No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Trellix Helix Connect comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
37th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (37th)
Trellix Helix Connect
Ranking in Security Information and Event Management (SIEM)
9th
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
20
Ranking in other categories
Security Incident Response (2nd)
 

Mindshare comparison

As of June 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. The mindshare of Trellix Helix Connect is 1.2%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Trellix Helix Connect1.2%
NetWitness Platform1.0%
Other97.8%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
reviewer2840397 - PeerSpot reviewer
Associate Cybersecurity Analyst at a tech vendor with 10,001+ employees
Centralized threat triage has improved endpoint control but still needs better cloud insights
Trellix Helix Connect can definitely be improved, especially regarding cloud and SaaS telemetry gaps. It could enhance its native cloud and SaaS telemetry integration. Additionally, sometimes when we open the details of a file, it lacks meta fields altogether, and we must manually ask the user for the meta fields, such as when the file was created, last opened, last updated, and its hash value. Helix does not perform as expected in this regard. There are also many false positives flagged that should not be, and there is no on-premises option for FireEye Helix. Lastly, the GUI and dashboard feel very old-school and legacy, needing improvement, as all competitors have far superior GUIs and UI/UX interfaces. I would add that we have experienced specific problems with session timeouts where we randomly log out from the system after some time and face issues in logging back in. This required us to contact customer service frequently, which is also not very reliable or prompt.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we only need the software license to put it up on our own cloud and deliver it to multiple clients."
"The product's initial setup phase was not at all difficult."
"Performance and reporting are very good."
"Technical support is very good; they try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner."
"Thanks to this tool, we have a small SOC running in our company."
"The most valuable feature is the correlation, as it can report in real-time and monitor the management."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that, where you can see the payload and deconstruct the packets."
"We have started working with various customers, one of whom is particularly concerned about adjacency. We have identified several use cases where automation is possible."
"Trellix Helix is an excellent product that I would advise others looking into using for the first time because FireEye provides documentation on setup and how to create queries, and they also have a YouTube channel explaining all involved queries, and I have not found anything lacking in the training for implementation."
"We are able to block some advanced malware and other things."
"I advise other customers to choose Trellix Helix, as it improves operations significantly with more efficient responses required for various scenarios they face."
"The most valuable features include predefined use cases and threatening states."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"Trellix Helix Connect has positively impacted my organization as it is the most important tool to provide MDR service to our clients, which has resulted in specific outcomes and improvements."
"The pre-built rules and analytics save us a lot of time and have positively impacted my team's workflow because whenever we migrate to a new tool, we basically have to sit for months to form the rules and alerts."
 

Cons

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Security needs improvement."
"The initial setup is complex. There are other solutions that are easier to implement."
"We have encountered issues with unresolved crashes."
"Technical support could be improved."
"RSA NetWitness Logs and Packets is far behind the competition."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Cross Platform Integration could be improved."
"There are some issues such as high CPU utilization that we have experienced in the past whenever we were using Trellix Endpoint Security in the cloud system, which prevented anyone from working properly."
"While we have top customer support and this solution is highly beneficial, there is room for improvement due to the fusion of McAfee and FireEye, which has caused some lapses in support."
"My advice to others considering Trellix Helix Connect is to proceed only if you are getting competitive pricing; otherwise, it is nothing special and simply offers what many other connectors, such as CrowdStrike, Palo Alto, and Defender, already offer."
"To improve Trellix Helix Connect, I note it has a high CPU and memory usage whenever the operating system is starting up."
"Trellix needs to address the price for the product to be more appealing to customers."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"The most problematic part was the integration part because in their catalog, they have so many third-party vendors, but some of them were not fully supported, so we requested some development and feature requests."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
 

Pricing and Cost Advice

"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"Our license is for one year."
"We are on an annual license for the use of the solution."
"It’s cheaper to run virtual machines in a VMware environment."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"The product is expensive."
"I rate Trellix Helix a five out of ten for pricing."
"It could be cheaper, but that applies to every product."
"The price could be better. But I think it's rightly placed when we buy everything in one shot, and we get some discount for that. That's how we basically plan our deployment, and it's holistic. We pay for the license yearly."
"FireEye Helix is a little expensive."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
Comms Service Provider
14%
Financial Services Firm
10%
Computer Software Company
8%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise1
Large Enterprise13
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
What is your experience regarding pricing and costs for FireEye Helix?
It is not the pricing of the product; basically, it was related to our own budget. We had some issues, but it took some time, and we handled the problems. We do not face much performance issues; fo...
What needs improvement with FireEye Helix?
Regarding areas for improvement with Trellix Helix, I believe that if the integration with AWS and GCP environments could be improved, that would be beneficial.
What is your primary use case for FireEye Helix?
Trellix Helix was used to retain all logs, where I created multiple alerts based on organizational requirements. These alerts would trigger when conditions matched specific criteria. Multiple data ...
 

Also Known As

RSA Security Analytics
FireEye Helix, FireEye Threat Analytics
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
Police Bank, Verisk Analytics, Teck Resources
Find out what your peers are saying about NetWitness Platform vs. Trellix Helix Connect and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.