The product has a user-friendly interface and a valuable feature for threat intelligence integration.
NetWitness Platform
NetWitnessReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
29 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has a user-friendly interface, but there could be efficient features for threat analysis
What is most valuable?
What needs improvement?
It is quite tedious to make changes in the playbooks. There could be an option to integrate or adapt AI and machine learning for our threat-hunting solution. It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform.
For how long have I used the solution?
I have been using NetWitness Platform as a partner for two years.
What do I think about the stability of the solution?
The product is stable. I rate its stability a seven out of ten.
What do I think about the scalability of the solution?
We have ten end users as our customers, including small & medium enterprises using NetWitness Platform. I rate its scalability a five out of ten.
How was the initial setup?
The deployment takes around two weeks to complete. Fine-tuning takes a longer time. I rate the initial setup a six out of ten.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. I rate its pricing a seven out of ten.
What other advice do I have?
For small to medium-sized organizations, NetWitness Platform will be a suitable option. Most enterprises or larger organizations will likely choose a different platform because NetWitness Platform is no longer listed in Gartner. Additionally, the pricing is too high and is not competitive with Splunk and other products. It is relevant, but they need to set up or hire someone to help them compete with similar products like Slack, QRadar, or Palo Alto. Overall, I rate it a seven out of ten.
A solid SIEM solution that should improve technical support and online resources to be easier to use
What is our primary use case?
It is an SIEM solution used regularly as a part of the SOC to collect data from all the security environments in my company.
What is most valuable?
NetWitness Platform is valuable for creating rules that the solution must detect.
What needs improvement?
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product.
Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
For how long have I used the solution?
I've worked with NetWitness Platform for two years.
What do I think about the stability of the solution?
I rate NetWitness Platform's stability an eight or nine out of ten.
What do I think about the scalability of the solution?
I rate NetWitness Platform's scalability a six out of ten.
How are customer service and support?
Technical support is not available locally in Israel. We're using support from outside. It's global technical support from the vendor and is available 24 hours a day. However, the escalation is very slow. It's dependent on the kind of situation we're in. If it's a full dimension where we have malfunctions that stop processes, the issue can be escalated very fast. We can get support immediately with the service-level agreement we have. But if we have any questions about using the technical support for systems for feature requests or some knowledge. It can take a lot of time, and It's not something we can get from the vendor.
How was the initial setup?
I rate the initial setup a five out of ten since the solution had to be implemented twice. It took more than half a year to deploy the solution. Some of the processes were set up with the first implementation very fast. However, the implementation was insufficient to use the solution with all the needed coverage. All the customizations and integrations can take a few months, and it's a long process.
The steps taken to deploy NetWitness Platform are like with any other product. We had to plan whether it was a low-level or high-level design. We had to see the scope of work for implementation, including all the integration processes and data connections.
What about the implementation team?
The supplier's knowledge base was less on the integration side, so the solution had to be done twice.
The number of people needed to deploy the solution depends on whether the person has the needed experience, knowledge, or skill sets. If they do, the setup will be fast. But sometimes, people have limited information or knowledge from something special they focused on, so the number of people needed for deployment depends on the situation. By design, the solution can be implemented by one person.
What's my experience with pricing, setup cost, and licensing?
The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription.
What other advice do I have?
NetWitness is a part of the cybersecurity solutions we use today, but it's not the only one. We use many different solutions, such as Splunk and QRadar. The product is an SIEM solution, and we use SIEM solutions from different vendors for different needs on different sites.
We don't have all the features we thought were a part of the solution. We need to do many things manually to customize the solution for the customer's needs. By the book, we don't have enough to connect the product to all the systems with some inputs based on machine learning or all the new algorithms like artificial intelligence. The customer must know all these before installing this product. We need community knowledge for new products that tell us what has to be added after a few installations. The setup, then, can be very fast, and all the knowledge for integration with other components and the company's infrastructure can also be very fast because the solution is best-of-breed and third-party. It's not proprietary for special companies and corporations. In the context of product implementation, everything is very slow and must be done manually and not integrated automatically into the product. We need to know what we will do, how we will monitor the overall system, what kind of events we want to collect from the system, and what type of layout we want to provide through the system to alert about incidents or some type of situation. The customer manually processes all this. It's not like we deploy the product and get all this information and all these capabilities in one coverage of the solution.
Before choosing the NetWitness Platform, find the best integrators with professional experience implementing and deploying this product in other companies. The product has many features and coverage but needs professional integration and implementation.
I would rate NetWitness Platform an eight, but since it depends on the installation, I rate the solution a seven out of ten.
RSA NetWitness and SOC
What do you like best about the product?
1- The visibility RSA NetWitness packet (NDR) provides is brilliant.
2- Easy installation and deployment.
3- The scalability of deployment is very good.
4- The combination of NDR, EDR and Logs in the same interface.
5- Effective technical support.
2- Easy installation and deployment.
3- The scalability of deployment is very good.
4- The combination of NDR, EDR and Logs in the same interface.
5- Effective technical support.
What do you dislike about the product?
1- Documentation that is poor.
2- Integration with log sources is limited in comparison with other brands.
3- Building use cases is not easy, and poor built-in use cases.
4- Weak parsing of logs.
5- The user interface is not friendly enough.
6- Respond module requires significant enhancement.
2- Integration with log sources is limited in comparison with other brands.
3- Building use cases is not easy, and poor built-in use cases.
4- Weak parsing of logs.
5- The user interface is not friendly enough.
6- Respond module requires significant enhancement.
What problems is the product solving and how is that benefiting you?
1- Databases stability.
2- Meeting client expectations.
3- Solving contract conflicts.
4- Maintaining the NetWitness service availability.
5- Engaging RSA NetWtiness management to solve complex problems and disputes.
2- Meeting client expectations.
3- Solving contract conflicts.
4- Maintaining the NetWitness service availability.
5- Engaging RSA NetWtiness management to solve complex problems and disputes.
It's powerfull and complex
What do you like best about the product?
alerts are a powerful tool to notify you of an incident
What do you dislike about the product?
set up could be complicated , and support it's nota the best
What problems is the product solving and how is that benefiting you?
I use notification about incidents
Recommendations to others considering the product:
Yes , it's a powerfull tool when it's configured correctly
RSA - Walkthrough
What do you like best about the product?
Ability to find and decode base65 and hex.
Inbound SSL decryption.
The ability to run anywhere, physical hardware, cloud etc.
SOAR capabilities can be used to scale security operations.
Inbound SSL decryption.
The ability to run anywhere, physical hardware, cloud etc.
SOAR capabilities can be used to scale security operations.
What do you dislike about the product?
No cross platform SOAR compatibility.
Difficult to learn and use initially.
Setting up the solution is complex for first timers.
Integrating newer devices is a tough task.
Difficult to learn and use initially.
Setting up the solution is complex for first timers.
Integrating newer devices is a tough task.
What problems is the product solving and how is that benefiting you?
Helpful in full PCAP analysis.
Threat hunting feeds have quite helped with day to day operations, making the organisation more secure.
The level of details is intense, given that solution is implemented correctly
Threat hunting feeds have quite helped with day to day operations, making the organisation more secure.
The level of details is intense, given that solution is implemented correctly
Good experience
What do you like best about the product?
Great to get insights about the risk score and alerts and incidents give a broader picture on activity
What do you dislike about the product?
Dashboards could habe been a bit more pleasing to see. Nonetheless this will be achieved in the near future probably
What problems is the product solving and how is that benefiting you?
It's a one stope solution to SIEM , to identify threats and take necessary actions well in time. To protect endpoints from danger
Best siem out there in market, best in performance best in managing
What do you like best about the product?
The best part the ueba and the latest soar capability which reduces multiple work heads collate under one umbrella.
What do you dislike about the product?
The complexity in the architecture, most of the issues which occur in environment requires lot of investigation to find the RCA.
What problems is the product solving and how is that benefiting you?
The day to day security incidents and event management, combined together with soar capability the response has also become more easy.
Great for someone with mid level knowledge in networking
What do you like best about the product?
The way you can follow packets and the UI
What do you dislike about the product?
A lot of features and it's a bit overwhelming to use
What problems is the product solving and how is that benefiting you?
Fast find of suspicious activity
Recommendations to others considering the product:
I think it's a great product. I haven't used it for the past 4 years but when I did I loved it.
Easy to deploy and manage with good features.
What do you like best about the product?
Availablity of out of the box usecases (Correlation rules, reports and dashboards). Network (packet) capture component and also have inbuilt EDR and UEBA components.
Good product documention.
New version is good.
Good product documention.
New version is good.
What do you dislike about the product?
Application level HA is not there.
Support can be improved.
Migration from older versions.
Support can be improved.
Migration from older versions.
What problems is the product solving and how is that benefiting you?
Flexible licensing options.
Easy to do custom application/device integration and custom parser development.
Easy to do custom application/device integration and custom parser development.
RSA Netwitness Review
What do you like best about the product?
The investigation tab is helping me a lot during my investigation as it shows all the available meta keys in the logs, which makes it easier to notice suspicious artifacts.
What do you dislike about the product?
RSA Net witness needs enhancing in showing the details of the entire packet, for example (headers and body)
What problems is the product solving and how is that benefiting you?
The investigation tab is helping me a lot during my investigation as it shows all the available meta keys in the logs, which makes it easier to notice suspicious artifacts.
showing 11 - 20