NetWitness Platform vs Trellix ESM comparison

"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable feature is the security that it provides."

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The product's initial setup phase was not at all difficult."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The most valuable feature is the hunting ability to work in a CERT."

"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."

"The most valuable feature in ESM is its search and reporting feature. It's really nice."

"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."

"It can be easily deployed with the other solutions."

"It enables us to detect malicious threats, issues, or vulnerabilities in our network."

"The support I have received from the vendor has been great."

"It has performed well and delivered the results that I have been looking for."

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"It is not so easy to customize this product."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"Health monitoring of the event sources and devices."

"Technical support could be improved."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"I would like to see fingerprint recognition included in the next release of this solution."

"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."

"The support from McAfee ESM could improve. They could improve the speed."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."

"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."

"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"This is a pricey solution; it's not cheap."

"It’s cheaper to run virtual machines in a VMware environment."

"We are on an annual license for the use of the solution."

"The product price was reasonable for my region and the market."

"Our license is for one year."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"The licensing cost is based on EPS."

"It is an inexpensive product. We purchase its yearly license."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."

"The product is slightly expensive."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"The cost is dependent on the customer's environment and requirements."