Valuable features of NetWitness NDR include high detection rate, detailed traffic capture, efficient incident response, real-time malware location, lightweight performance, perfect reporting, seamless third-party integration with an easy-to-use API, and a unified dashboard. Users appreciate its interoperability across operating systems, visualizations, behavior analytics, and flexible interface. Enhanced features include instant threat response, web interface, and isolated machine capability. It operates without heavy IT management involvement and technical support is knowledgeable.
- "Technical support is knowledgeable."
- "It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
- "The interface of this solution is very flexible and easy to use."
NetWitness NDR requires improvements in contamination features and ease of use. Clicking multiple times during analysis is cumbersome. Scalability and security orchestration need enhancement. The deployment process involving MSI files is complex. Pricing and training costs are high. The tool is slow and suffers from configuration and log passing issues. Threat intelligence should be better, and the UI needs a longer session time. Integration with non-native applications and improved detection features are also necessary.
- "Threat detection could be better."
- "The integration of the solution needs to be improved. The dashboard needs lots of updates as well.In the next release, we would like to see advanced fraud detection features."
- "We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
