Our primary use case is for the administration of the internal network.
IT security specialist at a comms service provider with 201-500 employees
Detects ransomware in our internal network and offers good protection
Pros and Cons
- "Their technical support responds quickly and are knowledgable."
- "The initial setup was complex because it takes a lot of time to complete the implementation."
What is our primary use case?
How has it helped my organization?
The detection of ransomware in the internal network has benefited my organization.
What is most valuable?
The protection that we get from the firewall is the most valuable aspect that we get from this solution.
What needs improvement?
I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS.
I would like to see a dashboard include PAM so that it's a one-stop shop.
Buyer's Guide
NetWitness Platform
October 2024
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
Three to five years.
Which solution did I use previously and why did I switch?
We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources.
How was the initial setup?
The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.
We have eight users using this solution and plan to increase usage.
What's my experience with pricing, setup cost, and licensing?
The licenses are good but the cost is very expensive.
Which other solutions did I evaluate?
We also looked at IBM QRadar.
What other advice do I have?
I would recommend this solution to somebody considering it.
I would rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT security specialist at a comms service provider with 201-500 employees
The most valuable feature is the correlation. It can report in real-time and monitor the management.
Pros and Cons
- "The most valuable feature is the correlation. It can report in real-time and monitor the management."
- "The implementation needs assistance."
What is our primary use case?
Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.
How has it helped my organization?
The manner in which we can manage logs and information is very important for our organization.
What is most valuable?
The most valuable feature is the correlation. It can report in real-time and monitor the management.
What needs improvement?
The implementation needs assistance.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability of this solution is good.
What do I think about the scalability of the solution?
This solution meets our scalability needs.
How is customer service and technical support?
The technical support is good.
How was the initial setup?
I was not involved in the initial setup of this solution.
What was our ROI?
I like to say it has the trifecta:
- Good
- Beautiful
- Cheap.
What's my experience with pricing, setup cost, and licensing?
It is a cheap solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
NetWitness Platform
October 2024
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Solution Specialist at a tech services company with 11-50 employees
Provides a comprehensive trace investigation with the packet capture feature
Pros and Cons
- "The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
- "There are instances where you try to run the reports and then it does not give you the desired outcome."
What is our primary use case?
The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.
What is most valuable?
The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs. So, the capture packet also gives you specific insight into what's going on in the network, and it makes your trace investigation much more comprehensive.
The user interface is fine.
What needs improvement?
The reporting aspect could be improved. There are instances where you try to run the reports and then it does not give you the desired outcome. At times, it appears as if the reporting feature might be buggy.
You want to actually follow the trends and see how technology is advancing. I think they've done that with regard to security orchestration, automation, and response. However, I think that they could do better with the automation and response.
For how long have I used the solution?
We have been selling RSA NetWitness Logs and Packets (RSA SIEM) for 18 months now.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
This solution is scalable.
How are customer service and technical support?
Technical support has been quite a challenge. There are instances where you reach out to support, and the initial response is fast. When they get to experience what the problem is, we would expect them to be able to fix it on time, but then, we'd notice that there could be quite a lot of back and forth with customers in trying to get an issue resolved.
This is a situation where you have other solutions plugging into this one, so there are times when the issue being experienced has to do with another solution. So there are problems with accepting responsibility.
In general, I would rate them at 70% on technical support.
How was the initial setup?
I've not been involved in initial setup, but I've seen upgrades. I think it's quite straightforward.
What's my experience with pricing, setup cost, and licensing?
From a pricing perspective, I wouldn't say it's too expensive because recently, they came up with a good plan that would also work for small enterprises.
At the early stage, it was quite appliance-based, but now you have virtual machines that take away the appliance cost for customers. So, price wise, it is fair compared to the cost of other SIEM solutions.
What other advice do I have?
It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Managing Architect at a tech company with 10,001+ employees
Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.
Valuable Features
I have found the Security Intelligence most valuable.
Improvements to My Organization
Adding Threat Globe and SA(Analytics).
Room for Improvement
Cross Platform Integration could be improved.
Use of Solution
I have been using the solution for more than 8 Years.
Deployment Issues
No issues with deployment.
Stability Issues
No issues with stability.
Scalability Issues
Yes.
Customer Service and Technical Support
Customer Service: It's good for Enterprise Customer’s.Technical Support: It's good for Enterprise Customer’s.
ROI
Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.
Other Advice
This purely is an Enterprise Product and one has to have a defined budget and plan; it’s good to fit Business requirements first, and then go for products.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free NetWitness Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Netgate pfSense
Splunk Enterprise Security
Microsoft Sentinel
CyberArk Privileged Access Manager
IBM Security QRadar
Elastic Security
Palo Alto Networks WildFire
AWS Security Hub
LogRhythm SIEM
Cisco Secure Network Analytics
Rapid7 InsightIDR
Microsoft Defender for Identity
Arbor DDoS
Fortinet FortiSIEM
Buyer's Guide
Download our free NetWitness Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?