NetWitness Platform Reviews

The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in. 

The wireless feature is good, it tells you when to check a spot, which file it has used to encrypt, whether it is spreading and how many hosts have been infected. It's about data analysis. Looking at the network logs, it's difficult to figure out where the problem is coming from and where it's going, but those kinds of features help me a lot. The solution provides lots of automatic rules which is helpful. Technically speaking, this is a good product. 

I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's very costly. 

This is a stable product. 

We're using the solution extensively in our shipping business so it is scalable. We probably have seven or eight users and the solution is in use 24/7. 

Getting technical support takes time, they get a lot of calls and we generally only get a response the following day. Cisco is better with technical support. 

The initial setup is not straightforward because of all the integrations required. It needs the aggregate data, data concentrator, defense, correlation roots, and more. 

It would help if they could provide the malware analytics in the core package as that would make the cost more reasonable. Licensing is paid annually and I believe the cost is somewhere between 12,000 - 15,000 Pounds per year. It's very high. 

I would recommend this solution. 

I rate this solution a nine out of 10. 

I use NetWitness Platform in the financial industry as a good product with excellent capabilities and integration with various devices.

NetWitness Platform offers flexibility for deployment and robust integration capabilities. It excels in research events, analytics data, and reporting. It is particularly beneficial for reporting purposes, offering efficient solutions.

There is currently no need for improvement in the SIEM, though there could be potential enhancements by integrating with AI.

The support is good, and I would rate it nine out of ten.

Positive

In the financial industry, I used other solutions like Exabeam or UEBA from other providers.

The initial setup was not complex. On a scale of zero to ten, where ten is the easiest, I would rate it seven or eight.

The solution is efficient, though I do not provide specific ROI details.

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

I used alternatives like Exabeam or UEBA from other providers in other industries.

I would rate the SIEM eight out of ten.

I am using the on-premises deployment model.

We are using this solution for security.

The most valuable features are the packet inspection and the automated incident response.

More customizability is required, which is something that they need to improve on.

When it comes to starting a log event, there are not many options available. It is very limited.

The log and event correlation need improvement.

The threat detection capability should be enhanced.

I have been using this solution for one month.

We are using it on a daily basis and, so far, it has been stable.

We have approximately 6000 employees, which means that we have 6000 endpoints that this product is working with. It is easy to scale it up to production.

We have not had to contact technical support.

In this company, they did not use a similar solution prior to this one. Personally, I used Splunk in my previous organization. Definitely, I prefer to use Splunk because there is more functionality, visibility, and options. You can do whatever you want with Splunk.

The initial setup is not complex, and more on the simple side. Our deployment took almost five months in total.

We had assistance from an integrator and the vendor for our deployment.

We have administrators in the company who take care of administration and maintenance. The vendor was only needed for the implementation.

RSA is something that I can recommend.

I would rate this solution a six out of ten.

On-premises

The primary use case of this solution is for security.

We use the UEBA tool.

What we are mainly using are the RSA Concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.

Security needs improvement.

We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack.

There is no SIEM tool in the world that can provide 100% security.

I have been using this solution for five months.

Stability has not been an issue with this product.

It's a scalable solution.

The initial setup was straightforward, not at all complex.

There are approximately 1,400 devices that are integrated into RSA in my organization. While I was not a part of the integration, from my knowledge, it would take a week.

We have looked at similar systems and find that the architecture is somewhat different, yet the functionality is similar.

This is a product that I recommend.

I would rate this solution an eight out of ten.

We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

The most valuable feature is the security that it provides.

The log-related capabilities are good.

It integrates well with other risk-assessment tools.

It is not so easy to customize this product.

This product would be improved with the addition of machine learning functionality.

I have been working with this product for perhaps eight years.

Stability is not a problem with NetWitness.

We have not heard any complaints about scalability. This is generally for enterprise-level companies.

The technical support is good and our customers are satisfied with it.

We use McAfee for internal purposes.

The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

They have just introduced an orchestration tool, although I don't know how it works yet.

Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs.

I would rate this solution an eight out of ten.

Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.

The most valuable features are the threat prediction and network forensics. For example, if there is any malware on the network, I am able to see who received it and who clicked on it. I like this functionality the most.

The deployment of the appliance is easy, where even a non-technical person can configure it.

The SOAR (security orchestration, automation, and response) component has areas for improvement.

Technical support needs to be improved.

Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM.

Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support.

We have been using RSA NetWitness for about 10 years.

There are no issues in terms of stability.

This solution is pretty scalable, as I am using the VM infrastructure. It can scale to whatever you need.

I am not happy with the RSA support. Sometimes they can be really annoying because it takes so long to get the support that you need.

I have used RSA enVision and ArcSight in the past. We migrated from RSA enVision because they had declared the product end-of-life and upgraded to the NetWitness platform.

The Logs component is similar to what other competitors, such as IBM, ArcSight, and LogRhythm have. What distinguishes this solution is the Packets component. It is critical and something that people should make use of.

It is easy to deploy the appliance. Anyone can mount and configure it. There is a simple, pre-built OS that they just need to mount in the VM infrastructure, and that is clearly mentioned in the documentation. It will take two or three days to deploy, at most.

The challenge comes with trying to integrate with third-party application servers. 

We deployed this solution with our in-house team.

The number of people required for maintenance depends on your use case. If you are only using it to maintain the infrastructure then two staff is sufficient. However, if you want to implement a full-fledged SOC then you will need at least four or five people.

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it.

Overall, I feel that the product is very good and my biggest complaint is about their support.

I would rate this solution an eight out of ten.

On-premises

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.

We are also using it to facilitate monitoring and research.

Performance and reporting are very good. 

The user interface is a little bit difficult for new users and it needs to be improved.

It takes a lot of time to register when compared to other solutions.

I have been using this solution for about one year, although it has been in the company for a couple of years.

We did have some issues before our upgrade from version 10.6., although they were not major. Since the upgrade, I have noticed that some of these things have gotten better.

I would say that this is a stable solution, although there are some minor issues that need to be settled. Currently, they are being investigated.

We have never had issues with scalability. We can reduce the usage as per our requirement and we increased our capacity in 2019. We are planning to further increase, either this year or next year. Scalability overall is quite easy.

When we started finding problems, we got in touch with technical support and opened tickets. They worked with us to resolve them. I would rate them good, although not great. At times, I felt that they were being really short with me.

I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.

The deployment was done by my manager a couple of years ago.

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there.

I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface.

I would rate this solution an eight out of ten.

On-premises

 Our customers are enterprise-level businesses.

The most valuable features are the integration and ease of use. It is a pretty simple platform that can integrate very well with our system.

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people.

I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches. 

We began using RSA NetWitness Logs and Packets not long ago.

This is a very stable product.

I have not been in contact with technical support.

I would say that RSA University is fair and square. It is a bit tricky because they have changed the learning platform and I had trouble enrolling in courses. I needed to contact Dell EMC support, which is the same support for RSA, and they assigned the courses to me in one or two hours. In the end, I was very satisfied. It is a bit expensive but the companies are paying for it.

The initial setup is straightforward. I am also coding so it is easy for me to adapt.

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use.

The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone.

I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation.

Overall, this is a good solution with suitable features and it very well fits our needs.

I would rate this solution a nine out of ten.