NetWitness NDR vs Plixer Scrutinizer comparison

"The stability of the RSA NetWitness Endpoint is very good."

"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."

"The interface of this solution is very flexible and easy to use."

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

"Technical support is knowledgeable."

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

"Ability to isolate the machine when there are malicious files."

"It's agnostic as far as what your network gear is. As long as it supports an sFlow, JFlow, NetFlow, some kind of flow monitoring, Plixer will support it very well."

"The solution helps to enrich the data context of our network traffic. It allows me to see what applications are most in use on a slightly historical basis, going back a day or week at tops. It allows me to tune QoS or traffic shaping around what's being used. It saves me from having to unnecessarily upgrade, if I don't need to."

"Plixer Scrutinizer is an affordable product. Plixer Scrutinizer is a tool that allows for customization, especially in scenarios where customers need new product features."

"There are other tools out there that will do what Scrutinizer does. But what I have found with Scrutinizer is that it does it very quickly. I've taken 25 million individual data fragments from the different sensors, and it has graphed that and mapped it and presented a picture within 30 seconds. It has a very efficient database algorithm that I am really impressed with."

"The ability to view the status of the top-10 at a glance is helpful. We immediately know which link is over-utilized or heavily used... and it's all in real-time."

"It helps us determine what is going on with our Internet and who is hogging it all up. If we get a real high throughput or a throughput that's going over and getting dropped fairly quickly, we can tell who (or what device) is consuming that traffic."

"It shows us the saturation of the network of devices. It gives us a clear view of the flows in the network to understand, for instance, planning upgrades in the network to get an idea of what's going on the network on traffic flows. It gives us insight, for instance, on what's going on on our VPN Client. There are a lot of things where it provides very helpful information. It also gives us our security reports with quite detailed information on what's going on in the network, and whether there are data exfiltrations and so on."

"As a network engineer, the ability to identify what traffic on the link is consuming all the bandwidth at any given time, and provide immediate feedback to the business, is the most valuable feature."

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."

"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."

"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."

"When analyzing something, you have to click several times. It requires a lot of effort to find something."

"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."

"Threat detection could be better."

"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."

"I wish the reporting side was easier to work with, but it does a decent job. I also wish the reporting side was a little more intuitive or they offered more reporting examples."

"We couldn't get it set up properly."

"Data retention needs improvement. Data retention is a thing where we are looking for a better way to collect flow data for a longer time to do forensic research on security incidents. By default, data retention is quite low. We need detailed data in safe storage for a longer time, e.g., for a couple of months. An improvement would be a way to export data into a secure long-term storage."

"The reporting structure, the front-end GUI, also needs some work. It needs some getting used to. It works fairly well, but it's a technical tool rather than a user tool. You have to understand the structure of the databases before you can really use it."

"In Plixer Scrutinizer, scalability is an area with minor concerns where improvements are required."

"They're working on the security areas, so it can provide more insight. What they have is still pretty much IP-concentric. If they were to make it IP and URL, they'd be a little bit ahead on that."

"The solution creates a visual map of a particular location and how the network flows. You need to spend time to generate all those maps. If they could figure out a way to reduce the time needed to generate the maps, that would be great."

"For updating the Scrutinizer platform, when we have the actual data, it never happens in one day. Every time we have the data, we are obliged to install a new server in order to integrate the old data, and every time it has a problem. Most of the time, we were obliged to scrap all the data because we couldn't transfer it to the new server. So, it would be very good if they could improve this part."

"I do not have any opinion on the pricing or licensing of the product."

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

"We are on a three-year contract to use RSA NetWitness Network."

"It is highly scalable. It can be bought based on your requirements."

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"It is an expensive product."

"It's about €10,000 a year for initial license and yearly maintenance costs. In addition, the hardware costs are about €10,000 once every five years."

"I rate Plixer Scrutinizer's price a three on a scale of one to ten, where one is low price or affordable, and ten is high price or expensive."

"We recently bought a license upgrade, so we will integrate more exporters. We upgraded from a 25 exporter license to a 50 exporter license. Therefore, there will be more flows, and this will be an extension. I don't know when we will purchase a faster server, because the server that we have is quite new."

"There are no extra costs. It's about $8,000 a year. The bang for the buck (cost) is definitely a plus."

"We have increased the license over time. We have added more licenses as the network has grown."

"Our entire solution, amortized over five years, is in the vicinity of $40,000 to $50,000 a year."

"Currently, the license for Plixer Scrutinizer is subscription-based and at a yearly fee. The price would depend on the amount of traffic you pull in. For example, there are several blocks from a 10K flow, a 40K flow, and a 100K flow, and based on the number of devices that you receive the flows from, that's the license, and it is not a per-interface pricing model, so that is a very strong, very competitive pricing feature of Plixer Scrutinizer. Licensing for the product is also not based on the number of storage, compared to some competing products that are priced based on the amount of storage you need, particularly based on the retention and the amount of data. Plixer Scrutinizer licensing is based on the device, and it's more in the direction of $10,000 because, with just $1,000, you don't have anything."

"The license is per device. We have 50 devices."