NetWitness Platform Reviews

The primary use case of this solution is for security.

We use the UEBA tool.

What we are mainly using are the RSA Concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.

Security needs improvement.

We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack.

There is no SIEM tool in the world that can provide 100% security.

I have been using this solution for five months.

Stability has not been an issue with this product.

It's a scalable solution.

The initial setup was straightforward, not at all complex.

There are approximately 1,400 devices that are integrated into RSA in my organization. While I was not a part of the integration, from my knowledge, it would take a week.

We have looked at similar systems and find that the architecture is somewhat different, yet the functionality is similar.

This is a product that I recommend.

I would rate this solution an eight out of ten.

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.

We are also using it to facilitate monitoring and research.

Performance and reporting are very good. 

The user interface is a little bit difficult for new users and it needs to be improved.

It takes a lot of time to register when compared to other solutions.

I have been using this solution for about one year, although it has been in the company for a couple of years.

We did have some issues before our upgrade from version 10.6., although they were not major. Since the upgrade, I have noticed that some of these things have gotten better.

I would say that this is a stable solution, although there are some minor issues that need to be settled. Currently, they are being investigated.

We have never had issues with scalability. We can reduce the usage as per our requirement and we increased our capacity in 2019. We are planning to further increase, either this year or next year. Scalability overall is quite easy.

When we started finding problems, we got in touch with technical support and opened tickets. They worked with us to resolve them. I would rate them good, although not great. At times, I felt that they were being really short with me.

I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.

The deployment was done by my manager a couple of years ago.

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there.

I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface.

I would rate this solution an eight out of ten.

 Our customers are enterprise-level businesses.

The most valuable features are the integration and ease of use. It is a pretty simple platform that can integrate very well with our system.

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people.

I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches. 

We began using RSA NetWitness Logs and Packets not long ago.

This is a very stable product.

I have not been in contact with technical support.

I would say that RSA University is fair and square. It is a bit tricky because they have changed the learning platform and I had trouble enrolling in courses. I needed to contact Dell EMC support, which is the same support for RSA, and they assigned the courses to me in one or two hours. In the end, I was very satisfied. It is a bit expensive but the companies are paying for it.

The initial setup is straightforward. I am also coding so it is easy for me to adapt.

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use.

The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone.

I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation.

Overall, this is a good solution with suitable features and it very well fits our needs.

I would rate this solution a nine out of ten.

The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it. With some other solutions, creating custom connectors is very costly.

The dashboard is very simple to use.

The initial setup is very complex and should be simplified.

We had some trouble integrating with our Check Point firewall.

I used RSA NetWitness for a couple of months in my previous company.

It was too early to say whether this solution was stable because you need at least a year to determine that. In the initial stages, we were still getting a lot of alerts because there was no time to fine-tune it. Maybe after six or eight months, we would have been able to say whether the product was stable. Just before reaching that point, I left the organization.

What I can say is that for the time I was there, we did not experience any bugs, crashes, or glitches.

This solution is scalable. We had between 20 and 25 users, although, on a daily basis, I would say that 13 to 16 people used it.

We did not interact with technical support because we were working with the vendor, and the vendor was working with them.

We tried to implement Paladion but we were not about to complete our PoC because of problems.

The initial setup is very complex. It requires having knowledge of what components do and which go where. An example is knowing which component will fetch data and where it goes. This is very difficult for somebody new and a person should have a minimum of one to two years of work experience.

Our deployment of the two solutions and having them work simultaneously took between four and five months.

We have an in-house team, but the vendor gave us support as well. The initial setup was very tough, which is why it took four or five months to implement everything and make sure that it was configured as per our requirements.

There were six people involved in the deployment. Three from the vendor's team and three from my team. They were working day and night to make sure that things worked well.

The number of people required for maintenance depends on the hours of operation. If the business hours are 24/7 for the entire year then two people are required for maintenance.

We did not evaluate other options.

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all.

Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product.

I would rate this solution a six out of ten.

We are no longer using this solution, however, it was used mostly for network monitoring. 

The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that. You can see the payload and deconstruct the packets.

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying.

Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else.

The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers.

I cannot say that the solution was stable because it tended to crash. We were using it before version 11, where some of the problems were supposed to be solved. I have heard from insiders that version 11 does not hold up to the hype and they're still facing some of the same problems.

I think that the solution is scalable because you can easily add news hosts. This is one of the things that was really straightforward and we appreciated. 

The people that we spoke with from technical support were really professional. Some visited us on-site and did some training with our analysists. They are really good staff and we really liked it. The company that did the integration at the site where I was working was planning on re-hiring them for other customers, so they made a good impression.

The support is responsive by email, but initially, it is a little bit lacking. Beyond the initial emails, it is quite professional.

I was not part of the initial setup, but I can tell you that managing the system, in general, is not straightforward. It is quite elusive and very confusing, even after calls to technical support.

This is a pricey solution; it's not cheap.

Perhaps if the implementation is small then it is not bad, but if you have a global network or a security agency that needs to be segregated on the network, then it can be quite pricey.

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.

We don't have a primary use case. There are many use cases that we have defined based on business needs.

The most valuable features are its

• ingestion of logs 
• raising of alerts based on those logs.

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

We used RSA as our consultants. Our experience with them wasn't the most productive. We also have various other consultants in to help as well. Their ability to configure this particular platform is limited because it's such a complex product. There are so many classes you need to take in order to be proficient at it. There are so few people on the planet who can do it. You need an army of people to keep this thing going.

It's supposed to help our security program maturity. Has it? I think that's another question.

I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.

Our primary use case is for the administration of the internal network.

The detection of ransomware in the internal network has benefited my organization.

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

The licenses are good but the cost is very expensive. 

We also looked at IBM QRadar.

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

The manner in which we can manage logs and information is very important for our organization. 

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

The implementation needs assistance.

The stability of this solution is good. 

This solution meets our scalability needs. 

The technical support is good. 

I was not involved in the initial setup of this solution. 

I like to say it has the trifecta:

• Good
• Beautiful
• Cheap.

It is a cheap solution.