Try our new research platform with insights from 80,000+ expert users
it_user619134 - PeerSpot reviewer
Direct Sales Director at a tech services company with 501-1,000 employees
Consultant
We can investigate incidents based on logs and raw packets.
Pros and Cons
  • "Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
  • "The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

What is most valuable?

Full packet capture: A must in an SOC

Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network

Built-in Incident Management module for small security/SOC teams

Advanced correlation engine based on metadata flow: Provides nearly real time correlation

Rich reporting options

How has it helped my organization?

We can monitor all traffic to/from our company.

It is possible to track end user behaviour.

With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for processes inside the operating system.

Thanks to this tool, we have a small SOC running in our company.

What needs improvement?

Integration with external tools should be built-in, such as an external sandbox for files.

We can import data using external feeds, using STIX or CVS files.

The REST API is poor

The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.

RSA should improve backup options and High Availability architecture.

Data is stored on separate components without redundancy. It’s possible to have backup for data, but you have to use an external backup solution.

For how long have I used the solution?

I have used this product for two and a half years.

Buyer's Guide
NetWitness Platform
December 2024
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

The system is stable if you provide enough CPU, RAM, and HDD (IOPS). Sizing should be done by RSA Professional Services or by an experienced partner for Virtual Machines. The hardware is sized well.

What do I think about the scalability of the solution?

There were no scalability issues, but you have to know what you are doing. Proper network deployment is important. Metadata flows are quite big between internal system components. Of course, it depends on how many network packets and logs are logged into the system.

How are customer service and support?

I would give technical support a rating of 8/10. Sometimes you have to wait for an initial response, especially if it’s not a critical problem. But when they start investigating, they do it quite well.

Which solution did I use previously and why did I switch?

For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed to run a small SOC in our company.(Packets, logs, endpoints, incident management module, correlation, reporting, and investigation available for analysts.)

How was the initial setup?

It’s a very easy product to install, when you know what you are doing. Customers without any experience should cooperate with RSA Professional Services or a partner company. It’s too complex of a product to deploy for someone without experience. It can be done, but the value coming from RSA or a partner is incomparable.

What's my experience with pricing, setup cost, and licensing?

Prepare use cases, i.e., what to do and how.

Collect information about EPS for logs and total bandwidth for packets. This will allow you to properly size the licensing.

Hardware is too expensive in my opinion (Eastern Europe). It’s cheaper to run virtual machines in a VMware environment. (Keep in mind that CPU, RAM, and especially HDD requirements must be matched.)

Which other solutions did I evaluate?

We had Blue Coat Security Analytics, but we’re an RSA partner so it was natural to use the technology available to us.

What other advice do I have?

  • Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use.
  • Use RSA Professional Services or a partner. Don’t deploy alone.
  • A basic administration course is a must for all administrators.
  • System architecture may be very easy or very complex. Do sizing well with external help.
Disclosure: My company has a business relationship with this vendor other than being a customer: RSA Partner.
PeerSpot user
Alireza Ghahrood - PeerSpot reviewer
Alireza GhahroodConsultant & Instructor -Cyber Security,GovernanceRIskCompliance (CISO as a Services) at Independent
Top 10Real User

Built-in Incident Management module for small security/SOC teams

IT security specialist at a comms service provider with 201-500 employees
Real User
Detects ransomware in our internal network and offers good protection
Pros and Cons
  • "Their technical support responds quickly and are knowledgable."
  • "The initial setup was complex because it takes a lot of time to complete the implementation."

What is our primary use case?

Our primary use case is for the administration of the internal network.

How has it helped my organization?

The detection of ransomware in the internal network has benefited my organization.

What is most valuable?

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

What needs improvement?

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

How was the initial setup?

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

What's my experience with pricing, setup cost, and licensing?

The licenses are good but the cost is very expensive. 

Which other solutions did I evaluate?

We also looked at IBM QRadar.

What other advice do I have?

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
NetWitness Platform
December 2024
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
IT security specialist at a comms service provider with 201-500 employees
Real User
The most valuable feature is the correlation. It can report in real-time and monitor the management.
Pros and Cons
  • "The most valuable feature is the correlation. It can report in real-time and monitor the management."
  • "The implementation needs assistance."

What is our primary use case?

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

How has it helped my organization?

The manner in which we can manage logs and information is very important for our organization. 

What is most valuable?

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

What needs improvement?

The implementation needs assistance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of this solution is good. 

What do I think about the scalability of the solution?

This solution meets our scalability needs. 

How is customer service and technical support?

The technical support is good. 

How was the initial setup?

I was not involved in the initial setup of this solution. 

What was our ROI?

I like to say it has the trifecta:

  • Good
  • Beautiful
  • Cheap.

What's my experience with pricing, setup cost, and licensing?

It is a cheap solution. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user130770 - PeerSpot reviewer
Managing Architect at a tech company with 10,001+ employees
Vendor
Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.

Valuable Features

I have found the Security Intelligence most valuable.

Improvements to My Organization

Adding Threat Globe and SA(Analytics).

Room for Improvement

Cross Platform Integration could be improved.

Use of Solution

I have been using the solution for more than 8 Years.

Deployment Issues

No issues with deployment.

Stability Issues

No issues with stability.

Scalability Issues

Yes.

Customer Service and Technical Support

Customer Service: It's good for Enterprise Customer’s.Technical Support: It's good for Enterprise Customer’s.

ROI

Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.

Other Advice

This purely is an Enterprise Product and one has to have a defined budget and plan; it’s good to fit Business requirements first, and then go for products.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free NetWitness Platform Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free NetWitness Platform Report and get advice and tips from experienced pros sharing their opinions.