We performed a comparison between FireEye Network Security and RSA NetWitness Logs and Packets (RSA SIEM) based on real PeerSpot user reviews.
Find out in this report how the two ATP (Advanced Threat Protection) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time."
"The good part is that you don't have to configure it, which is very convenient."
"It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have."
"The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance."
"Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
"Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."
"The basic features are okay and I'm satisfied with the Defender."
"The deployment capability is a great feature."
"The most valuable feature is the network security module."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"The solution can scale."
"The server appliance is good."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"Very functional and good for detecting malicious traffic."
"It's quite economical compared to other solutions in the market."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The solution is really scalable for the high-end power, enterprise customer."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Offers a good wireless feature."
"This product's effectiveness could be improved, in terms of detecting unwanted spam or even malware between the emails, compared to other products."
"The custom alerts have to improve a lot."
"In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement."
"Configuration requires going to a lot of places rather than just accessing one tab."
"We are always looking for others tools to increase automation on tasks. There can be better integration with other solutions, such as PowerPoint and email."
"It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers."
"They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not."
"There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."
"Technical support could be improved."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"It is an expensive solution."
"Technical packaging could be improved."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"It is very expensive, the price could be better."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The solution should have more integration capabilities with different platforms."
"Technical support could be improved."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing, and automatically investigates and remediates attacks. With Defender for O365 you get Integrated threat protection for all of Office 365 that gives you:
- Native protection for Office 365 with built-in protection that simplifies administration, lowers total cost of ownership, and boosts productivity.
- Unparalleled scale and effectiveness with powerful automated workflows to improve SecOps efficiency.
- A complete solution for collaboration that protects you from attacks across the kill chain.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
FireEye Network Security is an advanced threat protection and breach detection platform that provides industry leading threat visibility and protection against the world’s most sophisticated and damaging attacks. By leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core.
If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.
FireEye Network Security is ranked 8th in ATP (Advanced Threat Protection) with 7 reviews while RSA NetWitness Logs and Packets (RSA SIEM) is ranked 7th in ATP (Advanced Threat Protection) with 12 reviews. FireEye Network Security is rated 8.8, while RSA NetWitness Logs and Packets (RSA SIEM) is rated 7.4. The top reviewer of FireEye Network Security writes "A reliable and complete network protection solution that protects from signature-based and signature-less attacks and has powerful logging". On the other hand, the top reviewer of RSA NetWitness Logs and Packets (RSA SIEM) writes "Economical with good technical support and is easily scalable". FireEye Network Security is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, Zscaler Internet Access, Check Point SandBlast Network and Cisco ASA Firewall, whereas RSA NetWitness Logs and Packets (RSA SIEM) is most compared with Splunk, IBM QRadar, RSA enVision, ArcSight Enterprise Security Manager (ESM) and Cisco Secure Network Analytics. See our FireEye Network Security vs. RSA NetWitness Logs and Packets (RSA SIEM) report.
See our list of best ATP (Advanced Threat Protection) vendors.
We monitor all ATP (Advanced Threat Protection) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.