NetWitness Platform vs Trellix Network Detection and Response comparison

"The most valuable features are the threat prediction and network forensics."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"The most valuable feature is the hunting ability to work in a CERT."

"Performance and reporting are very good."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."

"Very functional and good for detecting malicious traffic."

"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The product is very easy to configure."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"Security needs improvement."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"The initial setup was complex because it takes a lot of time to complete the implementation."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."

"A better depth of view, being able to see deeper into the management process, is what I'd like to see."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."

"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."

"Technical packaging could be improved."

"Compared to the competition, the is price is not that high."

"We are on an annual license for the use of the solution."

"The product price was reasonable for my region and the market."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"Our license is for one year."

"We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"When I compare this solution to its competitors in the market, I find that it is a little expensive."

"It's an expensive solution."

"The tool is a bit pricey."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"The pricing is a little high."