We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"NetWitness can be highly beneficial for incident detection and response."
"Their technical support responds quickly and are knowledgable."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Performance and reporting are very good."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The solution can scale."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"The product is very easy to configure."
"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"Security needs improvement."
"The initial setup is complex. There are other solutions that are easier to implement."
"The initial setup is very complex and should be simplified."
"Technical support could be improved."
"More customizability is required, which is something that they need to improve on."
"The user interface is a little bit difficult for new users and it needs to be improved."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"We have encountered issues with unresolved crashes."
"The world is currently shifting to AI, but FIreEye is not following suit."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"Stability issues manifested in terms of throughput maximization."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"Management of the appliance could be greatly improved."
"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 35 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Blocks traffic and DDoS attacks ". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Zabbix. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.