RSA enVision is a robust security information and event management (SIEM) platform designed to provide comprehensive log management and compliance support, helping organizations gain critical insights into their IT environments.
| Product | Mindshare (%) |
|---|---|
| RSA enVision | 0.8% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 86.6% |
The pricing for RSA enVision is moderate. There are no additional costs, and the tool provides SIEM and SOAR services. However, if one wants to purchase the SOAR service, an extra license fee is required. Recently, similar services have been covered with SDR and other solutions, so excluding the SOAR service seems reasonable.
RSA enVision delivers a centralized platform that allows organizations to monitor, analyze, and respond to security threats efficiently. It offers detailed visibility into network operations by collecting and analyzing log data from diverse sources. This enables organizations to enhance their threat detection and response capabilities significantly. The integration of automated processes in RSA enVision streamlines compliance reporting and audit procedures, thereby reducing complexity in handling security incidents.
What are the key features of RSA enVision?RSA enVision is implemented across diverse industry sectors, including healthcare, finance, and retail, where security and compliance are critical. By offering tailored security insights and compliance aids, it helps organizations meet specific industry requirements efficiently and effectively. Financial institutions use RSA enVision for monitoring transaction logs, while healthcare organizations benefit from its ability to manage sensitive patient data logs safely.
BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
| Author info | Rating | Review Summary |
|---|---|---|
| Président at ARS Solutions | 4.5 | We use RSA enVision to monitor diverse networks and technologies, vital for manufacturing firms. It's adaptable and offers strong support, including French versions. Improvement needed in licensing for MSPs, but overall, we achieved high ROI with our service package. |
| Cyber Security and Compliance Lead Engineer at a comms service provider with 1,001-5,000 employees | 3.5 | RSA enVision is a security incident management tool for database encryption and unauthorized access prevention, integrating easily with systems for alerts and policies. It needs improvements in user-friendliness and AI integration. We've previously used Splunk and LogRhythm, exploring alternatives now. |
| Chief Information Security Officer at a financial services firm with 51-200 employees | 2.0 | I use RSA enVision for system event collection, appreciating its reporting and stability. However, it's outdated, not scalable, lacks support, and has no future, despite my six years of use, leading to a 4/10 rating. |
| Unit Manager - Application Integration and Framework Team at a insurance company with 1,001-5,000 employees | 3.5 | I find its management features valuable for large enterprises, with good stability. However, it needs to be simpler, and integration should be easier and support more products. Setup was of medium complexity, and I rate it 7/10. |
| Security Specialist at a tech services company with 201-500 employees | 4.0 | I've used this solution for three years. Its custom dashboards and correlation alerts improved my incident response, and drilling down metadata is valuable. However, the investigation panel and reporting can be slow. Setup was straightforward, offering good value. |
| Senior Information Security Engineer at a tech services company with 11-50 employees | 4.0 | I found RSA enVision stable with good log collection and support, but its slow queries and high cost made it less competitive, leading me to switch to other solutions. |
We use it to monitor different types of networks. We specialize in manufacturing companies, so we monitor the network and the machines.
In manufacturing, you have industrial machines connected to the network, and different technologies are used. RSA has the ability to monitor different kind of technologies. For us, this is helpful because if we can only monitor Windows environments and not Linux, it's not a total solution. RSA enVision is easy to adapt to different technologies.
RSA enVision adapted to the evolving security landscape over time in my experience. We did maintenance every two months, and each time, they had a new option. The option was always very relevant. So, for me, it's a very good product. The engineer I work with shares the same opinion about RSA.
It's a very good product. We developed around this solution and received excellent support from the company. Here in Quebec, it's important that we have a French version, and they support both French and English, which is important for us.
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs).
Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries with many customers and clients. Currently, they don't seem prepared to support MSPs effectively.
We have had RSA enVision (SIEM solution) for maybe ten years. We have very good and fast support from them. We stretched the monitoring capabilities of the solution by coding different printouts for logs of various network activities. They helped us develop that. It's a really good product.
When we call, the customer service and support are there. They always answer. When it counts, they're always there.
Positive
You need a skilled engineer to deploy it because you can do anything with this tool. You can see everything on the network. A good engineer will be surprised and have fun using this tool because it's very powerful.
Deployment process:
You need to build a recipe/layout when you want to deploy something. Once the recipe is done, you just have to copy it. So you really need a good engineer at first, but then any other technician can copy the recipe. You don't need to be an expert once the recipe is finalized.
So, once you have it set up, it's easy to deploy. But you need a good engineer to deploy it correctly. You will get alerts from the system, but if you want to fully explore and maximize the tool, the engineering needs are different.
Just one person can do the work. Maintenance is needed maybe twice a year, so it's not a big deal.
It was high for us because we packaged the product with the service. We supplied everything: hardware, software, maintenance, and people to verify the alerts daily. We reviewed the package with the customer every three months. It was a good package, easy to sell, and the ROI was good for both the clients and us.
It's competitive, but they need to adapt to MSPs. Maybe that's not their target market, though.
Overall, I would rate it a nine out of ten.
I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, my company now uses another solution and may prefer it because it's easier and automatically sends reports every month, requiring less maintenance effort.
RSA enVision is different. It requires a different approach because you have to know exactly what you want to see in the logs and information. It's more oriented towards engineers who need to understand the product well and proactively find and predict attacks. The other approach, with the newer product, is more automated. The system does it by itself.
Personally, I'm torn between both approaches. You should utilize automated systems but not fully trust them. You have to verify because I've learned from past experiences where systems have failed.
RSA enVision is a security incident management tool that is specifically used for database encryption and preventing unauthorized access to different systems. It collects events from various log sources, including college systems, to monitor and detect potential security breaches.
The main features of RSA enVision include easy configuration of record integration, system integration, security alert integration, and policy application. The configuration part is very easy.
Improvement-wise, enrichment of data and policy should be done to make it more user-friendly. Enrichment of web policy rules can also help. In general, the solution currently isn't user-friendly. So, it should be more user-friendly.
In the future, I want to use some AI-related stuff, like features from ChatGPT. From the log, I don't need to configure any policy. The inbuilt AI can create some alerts. An inbuilt AI can create some policies like ChatGPT.
I have been using the solution for fifteen days since our company is using it under the PoC phase. Also, I am using RSA enVision Version 4.1.
Stability-wise, I rate the solution an eight out of ten. However, I am not sure of its integration capabilities with tools like Telco servers. Also, I am not sure about its integration capabilities with tools that may get introduced in the future. So, integrating with new types of technologies is one part.
There should be five people for monitoring purposes and one person for SIEM management. Scalability-wise, I rate the solution a seven out of ten. At present, no one is using it in my company.
The technical support was sincere in their responses. They have local offices in my country, and it depends from country to country. But in Bangladesh, they have a local office. I rate the technical support a nine out of ten.
Positive
Previously, we used Splunk and LogRhythm.
We are exploring different solutions. And when the end of life or end of support of the current version suddenly came to our notice, we realized that the dates were already reaching the end of the lifetime or end of support time. So, that is why we have to go for new procurement of a more user-friendly solution.
I rate the initial setup a seven and a half out of ten. So, it's closer to seven. The tool is deployed in our organization on-premises with some test servers.
In only two tests in a test environment, the deployment can be carried out. The deployment time only depends on the size of your infrastructure. If I limit the company's size, it will not take too much time. So, it can be done in seven to eight hours.
Regarding the deployment process, we have managed some test servers, after which we need to install some agents. If you include more servers, you need to install more agents. If you want to use agent-based, I would say that it is totally up to the stakeholder. You will get some additional benefits if you can choose the agent since you will be more assured that less positive false positive results you will get from the tool. For deployment, one test server, a few deployment servers, and some policy configurations are done by the OEM with some local support. We used some Windows servers and Linux servers, and we installed some agents in different types of operating systems. So different versions of Linux and different versions of Windows. We also integrate some network devices like firewalls to integrate firewalls and logs. So, the amount of logs and firewalls is too much.
I have to engage too many employees for deployment. So there are those for Linux servers, others for Windows servers, and the rest for network devices. One for SIEM policy creation and one for SIEM management administration is also required.
The implementation process was carried out in-house.
On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six. Splunk and IBM QRadar are expensive, while LogRhythm is a mid-priced solution. There is no additional cost. It provides SIEM and SOAR services. Since there are separate services, if I buy that service, I have to pay an extra license first. Recently, such services have been covered with SDR and other types of solutions. So, I think it is reasonable to exclude SOAR service.
If you have a relatively simple IT infrastructure, you can go for RSA enVision. Structure, like a hybrid cloud or Telco devices. r some Kubernetes-related things, microservice architecture, then you may consider other services. If you have a simple server or simple network device, you can go for other services. If you have budget issues, it's a good solution. Owing to its favorable pricing and the fact that its features will meet the minimum requirements of its user, I rate the overall product a seven out of ten.
We use this solution to collect system events from different log sources.
RSA enVision provides the full system visibility of your events within your IT ecosystem.
The most valuable feature of this solution is the reporting.
RSA enVision log manager is out of date and is not in use anymore.
I have used this solution in more than one company. I have been working with RSA enVision for six years.
It's very stable. We had no issue with stability.
It is not scalable at all. This is an area that could have been improved, but it is out of date and no longer used. RSA enVision does not share the system anymore.
We have only one user in our organization. I am the only one who is using this solution. I am the system administrator.
We do not pay for support. I do everything myself.
Most of the systems are an out-of-the-box process, but if you want some exotic logs to sell, you will have to create patches.
For a fine-tuned deployment, it will take three to four months.
We no longer pay a licensing fee because it is out of date and don't pay for support.
We evaluated McAfee and IBM QRadar.
I still use this solution in my company every day but everything is out of date.
I have learned how to write parsers.
My recommendation to others is to be careful in the evaluation of SIEM solutions.
There is no future for this solution. It does not exist anymore. I would rate RSA enVision a four out of ten.
The most valuable feature is the management features. It's capable of managing large enterprises.
In terms of what needs improvement, it could be more simple.
The integration could be easier, it should support more products.
The stability is good.
We currently have three users using this solution. They're all architects.
I haven't had to contact their technical support.
We did not previously use another solution.
The initial setup was of medium complexity.
We used another company for the deployment.
I would recommend this solution to somebody considering it.
Deciding what to store on this solution is critical before implementing it. You should analyze the data and logs and decide what to store on the product.
I would rate it a seven out of ten. Not a ten because it needs better customization for integration. It takes time to implement.
In the investigation panel, you can drill down to any specific metadata values for any event source.
The custom dashboard and correlation alerts in this solution improved our incident response process.
Sometimes the investigation panel and reporting engine work very slowly.
I have been using this solution for three years.
Sometimes the investigation panel and reporting engine work very slowly. Other than that, I have not faced any issues.
We have not faced any scalability issues.
I would give technical support a rating of 6/10.
We used Envision. It was outdated, so we switched to this solution.
The setup was straightforward. The only complexity is with high availability.
If you get a good discount on the product, or if you feel you need a less expensive solution compared to QRadar or ArcSight, you can definitely go for this solution.
We looked at ArcSight. I felt that this solution was better.
It's very simple to implement. The only problem is with the high availability mode for VLC. If you want this, work with one of VMware's engineers to implement HA in VCL.
The ease of log collection and stability of the platform are the most valuable features.
Its ability to customize reports and only look for the valid/useful information inside the report is extremely helpful.
Whenever you perform the query, it takes too long.
I been using RSA enVision from the year 2011 till 2015, in two different organizations.
With the updates and patches, the software has been improved.
Scalability is not an issue.
The technical support is very good, especially the support team member called Tiger Li.
We have moved away from RSA enVision to HPE ArcSight, Splunk and ManageEngine ELA.
The product is quite expensive.
It is a great tool but no longer a great solution in the market.
