I use NetWitness Platform in the financial industry as a good product with excellent capabilities and integration with various devices.
NetWitness Platform
NetWitnessReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
29 reviews
from
and
External reviews are not included in the AWS star rating for the product.
All-in-One Security Console for Centralized Threat Hunting
What do you like best about the product?
It combines NDR, SIEM, UEBA, and SOAR capabilities into a single console. This convergence helps eliminate tool sprawl and provides a centralized view for threat hunting across network, endpoint, and cloud data .
What do you dislike about the product?
Initial deployment is complex, often requiring significant expertise . Upgrades are particularly tricky, with some users reporting instability during version migrations .
What problems is the product solving and how is that benefiting you?
The problem is that the Security teams often juggle 10-15 different tools (NDR, SIEM, UEBA, etc.), leading to context switching, high costs, and analyst fatigue.
The Solution & Benefit that this platform provides is it converges Network Detection, Log Management (SIEM), User Behavior Analytics, and Orchestration into a single platform with a unified interface.
The Solution & Benefit that this platform provides is it converges Network Detection, Log Management (SIEM), User Behavior Analytics, and Orchestration into a single platform with a unified interface.
A Powerhouse in Endpoint, Network, and SIEM Integration.
What do you like best about the product?
Users love the platform’s ability to capture full network packets and replay sessions, which is invaluable for deep forensic investigation.
What do you dislike about the product?
Complex initial setup and deployment, often requiring significant technical expertise.
What problems is the product solving and how is that benefiting you?
Threats are increasingly complex, evasive, and distributed, traditional log-centric tools often miss subtle indicators.
Deployment flexibility and robust integration enhance reporting and analytics capabilities in financial industry
What is our primary use case?
What is most valuable?
NetWitness Platform offers flexibility for deployment and robust integration capabilities. It excels in research events, analytics data, and reporting. It is particularly beneficial for reporting purposes, offering efficient solutions.
What needs improvement?
There is currently no need for improvement in the SIEM, though there could be potential enhancements by integrating with AI.
How are customer service and support?
The support is good, and I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup was not complex. On a scale of zero to ten, where ten is the easiest, I would rate it seven or eight.
What was our ROI?
The solution is efficient, though I do not provide specific ROI details.
What's my experience with pricing, setup cost, and licensing?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
Which other solutions did I evaluate?
What other advice do I have?
I would rate the SIEM eight out of ten.
Threat hunting playform
What do you like best about the product?
Netwitness siem solution is a great tool for threat hunting
What do you dislike about the product?
Api integration needs to be enhancement for soc
What problems is the product solving and how is that benefiting you?
API integration
Helps to deal with potential attacks and is available at a reasonable price
What is our primary use case?
I use the solution in my company for packets mainly and log analytics.
What is most valuable?
I don't really see any valuable features in the product. I feel that it is time to move away from NetWitness Platform. All SIEM tools have to deal with advanced use cases, and many of them are getting upgrades, but this is not the case with NetWitness Platform. NetWitness Platform has remained the same for almost four to five years. The support and RMAs offered by the product in our region have also become very bad.
What needs improvement?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a parser should be made easier in the tool.
The tool needs to have easier integrations. The tool needs to have the extra log-related suggestions. The platform and UI should be easier to use.
For how long have I used the solution?
I have been using NetWitness Platform for eight years. My company is a customer of the tool.
How are customer service and support?
I rate the technical support a six out of ten.
How was the initial setup?
The product's initial setup phase was not at all difficult. The tool's upgrades and moving from old hardware to new hardware are difficult and time-consuming. If you have any hardware failures, as per the RMA offered by the tool, it takes a very long time to get some after-service. The product has not been working well in my region recently.
What's my experience with pricing, setup cost, and licensing?
The product price was reasonable for my region and the market.
Which other solutions did I evaluate?
My company has a hybrid environment. I have looked at other products like Splunk and Sentinel. I am still looking around for other solutions in the market. In my company, we are having discussions to move to some other solution.
What other advice do I have?
My company has had many benefits from the use of the product in the last eight years.
The tool has streamlined our company's incident response process since it serves as a log repository, which allows us to correlate events and access different technology stacks. In our company, we were able to actually find some potential attacks, so it has been very helpful.
The tool's integration capability isn't so great. In my company, we managed to integrate it with our Microsoft Azure Subscription, after which we managed to integrate it with other tools. You will face a lot of difficulties if you want to integrate it with your database monitoring tool, PAM solutions, or IAM products.
The product has done well overall for my company's teams to deal with their workflow efficiency.
I would not recommend the product to others.
I rate the tool a seven out of ten.
Provides good technical support services and efficient integration with other platforms
What is our primary use case?
The primary use case for the NetWitness Platform is within large companies, particularly in their internal security operation centers (SOCs). They utilize the platform for block collections from the entire company, including subsidiaries, enabling comprehensive security monitoring and analysis. It supports functions such as collections and correlation. Additionally, some licenses may include XDR capabilities. NetWitness stood out for many customers as it was one of the first solutions to collect blocks from endpoints, networks, and logs simultaneously, providing a unified view of security events.
What is most valuable?
The most valuable feature of the NetWitness Platform, as I've found through occasional engagements, is its Total Customer Ownership (TOC) approach. It encompasses having a unified engine and database where all collected information, including logs, network traffic, and endpoint data, is correlated and analyzed. This centralized database enables efficient analysis and correlation of security events aided by artificial intelligence algorithms. Additionally, customers can develop custom parsers to integrate new data sources into the database, enhancing its speed and reliability.
What needs improvement?
The product's licensing models are complex to understand. This particular area needs improvement.
For how long have I used the solution?
I have been using NetWitness Platform for seven years.
How are customer service and support?
My experience with customer service and support for RSA NetWitness has been positive overall. I know individuals who are specialists in the field and attend meetings organized by RSA. These specialists support customers, including those whose partners or companies sell and implement NetWitness at their sites. Despite the cost, it has a strong reputation. I have received helpful assistance from technical support when needed, such as accessing restricted areas on their website or technology database. Even in complex cases, the support team has been attentive and supportive, ensuring I am not left alone with any issues.
What's my experience with pricing, setup cost, and licensing?
Licensing models can be complex and subject to change over time. It provides tools to assist in selecting the appropriate license and usage scenarios. The trend is shifting towards subscription-based models rather than one-time payments.
Which other solutions did I evaluate?
I previously prepared comparisons between solutions such as IBM QRadar and RSA NetWitness. Having worked for several large vendors, including IBM, I have insights into various security platforms. IBM QRadar, while mature and feature-rich, was behind RSA NetWitness in certain aspects. RSA was among the first to collect data from multiple sources, including live network traffic, endpoints, and logs, offering a more comprehensive approach to threat detection. Both vendors eventually incorporated Extended Detection and Response (XDR) capabilities into their solutions, but RSA was an early adopter. Nowadays, it's challenging to pinpoint significant differences in functionalities among various vendors, as most deliver similar capabilities. Performance and cost considerations may vary depending on the specific use case and hardware infrastructure. Thus, a thorough evaluation is essential when choosing a security platform.
What other advice do I have?
NetWitness can be highly beneficial for incident detection and response. RSA has incorporated Extended Detection and Response (XDR) functionality through collaborations and licensing agreements with other companies.
It integrates well with other tools, boasting over 600 integrations on its website. The list is continuously updated and readily accessible.
Security improvements will vary depending on the combination of integrations. It's essential to carefully assess both the list of available integrations and each customer's specific needs.
I rate it a ten out of ten.
NetWitness Platform XDR
What do you like best about the product?
Customer Support
Number of Features
Threat correlation
Number of Features
Threat correlation
What do you dislike about the product?
Integration Challenges and Resource demands
What problems is the product solving and how is that benefiting you?
Handling multiple environment are able to support multi-tenancy, correlating seemingly unrelated events, providing a more coherent picture of potential security incidents and aiding in the identification of complex attack patterns.
An Intelligent Platform for Businesses - NetWitness Platform XDR
What do you like best about the product?
As a user and part of security team in my company, the platform's ease of use and compact interface is a must on our daily monitoring. This alone is vital in part of investigation and response to any incidents that may arise. Based on my colleague, support team is also helpful and there are resources that is available to the community. Overall a great tool to assist on our job.
What do you dislike about the product?
It will take some time to get into the familiarity of navigating through the platform. This is not for an entry-level position, but learnings this tool will be a solid help in the future.
What problems is the product solving and how is that benefiting you?
This greatly helps in our day-to-day monitoring and response which improves our overall team performance.
Netwitness XDR Experience
What do you like best about the product?
It is easy to use and provide better analysis options
What do you dislike about the product?
Support can be improved on devices integrations and troubleshooting
What problems is the product solving and how is that benefiting you?
It provides overall security posture view, easy to investigate and provide customize alerts to configure
Exploring new waters
What do you like best about the product?
Few weeks ago, I had an opportunity using the platform. And for what I have found out that its not so complicated after all.
What do you dislike about the product?
DIdnt find any as of this few weeks using it.
What problems is the product solving and how is that benefiting you?
For some security platforms kinda hard to make a playbook. But on this platform I just could create it very quick and run it right away so easily.
showing 1 - 10