We performed a comparison between NetWitness Platform and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"It's quite economical compared to other solutions in the market."
"Performance and reporting are very good."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Incident management is its most valuable feature."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"The most valuable feature is the view into the application."
"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."
"The initial setup is complex. There are other solutions that are easier to implement."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The log system is a bit complex and has room for improvement."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"It is not a very secure product."
"The world is currently shifting to AI, but FIreEye is not following suit."
"Cybersecurity posture has room for improvement."
"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."
"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."
"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."
"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."
More Trellix Network Detection and Response Pricing and Cost Advice →
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 37 reviews. NetWitness Platform is rated 7.4, while Trellix Network Detection and Response is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and LogRhythm SIEM, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Zabbix. See our NetWitness Platform vs. Trellix Network Detection and Response report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.