NetWitness NDR Reviews

The threat intelligence could improve in RSA NetWitness Endpoint.

I have been using RSA NetWitness Endpoint for approximately seven years.

The stability of the RSA NetWitness Endpoint is very good.

RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution. This solution has hard-coded IP addresses in its agents. When somebody wants to migrate from one data center to another data center, they have to reinstall all the agents. They can't change the hard-coded IP address to allow communication with the target server. That is the largest problem of the solution. Otherwise, in terms of scalability, it's fine.

If they are able to provide provisioning of the IP address change in the agents only when somebody migrates the hardware appliances from one data center to another data center. It would be a great improvement for those who want to migrate.

I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution. They have a single solution in which they can pivot from the NetWitness to the endpoint. Everything is combined in a single pane of glass.

Earlier, they used to have distinct solutions. The NetWitness EDI used another pane of glass and then the EDR used a different one. Now the EDR and MDR have been combined into a single solution. That is an advantage from the security perspective. They can use a lateral movement and see all aspects in a single pane of glass. It's an easy investigation for everyone. I would definitely recommend this solution.

I rate RSA NetWitness Endpoint an eight out of ten.

It is our all-in-one platform for logs and packets for our network and for EDR.

It is very easy to use, and its usability is great. The use cases are also very easy. 

The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great.

Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training.

I have been using this solution for about two or three years.

It is very stable.

It is not meant for small businesses. It is for medium to very large enterprises.

They have very good staff in tech support.

Its installation is easy. 

I did it myself.

It is an expensive product.

I would rate RSA NetWitness Network a ten out of ten.

We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.

The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.

When analyzing something, you have to click several times. It requires a lot of effort to find something. The sole purpose of NetWitness is to find text easily, so this is an area that needs to be improved.

The scalability needs improvement, but I think that it is technically difficult.

This is a complex tool to use.

In the next release, if they could include a detection feature or improve the detection then I would like it better.

I have been working with this solution for about one year.

This solution is very stable.

It does not scale. It's one network segment that captures all of the traffic, so it's not scalable at all.

We have six analysts who use this product, with maybe only three or four people in our company.

For support, we contact our reseller.

The initial setup is not complex, it was easy.

We deployed everything on port mirroring.

I set up this solution by myself.

Architects love to use this tool, but the analysis is very complex, which is the point of NetWitness Network.

It's not the best, but it's good. The analytics is probably a ten but because it is complex, but overall, I would rate this solution an eight out of ten.

We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.

The detection rate and tracking features including historical tracking, tracking of the fires on the desk, and tracking of the file last monitored are all quite valuable for us.

The contamination feature could be improved.

I've been using the solution for six years now.

The stability of the solution is good. I'd rate it seven out of ten overall. We've had minor technical issues.

The solution is highly scalable. Users just need to install the agent on the products. Right now, we have about 1,000 users. We use the solution daily.

We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.

We didn't previously use another solution.

The initial setup was pretty straightforward. We didn't run into any issues. I can't recall how long it took to deploy.

We had a professional service assist us with the initial setup.

We use the on-premises deployment model.

The contamination should be improved. If a new user needs better contamination capabilities, they should use something else.

I'd rate the solution seven out of ten. If it offered better triaging of incidents, I'd rate it higher.

We are using it as a SIEM tool. 

One of the most valuable features is the Orchestrator.

This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.

It is stable. We have been using it for some time, without any issues.

I think it would scale nicely but we have not needed to expand our organizational needs yet.

The initial setup was not complex.

I do not have any opinion on the pricing or licensing of the product.

I used other solutions such as EnVision in the past.

It is mainly for market analysis. It has been performing exceedingly well.

It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.

RSA NetWitness does market analysis in a more granular form. It gives you full visibility. You have good visibility across the flow of markets, then you can connect with more security devices across the network. 

The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution. However, customers understand the model, so they buy them in modules and put them together.

The stability is good. It does not fail.

It is highly scalable. It can be bought based on your requirements.

The product has excellent support.

The initial setup requires a high level of skill, then the setup is good and smooth. If you have the skill, then you will get through it easily.

The pricing is good. It is competitive. With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing. They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend.

I would highly recommend the solution. Just go ahead and get it. It is the best you can get.

We chose a solution of RSA endpoint protection because of the value proposition they offered. It became clear that they have the right solution for a serious enterprise and the security operation center (SOC), and they offered the right value.

It meets our major requirements and gives you peace of mind.

We use this solution for network security.

The interface of this solution is very flexible and easy to use.

We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues.

We have been using this solution for two months.

We have found this solution to be stable so far.

The initial setup of this solution is straightforward.

I would rate this solution a nine out of ten.