No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Trellix Advanced Threat Defense comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th), Security Information and Event Management (SIEM) (36th)
Trellix Advanced Threat Def...
Average Rating
7.8
Reviews Sentiment
5.6
Number of Reviews
9
Ranking in other categories
Advanced Threat Protection (ATP) (23rd)
 

Mindshare comparison

NetWitness Platform and Trellix Advanced Threat Defense aren’t in the same category and serve different purposes. NetWitness Platform is designed for Log Management and holds a mindshare of 1.1%, up 0.3% compared to last year.
Trellix Advanced Threat Defense, on the other hand, focuses on Advanced Threat Protection (ATP), holds 1.9% mindshare, up 1.4% since last year.
Log Management Mindshare Distribution
ProductMindshare (%)
NetWitness Platform1.1%
Splunk Enterprise Security6.9%
Wazuh4.6%
Other87.4%
Log Management
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Trellix Advanced Threat Defense1.9%
Palo Alto Networks WildFire7.1%
Microsoft Defender for Office 3656.4%
Other84.6%
Advanced Threat Protection (ATP)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
PP
RSSI at SDIS49
Ensuring long-term reliability while seeking internal email management enhancements
Prisma is a commercial name of the firewall now, but we don't work with the cloud product. Only our company is using it and we do not recommend it to customers. For us, it's transparent because it's a cloud product, so we don't really know the version as it's always updated. We have not had any problem, but it's difficult to report on what's going on because some days they can wash out perhaps 100 mails, and then it's difficult to say how many attacks you have reached. The right email has been washed out and then nobody has complained. We do not use the Threat Visualization feature; as we are in MX, the mail is washed out before it is in the mail inbox of the user, thus avoiding any problem requiring a reservation. In fact, there is no integration with existing security frameworks. The only problem we can have is that as we have no API interface, there is no inspection of internal mail. I rate Trellix Advanced Threat Defense a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Overall, this is a good solution with suitable features and it very well fits our needs."
"The most valuable feature is the hunting ability to work in a CERT."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Once it is deployed and you are used to it, you can do whatever you want."
"NetWitness can be highly beneficial for incident detection and response."
"It's quite economical compared to other solutions in the market."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"Offers a good wireless feature."
"The product is expensive, but it is better than the rest of them in the industry."
"Provides good exfiltration, and is an all-in-one product."
"If a system admin can put in the patience to read and constantly update the ePO system in terms of rules, enforcing them at regular intervals, you can safely go to sleep every night."
"I see ROI, as it stops in excess of twenty-five malware events per month, all of which could be critical to the business."
"It is stable and reliable."
"The features I find most valuable are: the management, the ability for automatic remediation of threats and it can successfully detect a threat, and to act upon it."
"The most valuable features are the administration console and its detection and response module."
"Its greatest strength is the DXL client which can rapidly disseminate attack information to all clients via the McAfee Agent instead of going through the ePO server."
 

Cons

"The initial setup is complex. There are other solutions that are easier to implement."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"I cannot say that the solution was stable because it tended to crash."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions."
"It is not so easy to customize this product."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"Make the ATD appliance a part of the whole product offering and take the whole thing onto the cloud."
"I would like to see future versions of the solution incorporate artificial intelligence technology."
"The support on their side is not readily available. It takes a while."
"The only problem we can have is that as we have no API interface, there is no inspection of internal mail."
"This product does the job, but it is not flexible enough to do new environments yet."
"Some of our customers have mentioned the lack of a tool that would allow for remote capabilities without being attached to the internet."
"Lacks remote capabilities not dependent on the internet."
"The initial setup was industry standard complex. It takes awhile and has a lot of planning involved. It could be simplified with product redesign."
 

Pricing and Cost Advice

"It is cheap."
"Compared to the competition, the is price is not that high."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The product is expensive."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"Our license is for one year."
"The licenses are good but the cost is very expensive."
"It’s cheaper to run virtual machines in a VMware environment."
"Our licensing fees for this solution are approximately one million dollars per year."
"The product is expensive, but it is better than the rest of them in the industry."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
Construction Company
17%
Financial Services Firm
12%
Comms Service Provider
10%
Outsourcing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise4
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
What needs improvement with McAfee Advanced Threat Defense?
I would like to see an API interface for internal email and control of outgoing email to make it closer to 10. It's necessary; today we have an MX interface, and it would be interesting to have an ...
What is your primary use case for McAfee Advanced Threat Defense?
We are working with Palo Alto products, specifically firewalls. We are only using Palo Alto Firewalls and not Cortex. With FireEye and Trellix, we only work with ETP now because the NDR function wh...
What advice do you have for others considering McAfee Advanced Threat Defense?
Prisma is a commercial name of the firewall now, but we don't work with the cloud product. Only our company is using it and we do not recommend it to customers. For us, it's transparent because it'...
 

Also Known As

RSA Security Analytics
McAfee Advanced Threat Defense
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
The Radicati Group, Florida International University, MGM Resorts International, County Durham andDarlington NHS Foundation Trust
Find out what your peers are saying about Splunk, Wazuh, Cribl and others in Log Management. Updated: July 2026.
904,748 professionals have used our research since 2012.