Coming October 25: PeerSpot Awards will be announced! Learn more
Rahul Patel - PeerSpot reviewer
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Great wireless feature, provides many automatic rules that are very helpful
Pros and Cons
  • "Offers a good wireless feature."
  • "Technical support could be improved."

What is our primary use case?

The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in. 

What is most valuable?

The wireless feature is good, it tells you when to check a spot, which file it has used to encrypt, whether it is spreading and how many hosts have been infected. It's about data analysis. Looking at the network logs, it's difficult to figure out where the problem is coming from and where it's going, but those kinds of features help me a lot. The solution provides lots of automatic rules which is helpful. Technically speaking, this is a good product. 

What needs improvement?

I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's very costly. 

What do I think about the stability of the solution?

This is a stable product. 

Buyer's Guide
RSA NetWitness Logs and Packets (RSA SIEM)
September 2022
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,779 professionals have used our research since 2012.

What do I think about the scalability of the solution?

We're using the solution extensively in our shipping business so it is scalable. We probably have seven or eight users and the solution is in use 24/7. 

How are customer service and support?

Getting technical support takes time, they get a lot of calls and we generally only get a response the following day. Cisco is better with technical support. 

How was the initial setup?

The initial setup is not straightforward because of all the integrations required. It needs the aggregate data, data concentrator, defense, correlation roots, and more. 

What's my experience with pricing, setup cost, and licensing?

It would help if they could provide the malware analytics in the core package as that would make the cost more reasonable. Licensing is paid annually and I believe the cost is somewhere between 12,000 - 15,000 Pounds per year. It's very high. 

What other advice do I have?

I would recommend this solution. 

I rate this solution a nine out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Good packet inspection and automated incident response, but it needs to be more customizable
Pros and Cons
  • "The most valuable features are the packet inspection and the automated incident response."
  • "More customizability is required, which is something that they need to improve on."

What is our primary use case?

We are using this solution for security.

What is most valuable?

The most valuable features are the packet inspection and the automated incident response.

What needs improvement?

More customizability is required, which is something that they need to improve on.

When it comes to starting a log event, there are not many options available. It is very limited.

The log and event correlation need improvement.

The threat detection capability should be enhanced.

For how long have I used the solution?

I have been using this solution for one month.

What do I think about the stability of the solution?

We are using it on a daily basis and, so far, it has been stable.

What do I think about the scalability of the solution?

We have approximately 6000 employees, which means that we have 6000 endpoints that this product is working with. It is easy to scale it up to production.

How are customer service and technical support?

We have not had to contact technical support.

Which solution did I use previously and why did I switch?

In this company, they did not use a similar solution prior to this one. Personally, I used Splunk in my previous organization. Definitely, I prefer to use Splunk because there is more functionality, visibility, and options. You can do whatever you want with Splunk.

How was the initial setup?

The initial setup is not complex, and more on the simple side. Our deployment took almost five months in total.

What about the implementation team?

We had assistance from an integrator and the vendor for our deployment.

We have administrators in the company who take care of administration and maintenance. The vendor was only needed for the implementation.

What other advice do I have?

RSA is something that I can recommend.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
RSA NetWitness Logs and Packets (RSA SIEM)
September 2022
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,779 professionals have used our research since 2012.
Presales Manager at a tech services company with 51-200 employees
Real User
Top 10
Enables incident response team to correlate logs to identify any kind of problem, both for logs and packets
Pros and Cons
  • "It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
  • "If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

What is our primary use case?

This solution is deployed on-premise.

What is most valuable?

It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets. I think the most important thing was that it gives the customer the capability to discover and respond to an incident. It gives customers visibility about their most important servers and devices.

Regarding the packet model, the most important thing is how easy it is to rebuild the raw data. Through one click, you can see an email that was sent even without accessing the mailbox from the user. It's easy to rebuild the raw data, especially the packet.

What needs improvement?

If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.

NetWitness has a malware appliance, but in terms of dynamic analysis, we need to integrate with 30 vendors. It would be great to have a sandbox produced by the RSA and the SSL appliance also.

For how long have I used the solution?

I have been working with this solution for six years.

Which solution did I use previously and why did I switch?

I have worked with ArcSight from Micro Focus. One thing to be improved in NetWitness is the capability to correlate event logs in a general sense. We have less resources in the NetWitness correlation engine compared with ArcSight.

What other advice do I have?

I would rate this solution 8 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Delivery Partner APAC and MEA at Tata Consultancy
Real User
Top 10
Streamlined solution that's easy to implement
Pros and Cons
  • "The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
  • "An area for improvement would be better automation and more inbuilt use cases."

What is our primary use case?

Primarily, I use this solution to integrate with applications and systems like firewalls and routers. For example, if somebody is trying to log on from two different locations simultaneously, we can catch that.

How has it helped my organization?

Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we only need the software license to put it up on our own cloud and deliver it to multiple clients.

What needs improvement?

An area for improvement would be better automation and more inbuilt use cases. In the next release, RSA should include an inbuilt migration framework that can do remediation.

For how long have I used the solution?

I've been using this solution since 2011.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.

How was the initial setup?

The initial setup isn't much of a challenge and can be completed in under twelve hours.

What's my experience with pricing, setup cost, and licensing?

Our license price is updated yearly, and there are no additional costs.

What other advice do I have?

I would rate NetWitness Logs and Packets as eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.