We performed a comparison between NetWitness Platform and Trellix Advanced Threat Defense based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The product's initial setup phase was not at all difficult."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Incident management is its most valuable feature."
"It is very scalable."
"It stops in excess of twenty-five malware events per month, all of which could be critical to the business."
"Its greatest strength is the DXL client which can rapidly disseminate attack information to all clients via the McAfee Agent instead of going through the ePO server."
"The most valuable features are the administration console and its detection and response module."
"It is stable and reliable."
"Provides good exfiltration, and is an all-in-one product."
"I recommend this solution because of its ease of use."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Security needs improvement."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"It is not so easy to customize this product."
"More customizability is required, which is something that they need to improve on."
"Make the ATD system a part of the whole product and take the whole thing onto the cloud. While it is there already, it is not to the same level as the on-premise version."
"There could be a tool that automatically updates all-new Microsoft IPs, which are available for free to connect to the client."
"We'd like them to be better at dealing with script threats."
"Lacks remote capabilities not dependent on the internet."
"I would like to see future versions of the solution incorporate artificial intelligence technology."
"The initial setup was industry standard complex. It takes awhile and has a lot of planning involved. It could be simplified with product redesign."
"This solution needs to be made "cloud ready"."
More Trellix Advanced Threat Defense Pricing and Cost Advice →
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Trellix Advanced Threat Defense is ranked 20th in Advanced Threat Protection (ATP) with 8 reviews. NetWitness Platform is rated 7.4, while Trellix Advanced Threat Defense is rated 7.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Advanced Threat Defense writes "Easy to set up and use with a nice interface". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and Cisco Secure Network Analytics, whereas Trellix Advanced Threat Defense is most compared with Microsoft Defender for Office 365, Palo Alto Networks WildFire, Fortinet FortiSandbox, Trellix Network Detection and Response and Microsoft Defender for Identity.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.