NetWitness Platform Reviews

Our primary use case is for the administration of the internal network.

The detection of ransomware in the internal network has benefited my organization.

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

Three to five years.

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

The licenses are good but the cost is very expensive. 

We also looked at IBM QRadar.

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

The manner in which we can manage logs and information is very important for our organization. 

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

The implementation needs assistance.

One to three years.

The stability of this solution is good. 

This solution meets our scalability needs. 

The technical support is good. 

I was not involved in the initial setup of this solution. 

I like to say it has the trifecta:

• Good
• Beautiful
• Cheap.

It is a cheap solution. 

The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.

The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs. So, the capture packet also gives you specific insight into what's going on in the network, and it makes your trace investigation much more comprehensive.

The user interface is fine.

The reporting aspect could be improved. There are instances where you try to run the reports and then it does not give you the desired outcome. At times, it appears as if the reporting feature might be buggy.

You want to actually follow the trends and see how technology is advancing. I think they've done that with regard to security orchestration, automation, and response. However, I think that they could do better with the automation and response.

We have been selling RSA NetWitness Logs and Packets (RSA SIEM) for 18 months now.

It is stable.

This solution is scalable.

Technical support has been quite a challenge. There are instances where you reach out to support, and the initial response is fast. When they get to experience what the problem is, we would expect them to be able to fix it on time, but then, we'd notice that there could be quite a lot of back and forth with customers in trying to get an issue resolved.

This is a situation where you have other solutions plugging into this one, so there are times when the issue being experienced has to do with another solution. So there are problems with accepting responsibility.

In general, I would rate them at 70% on technical support.

I've not been involved in initial setup, but I've seen upgrades. I think it's quite straightforward.

From a pricing perspective, I wouldn't say it's too expensive because recently, they came up with a good plan that would also work for small enterprises.

At the early stage, it was quite appliance-based, but now you have virtual machines that take away the appliance cost for customers. So, price wise, it is fair compared to the cost of other SIEM solutions.

It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others. 

I have found the Security Intelligence most valuable.

Adding Threat Globe and SA(Analytics).

Cross Platform Integration could be improved.

I have been using the solution for more than 8 Years.

No issues with deployment.

No issues with stability.

Yes.

Customer Service: It's good for Enterprise Customer’s.Technical Support: It's good for Enterprise Customer’s.

Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.

This purely is an Enterprise Product and one has to have a defined budget and plan; it’s good to fit Business requirements first, and then go for products.