NetWitness XDR Reviews

The product is mainly used for security, log reviews, and monitoring.

In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.

The log correlation is good. There may be some benefits to the solution, but most of my time has gone to configure it rather than to work with it. So maybe I'm not so aware of that.

The problem with this product is that it's a bit slow. I am not very happy with this product. In the past, I have worked with a different tool, which was only maintaining a log, but I found that solution much better than NetWitness. It is not properly configured yet.

One part of this product that needs to be improved is the log passing. Often, it doesn't work or logs go missing. There are many licensing complications as well.

I have been working with this product for almost one year. I'm not working directly with the product. I do the implementation for companies. We use the latest versions of the solution.

I'm technically not hands-on with these tools because I manage the team, so I am not exposed to anything.

My own network is very complex. It might be stable, but many times, even our appliances are not. We have had improper shutdowns, so I will not blame RSA. If an improper shutdown happens, then it takes a lot of time to make it up. It doesn't work until you start the machine, and it will work. Finally, you have to get a ticket, then they will do lots of things on them. The services will start and then it will work. We've been having some power issues in my previous assignments, and a lot of trouble in that way.

The solution is scalable. It creates 3,000 lab logs per second. I think the solution is suitable for large companies, or medium to large companies.

I don't think RSA has good support.

The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is troubleshooting and working with technical support. Log passing is also one of the biggest challenges. Sometimes you don't get the logs, but even when we make the log passes, they don't work. They suddenly stop working. It might just be a problem from my side as well, but the end result is that it is not working as smoothly as it should.

Deployment time just depends on different circumstances. Many times, our men were unable to get to the data center. There were some wiring problems and improper shutdowns. We did have trouble with connecting with other people in our department. It took an unusual amount of time. I think we should have been done in 45 to 60 days, but it took us more than eight or nine months to get it done. The deployment time just depends on the current scenario. Tech support would say, "We don't do this, we don't do that. You have to purchase that service and that service."

The pricing is not very economical. It is a costly product for India. When you purchase it, you have to purchase a module separately.

I would rate this solution 4 out of 10. I would not suggest that someone use this solution because support is a main issue. I would prefer to go with IBM QRadar or some other new AI-based tools.

We are customers of RSA.

The valuable feature is being able to isolate the machine when there are malicious files.

The solution doesn't have a reporting engine which would be helpful. I've also found that the UI times out too quickly and you have to close and reopen. It should allow for a longer session time.

I've been using this solution for four years. 

The solution is stable. 

The solution is scalable in terms of coverage. We have more than 2500 endpoints with different levels of users and operating systems. 

Custome support is very good in terms of the knowledge base but the response time is too long. It can sometimes take two days before you get a reply. 

The initial setup was relatively straightforward because we only had to provision the SQL server and then run the setup. We deployed in-house with a DBA and the deployment took a day. We have an external maintenance contract.

We've seen a good ROI. 

I rate this solution eight out of 10. 

We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.

The detection rate and tracking features including historical tracking, tracking of the fires on the desk, and tracking of the file last monitored are all quite valuable for us.

The contamination feature could be improved.

I've been using the solution for six years now.

The stability of the solution is good. I'd rate it seven out of ten overall. We've had minor technical issues.

The solution is highly scalable. Users just need to install the agent on the products. Right now, we have about 1,000 users. We use the solution daily.

We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.

We didn't previously use another solution.

The initial setup was pretty straightforward. We didn't run into any issues. I can't recall how long it took to deploy.

We had a professional service assist us with the initial setup.

We use the on-premises deployment model.

The contamination should be improved. If a new user needs better contamination capabilities, they should use something else.

I'd rate the solution seven out of ten. If it offered better triaging of incidents, I'd rate it higher.

It is our all-in-one platform for logs and packets for our network and for EDR.

It is very easy to use, and its usability is great. The use cases are also very easy. 

The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great.

Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training.

I have been using this solution for about two or three years.

It is very stable.

It is not meant for small businesses. It is for medium to very large enterprises.

They have very good staff in tech support.

Its installation is easy. 

I did it myself.

It is an expensive product.

I would rate RSA NetWitness Network a ten out of ten.

It is mainly for market analysis. It has been performing exceedingly well.

It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.

RSA NetWitness does market analysis in a more granular form. It gives you full visibility. You have good visibility across the flow of markets, then you can connect with more security devices across the network. 

The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution. However, customers understand the model, so they buy them in modules and put them together.

The stability is good. It does not fail.

It is highly scalable. It can be bought based on your requirements.

The product has excellent support.

The initial setup requires a high level of skill, then the setup is good and smooth. If you have the skill, then you will get through it easily.

The pricing is good. It is competitive. With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing. They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend.

I would highly recommend the solution. Just go ahead and get it. It is the best you can get.

We chose a solution of RSA endpoint protection because of the value proposition they offered. It became clear that they have the right solution for a serious enterprise and the security operation center (SOC), and they offered the right value.

It meets our major requirements and gives you peace of mind.

We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.

The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.

When analyzing something, you have to click several times. It requires a lot of effort to find something. The sole purpose of NetWitness is to find text easily, so this is an area that needs to be improved.

The scalability needs improvement, but I think that it is technically difficult.

This is a complex tool to use.

In the next release, if they could include a detection feature or improve the detection then I would like it better.

I have been working with this solution for about one year.

This solution is very stable.

It does not scale. It's one network segment that captures all of the traffic, so it's not scalable at all.

We have six analysts who use this product, with maybe only three or four people in our company.

For support, we contact our reseller.

The initial setup is not complex, it was easy.

We deployed everything on port mirroring.

I set up this solution by myself.

Architects love to use this tool, but the analysis is very complex, which is the point of NetWitness Network.

It's not the best, but it's good. The analytics is probably a ten but because it is complex, but overall, I would rate this solution an eight out of ten.

We are using it as a SIEM tool. 

One of the most valuable features is the Orchestrator.

This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.

It is stable. We have been using it for some time, without any issues.

I think it would scale nicely but we have not needed to expand our organizational needs yet.

The initial setup was not complex.

I do not have any opinion on the pricing or licensing of the product.

I used other solutions such as EnVision in the past.