NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable features are the packet inspection and the automated incident response."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The most valuable feature is the hunting ability to work in a CERT."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"It's quite economical compared to other solutions in the market."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"Very functional and good for detecting malicious traffic."

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"The most valuable feature is the network security module."

"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."

"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"The log system is a bit complex and has room for improvement."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"The implementation needs assistance."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"It is not so easy to customize this product."

"The initial setup is complex. There are other solutions that are easier to implement."

"The product's licensing models are complex to understand. This particular area needs improvement."

"More customizability is required, which is something that they need to improve on."

"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."

"It is not a very secure product."

"Cybersecurity posture has room for improvement."

"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response."

"This is a pricey solution; it's not cheap."

"It is cheap."

"The product is expensive."

"We are on an annual license for the use of the solution."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"The tool is a bit pricey."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"Pricing and licensing are reasonable compared to competitors."

"The user fee is not as high but the maintenance fee is expensive."

"The pricing is a little high."