We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"Incident management is its most valuable feature."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Offers a good wireless feature."
"The solution is really scalable for the high-end power, enterprise customer."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The product’s most valuable feature is log monitoring."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It has performed well and delivered the results that I have been looking for."
"I would like to see more AI used in processes."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The solution could improve the playbooks."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The troubleshooting has room for improvement."
"Health monitoring of the event sources and devices."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The implementation needs assistance."
"It is not so easy to customize this product."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The tool's integration capability isn't so great."
"I would like to see improvements to the user interface."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"Product currently requires Flash."
"The solution needs to improve case management. The UI is confusing."
"I would like to see good analytics in future releases."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"I would like to see fingerprint recognition included in the next release of this solution."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.