SolarWinds NetFlow Traffic Analyzer (NTA) vs. Trellix Network Security

We use and depend on it for status state of our network gear, switches and routers. It does an excellent job of getting you the details you need to confirm all devices and products are working at the level needed. At times, it does tend to flag network switch ports and/or switches themselves as exceeding their rated capacity when frequently it was a quick blip of high traffic due to downloads, or uploads causing the max'ing of the device. Again, you can adjust the settings but then you adjust it too high and miss real activity. It can become nuisance alerting when you tend to then ignore

Incentivized

It’s a dedicated Network Advanced Threat Detection and
Prevention solution. Easy maintenance and low operating costs fit perfectly for
SMEs. Variety of appliance selection makes NX the perfect choice for large
enterprises. As it’s a dedicated solution with its own appliance, price is higher
compared to NGTP add on solutions. FireEye is an ecosystem therefore when you’ve
the EX or HX vice versa, you should be looking to NX. Otherwise, you’re missing
the threat intel exchange on the network side reverse is the true. Sizing is
important before the purchase, if you select a low end model for a busy network
you lose your initial investment. For multiple NX deployments I highly
recommend CMS. Without CMS you’ll lose the threat intel exchange and this will
negatively reduce the risk scores.

Incentivized

• The level of customization possible with Network Bandwidth Analyzer is very valuable. Rather than being stuck with a "one-size-fits-all" presentation, an administrator can easily create customized views, reports, and alerts so that users can have a more tailored view of the data provided by Network Bandwidth Analyzer. This has the effect of making the tool more attractive to the end user.
• The NetFlow Traffic Analyzer piece of Network Bandwidth Analyzer provides the details on bandwidth usage on the network. More than knowing how much bandwidth is being used, one is provided with detailed information on how that bandwidth is being used. This provides invaluable information for capacity planning and even certain forensic tasks faced by the network engineer.
• The ability to produce network maps provides an easy way to create an attractive and functional NOC/SOC view of the entire network. Both technician and the occasional passerby can quickly determine if there are issues to be addressed. The ability to customize a map with background images and custom icons and stencils can make these maps really pop.

Incentivized

• Advanced detection of targeted attacks.
• Mandiant team effort is a big plus.
• Inline mitigation capabilities particularly well.
• Different deployment models for specific needs.
• License and information sharing selection 1 way or 2 way mode.
• Frequent updates.
• Low false positive rates.
• FireEye sandboxing is immune to sandboxing attacks.
• Central management (CMS) capabilities for managing several NX's.
• Extra IPS/IDS functionality in the product.
• Smartvision specific to lateral movement detection.
• Upgrades and updates with zero down time.
• Local FireEye support is superb.
• Multiple deployment scenarios (span, inline) in the same NX for different interface pairs.
• SSL inspection support.
• No need to maintain, build or updates the images. It's highly automatic.

Incentivized

• The ability to intuitively and quickly serve up specified information up to a dashboard for general “public” consumption, that cycles through several pages of information.
• The ability to intuitively set up alerting on bandwidth levels, instead of having to dig through all types of alerts available to find the one needed.
• Provide a pricing model based on different support levels: if I want only available update installations, don’t make me pay the same amount as those wanting full support.

Incentivized

• Very first detected APT sample can pass the NX even it's inline blocking mode.
• Performance optimization for busy networks is cumbersome.
• CMS does not provide all the management capabilities, CLI or local config. Should be done for advanced customization.
• Constant limitations of tcpdump/ packet capture for 10G interfaces.
• IPS functionality is a bit cumbersome, not a full feature IPS, lack of signatures and customization of IPS signatures.
• It's not a full NDR solution or a UBA solution.
• Lack of device or user mapping.
• Forensics is based on the specific APT. May not provide the whole story and need some additional tools.
• You cannot make manual submission to NX (needs AX).
• You cannot access the kernel directly for deep analy[sis] or troubleshooting (assist from FireEye Support should be taken).

Incentivized

As far as rating for usability is concerned I would give 10/10 as NTA is very easy to use. All you need to do is install that module and ask network Team to configure the Netflow towards Server IP. [The] rest is pre-configured and reports are pre-built. Moment you receive the flows from Network all you will have is information about traffic.

Incentivized

I know we could probably pay for it, but it would be nice if we could get to a tier 2 technician faster. Spending a couple of hours on the phone with the level 1 technician, when we have already tried the troubleshooting they are walking us through, is just a waste of time.

Incentivized

The training offered by SolarWinds is some of the best out there. They have several different videos that go into great detail from initial setup to advanced configurations. In addition to the view at your own pace video, they also have live training for customers that focus on a single product and you can ask questions with the folks who develop the software. I have had good success with their live sessions and getting questions answered.

Incentivized

SolarWinds NetFlow Traffic Analyzer compared to Wireshark and PRTG Network Monitor beats it by just the simple interface. Though all are manual setup, NTA takes it a step further with graphs and reports that analyze the data for you. In comparing to Extrahop from a bandwidth comparison, Extrahop wins but Extrahop is a lot more than just a bandwidth monitoring and cost.

Incentivized

FireEye NX is a solid product. It gives you sustainable
security throughout the organization. NX detection engines are more capable
compared to others. Its catch rate is higher, FP rate is lower, [and] speed is
awesome. NX can work for highly regulated environments with 1 way solution.
Operation costs are much lower. Software quality is very good. It may have bugs, but these bugs do not compromise the security in general. SOC team loves the
FireEye NX for its pinpoint detection capabilities. Local and partner support
is exceptional.

Incentivized

• Be prepared to answer lots of questions. When people see the data in NTA they are going to want to know why App A is talking to App B. Be ready to explain!
• Hand the keys to the NTA kingdom to the network team. They will thank you. Everyone wants to have friends on the network team, right?
• Be prepared to invest in some significant compute and storage performance to keep up with your NTA monitoring
• Running the latest firmware for your network gear is (often) required to take advantage of all the flow-monitoring. You upgrade regularly, right??

Incentivized

• As [a] financial company on the digital markets, we need to be safeguard for 0days and targeted attacks. FireEye NX provides the best updated protection with its enhanced capabilities.
• Security score based on detection/prevention metrics [is] very high ensuring the highest level of security.
• APTs in our region successfully detected and mitigated by the NX.
• For the ROI, in a six month period FireEye is paying off its [investment].
• One negative thing, especially with increasing network bandwidths, [is that] you need to make [the] investment every two or three years.

Incentivized