We changed our name from IT Central Station: Here's why
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Good packet inspection and automated incident response, but it needs to be more customizable
Pros and Cons
  • "The most valuable features are the packet inspection and the automated incident response."
  • "More customizability is required, which is something that they need to improve on."

What is our primary use case?

We are using this solution for security.

What is most valuable?

The most valuable features are the packet inspection and the automated incident response.

What needs improvement?

More customizability is required, which is something that they need to improve on.

When it comes to starting a log event, there are not many options available. It is very limited.

The log and event correlation need improvement.

The threat detection capability should be enhanced.

For how long have I used the solution?

I have been using this solution for one month.

What do I think about the stability of the solution?

We are using it on a daily basis and, so far, it has been stable.

What do I think about the scalability of the solution?

We have approximately 6000 employees, which means that we have 6000 endpoints that this product is working with. It is easy to scale it up to production.

How are customer service and technical support?

We have not had to contact technical support.

Which solution did I use previously and why did I switch?

In this company, they did not use a similar solution prior to this one. Personally, I used Splunk in my previous organization. Definitely, I prefer to use Splunk because there is more functionality, visibility, and options. You can do whatever you want with Splunk.

How was the initial setup?

The initial setup is not complex, and more on the simple side. Our deployment took almost five months in total.

What about the implementation team?

We had assistance from an integrator and the vendor for our deployment.

We have administrators in the company who take care of administration and maintenance. The vendor was only needed for the implementation.

What other advice do I have?

RSA is something that I can recommend.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer/Architect at Telecom Italia
Real User
Top 5
Offers good security, integrates well, and they have good technical support
Pros and Cons
  • "The most valuable feature is the security that it provides."
  • "It is not so easy to customize this product."

What is our primary use case?

We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

What is most valuable?

The most valuable feature is the security that it provides.

The log-related capabilities are good.

It integrates well with other risk-assessment tools.

What needs improvement?

It is not so easy to customize this product.

This product would be improved with the addition of machine learning functionality.

For how long have I used the solution?

I have been working with this product for perhaps eight years.

What do I think about the stability of the solution?

Stability is not a problem with NetWitness.

What do I think about the scalability of the solution?

We have not heard any complaints about scalability. This is generally for enterprise-level companies.

How are customer service and technical support?

The technical support is good and our customers are satisfied with it.

Which solution did I use previously and why did I switch?

We use McAfee for internal purposes.

How was the initial setup?

The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

What other advice do I have?

They have just introduced an orchestration tool, although I don't know how it works yet.

Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,729 professionals have used our research since 2012.
Analyst at Microland Limited
Real User
Top 20
Easy to set up with good UEBA functionality
Pros and Cons
  • "What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
  • "Security needs improvement."

What is our primary use case?

The primary use case of this solution is for security.

We use the UEBA tool.

What is most valuable?

What we are mainly using are the RSA Concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.

What needs improvement?

Security needs improvement.

We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack.

There is no SIEM tool in the world that can provide 100% security.

For how long have I used the solution?

I have been using this solution for five months.

What do I think about the stability of the solution?

Stability has not been an issue with this product.

What do I think about the scalability of the solution?

It's a scalable solution.

How was the initial setup?

The initial setup was straightforward, not at all complex.

There are approximately 1,400 devices that are integrated into RSA in my organization. While I was not a part of the integration, from my knowledge, it would take a week.

Which other solutions did I evaluate?

We have looked at similar systems and find that the architecture is somewhat different, yet the functionality is similar.

What other advice do I have?

This is a product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.