2018-12-25T09:42:00Z

What needs improvement with NetWitness Platform?

Miriam Tover - PeerSpot reviewer
  • 0
  • 38
PeerSpot user
24

24 Answers

SS
Reseller
Top 20
2023-09-15T08:59:49Z
Sep 15, 2023

It is quite tedious to make changes in the playbooks. There could be an option to integrate or adapt AI and machine learning for our threat-hunting solution. It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform.

Search for a product comparison
AR
Real User
Top 20
2023-08-21T14:57:14Z
Aug 21, 2023

A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

MOTASHIM Al Razi - PeerSpot reviewer
Real User
Top 20
2023-03-30T06:21:26Z
Mar 30, 2023

They should improve the solution's user interface and make it easier to understand.

Francesco Ritrovato - PeerSpot reviewer
Real User
Top 10
2023-03-02T16:06:56Z
Mar 2, 2023

The log system is a bit complex and has room for improvement.

MR
Real User
Top 20
2022-07-27T13:36:00Z
Jul 27, 2022

Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine. The workflow is not smart enough. For example, if I'm monitoring or analyzing log events and alerts from the SIEM system, it has to be reviewed by the person responsible for this in the organization. So, the review should be automated and should be signed off per the FR-ISO 27001 control requirement. This is lacking in RSA NetWitness Logs and Packets (RSA SIEM). This is also the case with PCI-DSS compliance because we are in the banking industry. The most iconic disadvantage of the solution is that I cannot tag my asset by my name. There should be a portal or a photo where I could check the applicant name. Whatever asset it discovers, it takes only the IP address. If it gets it from Active Directory, then it gets only the host name, which is not actually meaningful to an analyst. There should be a way to tag a name manually so that it can be mapped later to the actual machine, besides the machine I'm investigating on. RSA NetWitness Logs and Packets (RSA SIEM) does not have SOAR, and we have to do it manually. SOAR is a new concept that is still in development.

ST
Real User
2022-06-23T13:07:12Z
Jun 23, 2022

RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms.

Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
LB
Real User
Top 10
2022-05-15T16:58:14Z
May 15, 2022

If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis. NetWitness has a malware appliance, but in terms of dynamic analysis, we need to integrate with 30 vendors. It would be great to have a sandbox produced by the RSA and the SSL appliance also.

MdZaman - PeerSpot reviewer
Real User
Top 5Leaderboard
2021-10-22T10:54:03Z
Oct 22, 2021

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

MS
Real User
2021-09-01T13:51:40Z
Sep 1, 2021

We are designing reports and automated rules and processes. We are defining them in relation to this product. With the help of automated rules and processes, this product will help the team when they go to production to do operations smoothly, as, most of the time, what happens when you put manual interference into such systems, it may be delayed. This can lead to vulnerabilities. Sometimes, if a hacker enters the system, he might only have a limited time where there is a window of access, however, in that time, he'll take what he can, and even if the vulnerability only lasted for a few minutes, in that time, items can get stolen. Therefore, there needs to be more proactively to avoid any downtime. We're adding automating tools to help RSA Netwitness so that if anything happens, RSA can immediately shut anything down. We're in the process of configuring them and adding them in. The initial setup is complex. There are solutions that are easier to implement.

IO
Reseller
Top 20
2021-06-02T19:36:43Z
Jun 2, 2021

The reporting aspect could be improved. There are instances where you try to run the reports and then it does not give you the desired outcome. At times, it appears as if the reporting feature might be buggy. You want to actually follow the trends and see how technology is advancing. I think they've done that with regard to security orchestration, automation, and response. However, I think that they could do better with the automation and response.

RP
Real User
2021-05-19T19:23:40Z
May 19, 2021

I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's very costly.

AR
Real User
2020-10-30T14:43:26Z
Oct 30, 2020

More customizability is required, which is something that they need to improve on. When it comes to starting a log event, there are not many options available. It is very limited. The log and event correlation need improvement. The threat detection capability should be enhanced.

PR
Real User
2020-07-26T08:19:19Z
Jul 26, 2020

Security needs improvement. We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack. There is no SIEM tool in the world that can provide 100% security.

MT
Real User
2020-07-16T06:21:05Z
Jul 16, 2020

It is not so easy to customize this product. This product would be improved with the addition of machine learning functionality.

MA
Real User
2020-06-18T05:17:44Z
Jun 18, 2020

The SOAR (security orchestration, automation, and response) component has areas for improvement. Technical support needs to be improved. Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM. Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support.

MA
Real User
2020-03-19T13:00:53Z
Mar 19, 2020

The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions.

VG
Real User
2020-01-19T06:38:00Z
Jan 19, 2020

The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall.

AM
Real User
2020-01-12T07:22:00Z
Jan 12, 2020

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches.

RD
Real User
2020-01-09T06:15:00Z
Jan 9, 2020

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem.

HL
Real User
2019-08-25T05:17:00Z
Aug 25, 2019

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.

MH
Real User
2019-05-22T07:18:00Z
May 22, 2019

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers.

EB
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

AV
Real User
2019-02-11T08:11:00Z
Feb 11, 2019

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop.

AV
Real User
2018-12-25T09:42:00Z
Dec 25, 2018

The implementation needs assistance.

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
Download NetWitness Platform ReportRead more

Related Q&As