NetWitness Platform vs Trellix ESM comparison

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The most valuable features are the packet inspection and the automated incident response."

"The most valuable feature is the correlation rules."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"This solution integrates easily and very well with other technologies."

"I like the ease of deployment."

"It is easy to use."

"It is easy to use and deploy. It comes with user-friendly manuals."

"The support I have received from the vendor has been great."

"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The initial setup is very complex and should be simplified."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"The tool's integration capability isn't so great."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"Health monitoring of the event sources and devices."

"Its technical support could be better."

"Customized reports and alerting functionality could be included in the dashboard."

"There's no software support from McAfee."

"I would like to see improvements to the user interface."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."

"I would like to see good analytics in future releases."

"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."

"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"Our license is for one year."

"This is a pricey solution; it's not cheap."

"The product is slightly expensive."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."

"McAfee is the right choice for a low-budget solution."

"We renew our license annually."

"It is an inexpensive product. We purchase its yearly license."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."