NetWitness Platform vs Trellix ESM comparison

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The solution is really scalable for the high-end power, enterprise customer."

"Their technical support responds quickly and are knowledgable."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"NetWitness can be highly beneficial for incident detection and response."

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."

"Trellix ESM utilizes fewer human resources and improves security and visibility."

"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."

"This solution integrates easily and very well with other technologies."

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"The product’s most valuable feature is log monitoring."

"It can be easily deployed with the other solutions."

"An area for improvement would be better automation and more inbuilt use cases."

"The tool's integration capability isn't so great."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"There are instances where you try to run the reports and then it does not give you the desired outcome."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"The initial setup is complex. There are other solutions that are easier to implement."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"It is more difficult to operate Trellix ESM than other solutions."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."

"Product-wise, adding accounts on a single data source by batch would be a really great help."

"Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentiality and accessibility during network outages."

"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."

"Customized reports and alerting functionality could be included in the dashboard."

"The product's stability is an area of concern where improvements are required."

"The product is expensive."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The product price was reasonable for my region and the market."

"It is cheap."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"Our license is for one year."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."

"It is an inexpensive product. We purchase its yearly license."

"The product is slightly expensive."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"We renew our license annually."

"The licensing cost is based on EPS."