Information Technology Security and Infrastructure Expert at a government with 201-500 employees
Real User
Top 20
2024-03-14T12:54:04Z
Mar 14, 2024
My company has had many benefits from the use of the product in the last eight years. The tool has streamlined our company's incident response process since it serves as a log repository, which allows us to correlate events and access different technology stacks. In our company, we were able to actually find some potential attacks, so it has been very helpful. The tool's integration capability isn't so great. In my company, we managed to integrate it with our Microsoft Azure Subscription, after which we managed to integrate it with other tools. You will face a lot of difficulties if you want to integrate it with your database monitoring tool, PAM solutions, or IAM products. The product has done well overall for my company's teams to deal with their workflow efficiency. I would not recommend the product to others. I rate the tool a seven out of ten.
For small to medium-sized organizations, NetWitness Platform will be a suitable option. Most enterprises or larger organizations will likely choose a different platform because NetWitness Platform is no longer listed in Gartner. Additionally, the pricing is too high and is not competitive with Splunk and other products. It is relevant, but they need to set up or hire someone to help them compete with similar products like Slack, QRadar, or Palo Alto. Overall, I rate it a seven out of ten.
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
Real User
Top 20
2023-08-21T14:57:14Z
Aug 21, 2023
NetWitness is a part of the cybersecurity solutions we use today, but it's not the only one. We use many different solutions, such as Splunk and QRadar. The product is an SIEM solution, and we use SIEM solutions from different vendors for different needs on different sites. We don't have all the features we thought were a part of the solution. We need to do many things manually to customize the solution for the customer's needs. By the book, we don't have enough to connect the product to all the systems with some inputs based on machine learning or all the new algorithms like artificial intelligence. The customer must know all these before installing this product. We need community knowledge for new products that tell us what has to be added after a few installations. The setup, then, can be very fast, and all the knowledge for integration with other components and the company's infrastructure can also be very fast because the solution is best-of-breed and third-party. It's not proprietary for special companies and corporations. In the context of product implementation, everything is very slow and must be done manually and not integrated automatically into the product. We need to know what we will do, how we will monitor the overall system, what kind of events we want to collect from the system, and what type of layout we want to provide through the system to alert about incidents or some type of situation. The customer manually processes all this. It's not like we deploy the product and get all this information and all these capabilities in one coverage of the solution. Before choosing the NetWitness Platform, find the best integrators with professional experience implementing and deploying this product in other companies. The product has many features and coverage but needs professional integration and implementation. I would rate NetWitness Platform an eight, but since it depends on the installation, I rate the solution a seven out of ten.
Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2022-07-27T13:36:00Z
Jul 27, 2022
There are lots of opportunities to expand this functionality, and it is a wonderful solution. It can compete with Splunk and LogRhythm. I would recommend RSA NetWitness and rate it at five on a scale from one to ten.
Information Technology Security Consultant at Sify Technologies
Real User
Top 5
2022-05-30T15:22:00Z
May 30, 2022
I rate RSA NetWitness Logs and Packets eight out of 10. Aside from ETS, it is the second-most important solution for maintaining compliance and how much data you need in the online logs or the offline archival logs.
IT manager at a agriculture with 10,001+ employees
Real User
Top 10
2021-10-22T10:54:03Z
Oct 22, 2021
I would definitely recommend this solution to others, but not to small-sized customers. The solution is one of the best for enterprise customers exceeding 10,000 or 2,000 EPS. I rate RSA NetWitness Logs and Packets (RSA SIEM) as a nine out of ten.
I'm on the latest version of the solution. I tend to work on updated versions. We are systems integrators. We have a partnership with RSA. If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation. I'd rate the solution at an eight out of ten.
Solution Specialist at a tech services company with 11-50 employees
Reseller
Top 20
2021-06-02T19:36:43Z
Jun 2, 2021
It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others.
They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.
IT and Cybersecurity Professional at a financial services firm
Real User
2020-06-18T05:17:44Z
Jun 18, 2020
My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
2020-03-19T13:00:53Z
Mar 19, 2020
My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.
My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.
RSA Specialist at a computer software company with 1,001-5,000 employees
Real User
2020-01-12T07:22:00Z
Jan 12, 2020
I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.
Senior Cyber Security Specialist at HCL Technologies
Real User
2020-01-09T06:15:00Z
Jan 9, 2020
My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
2019-08-25T05:17:00Z
Aug 25, 2019
If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.
This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
It's supposed to help our security program maturity. Has it? I think that's another question. I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.
NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
My company has had many benefits from the use of the product in the last eight years. The tool has streamlined our company's incident response process since it serves as a log repository, which allows us to correlate events and access different technology stacks. In our company, we were able to actually find some potential attacks, so it has been very helpful. The tool's integration capability isn't so great. In my company, we managed to integrate it with our Microsoft Azure Subscription, after which we managed to integrate it with other tools. You will face a lot of difficulties if you want to integrate it with your database monitoring tool, PAM solutions, or IAM products. The product has done well overall for my company's teams to deal with their workflow efficiency. I would not recommend the product to others. I rate the tool a seven out of ten.
For small to medium-sized organizations, NetWitness Platform will be a suitable option. Most enterprises or larger organizations will likely choose a different platform because NetWitness Platform is no longer listed in Gartner. Additionally, the pricing is too high and is not competitive with Splunk and other products. It is relevant, but they need to set up or hire someone to help them compete with similar products like Slack, QRadar, or Palo Alto. Overall, I rate it a seven out of ten.
NetWitness is a part of the cybersecurity solutions we use today, but it's not the only one. We use many different solutions, such as Splunk and QRadar. The product is an SIEM solution, and we use SIEM solutions from different vendors for different needs on different sites. We don't have all the features we thought were a part of the solution. We need to do many things manually to customize the solution for the customer's needs. By the book, we don't have enough to connect the product to all the systems with some inputs based on machine learning or all the new algorithms like artificial intelligence. The customer must know all these before installing this product. We need community knowledge for new products that tell us what has to be added after a few installations. The setup, then, can be very fast, and all the knowledge for integration with other components and the company's infrastructure can also be very fast because the solution is best-of-breed and third-party. It's not proprietary for special companies and corporations. In the context of product implementation, everything is very slow and must be done manually and not integrated automatically into the product. We need to know what we will do, how we will monitor the overall system, what kind of events we want to collect from the system, and what type of layout we want to provide through the system to alert about incidents or some type of situation. The customer manually processes all this. It's not like we deploy the product and get all this information and all these capabilities in one coverage of the solution. Before choosing the NetWitness Platform, find the best integrators with professional experience implementing and deploying this product in other companies. The product has many features and coverage but needs professional integration and implementation. I would rate NetWitness Platform an eight, but since it depends on the installation, I rate the solution a seven out of ten.
I rate the solution as a six out of ten.
I give the solution a nine out of ten. I recommend the solution to others.
There are lots of opportunities to expand this functionality, and it is a wonderful solution. It can compete with Splunk and LogRhythm. I would recommend RSA NetWitness and rate it at five on a scale from one to ten.
I rate RSA NetWitness Logs and Packets eight out of 10. Aside from ETS, it is the second-most important solution for maintaining compliance and how much data you need in the online logs or the offline archival logs.
I would rate this solution 8 out of 10.
I would definitely recommend this solution to others, but not to small-sized customers. The solution is one of the best for enterprise customers exceeding 10,000 or 2,000 EPS. I rate RSA NetWitness Logs and Packets (RSA SIEM) as a nine out of ten.
I'm on the latest version of the solution. I tend to work on updated versions. We are systems integrators. We have a partnership with RSA. If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation. I'd rate the solution at an eight out of ten.
It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others.
I would recommend this solution. I rate this solution a nine out of 10.
RSA is something that I can recommend. I would rate this solution a six out of ten.
This is a product that I recommend. I would rate this solution an eight out of ten.
They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.
My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.
My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.
My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.
I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.
My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.
If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.
This solution has some good features, but it is lacking in usability. This means that I would rate it somewhere in the middle. I would rate this solution a five out of ten.
It's supposed to help our security program maturity. Has it? I think that's another question. I rate this product at three out of ten. It is overly complicated. It has taken years to implement and the return on investment just isn't there.
I would recommend this solution to somebody considering it. I would rate it a nine out of ten.