We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Offers a good wireless feature."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"The solution can scale."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"Support is very helpful and responsive."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"The most valuable feature is the view into the application."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"The initial setup is complex. There are other solutions that are easier to implement."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"An area for improvement would be better automation and more inbuilt use cases."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The tool's integration capability isn't so great."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The log system is a bit complex and has room for improvement."
"More customizability is required, which is something that they need to improve on."
"Technical support could be improved."
"It is an expensive solution."
"The product's integration capabilities are an area of concern where improvements are required."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"The world is currently shifting to AI, but FIreEye is not following suit."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"We'd like the potential for better scaling."
"Stability issues manifested in terms of throughput maximization."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 35 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Blocks traffic and DDoS attacks ". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Zabbix. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.