NetWitness Platform Reviews

Our primary use case is for the administration of the internal network.

The detection of ransomware in the internal network has benefited my organization.

The protection that we get from the firewall is the most valuable aspect that we get from this solution.

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. 

I would like to see a dashboard include PAM so that it's a one-stop shop. 

Three to five years.

We were using Splunk. We switched because it's difficult to configure and it demanded too many network resources. 

The initial setup was complex because it took a lot of time to complete the implementation. The deployment took three to six months. We require four people for maintenance.

We have eight users using this solution and plan to increase usage. 

The licenses are good but the cost is very expensive. 

We also looked at IBM QRadar.

I would recommend this solution to somebody considering it. 

I would rate it a nine out of ten.

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

The manner in which we can manage logs and information is very important for our organization. 

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

The implementation needs assistance.

One to three years.

The stability of this solution is good. 

This solution meets our scalability needs. 

The technical support is good. 

I was not involved in the initial setup of this solution. 

I like to say it has the trifecta:

• Good
• Beautiful
• Cheap.

It is a cheap solution. 

We use it as a network tool to alert any anomalies on the network.

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

One to three years.

The product continues to crash. Even with tech support help, it does not resolve itself.

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system crashes. They configured the rules and then it crashed again. It is quite frustrating.

The packet has a model that is called the extracting and it doesn't really work that well. Usually, it crashes and the re-issue improves it because it is one of the main functions that we use and it doesn't work properly.

It was very hard to implement. After implementation, we found e had to revise everything. With help of support, we eventually managed to stabilize it. But, it took a full year to do so.

The only other solution similar to this is Solera and I do not think our organization will be switching to that. 

I have found the Security Intelligence most valuable.

Adding Threat Globe and SA(Analytics).

Cross Platform Integration could be improved.

I have been using the solution for more than 8 Years.

No issues with deployment.

No issues with stability.

Yes.

Customer Service: It's good for Enterprise Customer’s.Technical Support: It's good for Enterprise Customer’s.

Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents.

This purely is an Enterprise Product and one has to have a defined budget and plan; it’s good to fit Business requirements first, and then go for products.