We performed a comparison between NetWitness Platform, RiskIQ Illuminate, and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The most valuable feature is the hunting ability to work in a CERT."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The product's initial setup phase was not at all difficult."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Offers a good wireless feature."
"The solution is stable with 12 years of established historical data."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"More customizability is required, which is something that they need to improve on."
"We have encountered issues with unresolved crashes."
"An area for improvement would be better automation and more inbuilt use cases."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The initial setup is complex. There are other solutions that are easier to implement."
"A low-cost service to evaluate the risk score of a supply chain would be very helpful."
"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."
"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
More Trellix Network Detection and Response Pricing and Cost Advice →
Earn 20 points
