Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees
Real User
2022-07-27T13:36:00Z
Jul 27, 2022
I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.
Information Technology Security Consultant at Sify Technologies
Real User
2022-05-30T15:22:00Z
May 30, 2022
Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports.
Presales Manager at a tech services company with 51-200 employees
Real User
2022-05-15T16:58:14Z
May 15, 2022
It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.
Solution Specialist at a tech services company with 11-50 employees
Reseller
Top 20
2021-06-02T19:36:43Z
Jun 2, 2021
The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs.
NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
The product's initial setup phase was not at all difficult.
The product has a user-friendly interface and a valuable feature for threat intelligence integration.
NetWitness Platform is valuable for creating rules that the solution must detect.
Incident management is its most valuable feature.
The most valuable feature is the hunting ability to work in a CERT.
I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.
Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports.
It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.
The solution is really scalable for the high-end power, enterprise customer.
It's quite economical compared to other solutions in the market.
The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs.
Offers a good wireless feature.
The most valuable features are the packet inspection and the automated incident response.
What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.
The most valuable feature is the security that it provides.
The most valuable features are the threat prediction and network forensics.
Performance and reporting are very good.
The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it.
The most valuable features are the integration and ease of use.
The most valuable features are the packet decoder, log decoder, and concentrator.
It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.
The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.
The most valuable features are its ingestion of logs and raising of alerts based on those logs.
Their technical support responds quickly and are knowledgable.
The most valuable feature is the correlation. It can report in real-time and monitor the management.
It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.