Coming October 25: PeerSpot Awards will be announced! Learn more
2019-02-11T08:11:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 4

What advice do you have for others considering RSA NetWitness Logs and Packets (RSA SIEM)?

If you were talking to someone whose organization is considering RSA NetWitness Logs and Packets (RSA SIEM), what would you say?

How would you rate it and why? Any other tips or advice?

13
PeerSpot user
13 Answers
Rahul Patel - PeerSpot reviewer
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2021-05-19T19:23:40Z
19 May 21

I would recommend this solution. I rate this solution a nine out of 10.

AR
Associate Manager Human Resources at a financial services firm with 1,001-5,000 employees
Real User
Top 10
2020-10-30T14:43:26Z
30 October 20

RSA is something that I can recommend. I would rate this solution a six out of ten.

PR
Analyst at Microland Limited
Real User
2020-07-26T08:19:19Z
26 July 20

This is a product that I recommend. I would rate this solution an eight out of ten.

MT
Security Engineer/Architect at Telecom Italia
Real User
Top 10
2020-07-16T06:21:05Z
16 July 20

They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.

MA
IT and Cybersecurity Professional at a financial services firm
Real User
2020-06-18T05:17:44Z
18 June 20

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.

MA
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
2020-03-19T13:00:53Z
19 March 20

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.

Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,952 professionals have used our research since 2012.
VG
IT Security Head with 1,001-5,000 employees
Real User
2020-01-19T06:38:00Z
19 January 20

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.

AdrianMache - PeerSpot reviewer
RSA Specialist at a computer software company with 1,001-5,000 employees
Real User
2020-01-12T07:22:00Z
12 January 20

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.

RamneshDubey - PeerSpot reviewer
Senior Cyber Security Specialist at HCL Technologies
Real User
2020-01-09T06:15:00Z
09 January 20

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.

Hubert Luberek - PeerSpot reviewer
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
2019-08-25T05:17:00Z
25 August 19

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.

Maor Hojberg - PeerSpot reviewer
Team Leader & Head of MSSP at We Ankor
Real User
2019-05-22T07:18:00Z
22 May 19

This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.

EB
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Real User
2019-03-11T07:21:00Z
11 March 19

It's supposed to help our security program maturity. Has it? I think that's another question. I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.

Allan Vargas - PeerSpot reviewer
IT security specialist at a comms service provider with 201-500 employees
Real User
2019-02-11T08:11:00Z
11 February 19

I would recommend this solution to somebody considering it. I would rate it a nine out of ten.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Jul 27, 2022
Hi Everyone, What do you like most about RSA NetWitness Logs and Packets (RSA SIEM)? Thanks for sharing your thoughts with the community!
2 out of 16 answers
Hubert Luberek - PeerSpot reviewer
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
25 August 19
It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.
RamneshDubey - PeerSpot reviewer
Senior Cyber Security Specialist at HCL Technologies
09 January 20
The most valuable features are the packet decoder, log decoder, and concentrator.
PeerSpot user
Computer & Network Systems Administrator at a aerospace/defense firm with 1,001-5,000 employees
Mar 13, 2019
My organization has one last piece to the puzzle in our completion for NIST 800-171 compliance. I know nothing about Network Security and Event Management. I have a team of two Systems and Network Admins that already spend a lot of time ensuring the organization is running smooth, dealing with any technical issues, and ensuring the infrastructure is performing well. What solution is recommended...
2 out of 39 answers
PeerSpot user
Senior Consultant at Redrock IT & Security Solutions
28 March 18
There are many good SIEM products on the market today. Our company evaluated several SIEM products, LogRhythm, Splunk, AlienVault, Fortinet, and EventTracker. They all are great products. We settled on EventTracker and purchase the licenses through a 3rd party. Because these companies have internal teams of trained security analysts. They take on the heavy lifting of reviewing alerts, threat analysis, etc. The required manpower is a critical piece when evaluating SIEMs.
it_user420948 - PeerSpot reviewer
Sales Leader with 1,001-5,000 employees
28 March 18
amongst SIEM solutions marketed by editors, the leading products are Splunk, Qradar both solutions offer a complete NIST compliance. what is the most important to know is to what extent these solutions are able to communicate with other solutions and applications this is mainly what qualifies Qradar as the leader in the SIEM field, since on top of being an IBM product as a guarantee in itself, IBM Qradar has a great list of connectors to third party solutions and finds itself in the heart of a wide portfolio of security products ans solutions. the lask of technical resources is not a problem when adopting a Qradar solution, IBM proposes it in SaaS mode which can be advantageous to multiple customers and for those who are not yet adopting a cloud-based solution they ca still have their own in-premises implementation but managed remotely from Qradar Experts with very attractive monthly fees.
Download Free Report
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
633,952 professionals have used our research since 2012.