NetWitness Platform
NetWitness | 12.5.0.0Linux/Unix, Other 8.10 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Great for someone with mid level knowledge in networking
What do you like best about the product?
The way you can follow packets and the UI
What do you dislike about the product?
A lot of features and it's a bit overwhelming to use
What problems is the product solving and how is that benefiting you?
Fast find of suspicious activity
Recommendations to others considering the product:
I think it's a great product. I haven't used it for the past 4 years but when I did I loved it.
- Leave a Comment |
- Mark review as helpful
Easy to deploy and manage with good features.
What do you like best about the product?
Availablity of out of the box usecases (Correlation rules, reports and dashboards). Network (packet) capture component and also have inbuilt EDR and UEBA components.
Good product documention.
New version is good.
Good product documention.
New version is good.
What do you dislike about the product?
Application level HA is not there.
Support can be improved.
Migration from older versions.
Support can be improved.
Migration from older versions.
What problems is the product solving and how is that benefiting you?
Flexible licensing options.
Easy to do custom application/device integration and custom parser development.
Easy to do custom application/device integration and custom parser development.
RSA Netwitness Review
What do you like best about the product?
The investigation tab is helping me a lot during my investigation as it shows all the available meta keys in the logs, which makes it easier to notice suspicious artifacts.
What do you dislike about the product?
RSA Net witness needs enhancing in showing the details of the entire packet, for example (headers and body)
What problems is the product solving and how is that benefiting you?
The investigation tab is helping me a lot during my investigation as it shows all the available meta keys in the logs, which makes it easier to notice suspicious artifacts.
I started my experience with version 10.6 and it was good enough
What do you like best about the product?
It is easy to use and packets is an added value
What do you dislike about the product?
The complexity of the devices specifically the Hybrid and the ESA appliances
What problems is the product solving and how is that benefiting you?
Easy to get alerts and notifications in case of any attacks
I am RSA engineer for the L1, responsible for incident handling
What do you like best about the product?
Log collection and event management, Incident investigation
What do you dislike about the product?
GUI console, RSS Hirarchay, log analysis,
What problems is the product solving and how is that benefiting you?
While starting the investigation checking each tab for ex. Respond and investigations is a bit confusing
RSA Netwitness Logs & Networks
What do you like best about the product?
The response speed at GUI for Security Analysis and threat hunting purpose is the best part. Even to fetch the old data for any of the audit purposes it takes just seconds.
What do you dislike about the product?
I don't like the Hybrid component i.e Hybrid log decoder (Decoder+ Concentrator) as if in case we face problem in any of the component we have to face trouble with other as well. Better to prefer all the standalone component in RSA Netwitness.
What problems is the product solving and how is that benefiting you?
All the technical issues whether it is related to storage, licences, upgrade or any other troubleshooting part I am working upon. The benefits of even getting a issue is that you will get to learn things from that as the RSA support is quite good.
Recommendations to others considering the product:
It's a one of the good SIEM technology in the market one can opt for
The better web gateway security management.
What do you like best about the product?
We like this tool at the gateway because it allows us to capture network data and transmit it to security and network staff. With that we have visibility, detection of threats and then mitigate them. I also like the friendly, intuitive interface and easy to administer and configure security rules.
What do you dislike about the product?
We have been using it for a long time and no one has reported any problems with using the RSA NetWitness Network. The tool offers great cost-benefit protection against simple and complex threats.
What problems is the product solving and how is that benefiting you?
The RSA NetWitness Network tool is complete. It deals with the recognition and detection of threats, such as responses to security incidents. In addition, he is able to conduct a forensic investigation and analysis. It is always updated frequently, has great support and quality.
RSA NetWitness
What do you like best about the product?
RSA is a superb vendor. They have been engaged with each of subsidiaries from the get-go.
What do you dislike about the product?
The learning curve is steep. The overall solution is a large effort to implement correctly.
What problems is the product solving and how is that benefiting you?
Needed a flexible SIEM solution required for multiple subsidiaries with very different infrastructures.
Recommendations to others considering the product:
It is a big tool with a steep learning curve. Put in the time and effort to properly leverage it's full potential.
RSA token
What do you like best about the product?
1) Easy to use
2) Secure
3) Using RSA you can use your application any where in the word.
4) It has feature to configure at both ANdroid & iOs
5) Good security feature when using specially banking application
6) Access simplifies authentication and credential management, helping to reduce IT support costs. With a conditional-access and risk-based approach, it ensures users are who they say they are and provides the right level of access from any device, across cloud and on-premises applications.
7) Two-Factor Authentication
The RSA token is a physical ‘pen’ that generates a random code every 60 seconds. This code is used, along with the RSA PIN number that you choose, in order to gain authentication for access to an account or server. The RSA token offers a two-factor authentication process that consists of:
‘Something you know’ – A four digit, memorised PIN number.
‘Something you have’ – The physical token, which generates a 6 or 8 digit code every 60 seconds.
8) it does greatly enhance login security. It’s useful for anyone who wants to use two-factor authentication.
9) Deliver convenient, secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution. Whether you deploy it as a service in the cloud or on premises, RSA SecurID Access protects both SaaS applications and traditional enterprise resources with a full range of authentication methods and dynamic, risk-driven access policies.
2) Secure
3) Using RSA you can use your application any where in the word.
4) It has feature to configure at both ANdroid & iOs
5) Good security feature when using specially banking application
6) Access simplifies authentication and credential management, helping to reduce IT support costs. With a conditional-access and risk-based approach, it ensures users are who they say they are and provides the right level of access from any device, across cloud and on-premises applications.
7) Two-Factor Authentication
The RSA token is a physical ‘pen’ that generates a random code every 60 seconds. This code is used, along with the RSA PIN number that you choose, in order to gain authentication for access to an account or server. The RSA token offers a two-factor authentication process that consists of:
‘Something you know’ – A four digit, memorised PIN number.
‘Something you have’ – The physical token, which generates a 6 or 8 digit code every 60 seconds.
8) it does greatly enhance login security. It’s useful for anyone who wants to use two-factor authentication.
9) Deliver convenient, secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution. Whether you deploy it as a service in the cloud or on premises, RSA SecurID Access protects both SaaS applications and traditional enterprise resources with a full range of authentication methods and dynamic, risk-driven access policies.
What do you dislike about the product?
1) Stolen Seeds?
Every RSA SecurID has a unique 128 bit key hardware coded into it, a 128 bit number is very long number, so it’s very hard to brute-force/guess what it is. This key is often referred to as the seed. RSA keep a copy of the seed unless the customer specifically tells them to remove it, RSA’s storage of SecurID seeds is what is suspected to have been compromised. Each SecurID issued to a customer is associated with a customer based RSA SecurID Server, which stores the seed number. The seed is in essence a private key which must be kept secret, even from the user, and is used to generate the challenge response number on the SecurID token, and is used to match it up on SecurID Server.
In simple terms, if an attacker were to know which SecurID token you had, based on the serial number on the back or from the customer site database; and assuming the attacker had the stolen RSA database of serial numbers and seed numbers, the attacker could generate the SecurID number without having possession of SecurID token, which defeats the purpose of two factor authentication.
2) However they are many factors and ‘ifs’ in play, assuming the attacker had the full RSA SecurID database in their possession, to be fully successful the attacker would need to obtain the username, password, remote gateway details and SecurID serial number. Most of this information would need to be collected from the user or from within the customer site. So phishing attacks, social engineering and network attacks are most likely ways to obtain such information, which is why RSA is providing warnings to be on the guard with such attacks.
Every RSA SecurID has a unique 128 bit key hardware coded into it, a 128 bit number is very long number, so it’s very hard to brute-force/guess what it is. This key is often referred to as the seed. RSA keep a copy of the seed unless the customer specifically tells them to remove it, RSA’s storage of SecurID seeds is what is suspected to have been compromised. Each SecurID issued to a customer is associated with a customer based RSA SecurID Server, which stores the seed number. The seed is in essence a private key which must be kept secret, even from the user, and is used to generate the challenge response number on the SecurID token, and is used to match it up on SecurID Server.
In simple terms, if an attacker were to know which SecurID token you had, based on the serial number on the back or from the customer site database; and assuming the attacker had the stolen RSA database of serial numbers and seed numbers, the attacker could generate the SecurID number without having possession of SecurID token, which defeats the purpose of two factor authentication.
2) However they are many factors and ‘ifs’ in play, assuming the attacker had the full RSA SecurID database in their possession, to be fully successful the attacker would need to obtain the username, password, remote gateway details and SecurID serial number. Most of this information would need to be collected from the user or from within the customer site. So phishing attacks, social engineering and network attacks are most likely ways to obtain such information, which is why RSA is providing warnings to be on the guard with such attacks.
What problems is the product solving and how is that benefiting you?
1) Easy to use
2) Secure
3) Using RSA you can use your application any where in the word.
4) It has feature to configure at both ANdroid & iOs
5) Good security feature when using specially banking application
6) When we forgot the password then need to know the security questions. If we do not know the security questions then there is a long process to reset the PIN.
2) Secure
3) Using RSA you can use your application any where in the word.
4) It has feature to configure at both ANdroid & iOs
5) Good security feature when using specially banking application
6) When we forgot the password then need to know the security questions. If we do not know the security questions then there is a long process to reset the PIN.
Recommendations to others considering the product:
Used two factor authentication so good for banking application
RSA Review
What do you like best about the product?
Calculation, Analytics and Cosmetic view of the application
What do you dislike about the product?
Sometimes it would be slow and you need to be patient
What problems is the product solving and how is that benefiting you?
RSA
Recommendations to others considering the product:
Make sure. Your try this at least once to get best RSA experience
showing 11 - 20