do I have?

    They have just introduced an orchestration tool, although I don't know how it works yet.

    Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Team Leader & Head of MSSP at We Ankor
    Real User
    Good features for investigating network problems but it is pricey and lacking in usability
    Pros and Cons
    • "The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
    • "The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

    What is our primary use case?

    We are no longer using this solution, however, it was used mostly for network monitoring. 

    What is most valuable?

    The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

    What needs improvement?

    The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying.

    Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else.

    The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers.

    For how long have I used the solution?

    About one year, on and off.

    What do I think about the stability of the solution?

    I cannot say that the solution was stable because it tended to crash. We were using it before version 11, where some of the problems were supposed to be solved. I have heard from insiders that version 11 does not hold up to the hype and they're still facing some of the same problems.

    What do I think about the scalability of the solution?

    I think that the solution is scalable because you can easily add news hosts. This is one of the things that was really straightforward and we appreciated. 

    How are customer service and technical support?

    The people that we spoke with from technical support were really professional. Some visited us on-site and did some training with our analysists. They are really good staff and we really liked it. The company that did the integration at the site where I was working was planning on re-hiring them for other customers, so they made a good impression.

    The support is responsive by email, but initially, it is a little bit lacking. Beyond the initial emails, it is quite professional.

    How was the initial setup?

    I was not part of the initial setup, but I can tell you that managing the system, in general, is not straightforward. It is quite elusive and very confusing, even after calls to technical support.

    What's my experience with pricing, setup cost, and licensing?

    This is a pricey solution; it's not cheap.

    Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

    What other advice do I have?

    This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    reviewer1308300 - PeerSpot reviewer
    Information Securuty Analyst at a tech services company with 11-50 employees
    Real User
    Good performance, reporting, and log archiving capability
    Pros and Cons
    • "Performance and reporting are very good."
    • "The user interface is a little bit difficult for new users and it needs to be improved."

    What is our primary use case?

    I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.

    We are also using it to facilitate monitoring and research.

    What is most valuable?

    Performance and reporting are very good. 

    What needs improvement?

    The user interface is a little bit difficult for new users and it needs to be improved.

    It takes a lot of time to register when compared to other solutions.

    For how long have I used the solution?

    I have been using this solution for about one year, although it has been in the company for a couple of years.

    What do I think about the stability of the solution?

    We did have some issues before our upgrade from version 10.6., although they were not major. Since the upgrade, I have noticed that some of these things have gotten better.

    I would say that this is a stable solution, although there are some minor issues that need to be settled. Currently, they are being investigated.

    What do I think about the scalability of the solution?

    We have never had issues with scalability. We can reduce the usage as per our requirement and we increased our capacity in 2019. We are planning to further increase, either this year or next year. Scalability overall is quite easy.

    How are customer service and technical support?

    When we started finding problems, we got in touch with technical support and opened tickets. They worked with us to resolve them. I would rate them good, although not great. At times, I felt that they were being really short with me.

    How was the initial setup?

    I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.

    What about the implementation team?

    The deployment was done by my manager a couple of years ago.

    What other advice do I have?

    My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there.

    I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Download our free NetWitness Platform Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free NetWitness Platform Report and get advice and tips from experienced pros sharing their opinions.