Name: NetWitness Cloud SIEM
Rating: 6.1 (3 reviews)
Author: RSA Security

Help Desk

Live Chat

Web and Video Conferencing

Customer Support

Flowchart

Development

Association Management

Business Intelligence (BI)

Collaboration

Enterprise Legal Management

Risk Management

Streaming Analytics

Workflow

Enterprise

Accounting

Accounts Receivable

Crypto Asset Management

Crypto Tax

Subscription Management

Finance and Accounting

Applicant Tracking

Corporate Learning Management

Diversity, Equity, and Inclusion (DEI)

HR Management

Payroll

Talent Intelligence

Talent Management

Workforce Analytics

Workforce Management

Human Resources

.Net Development

AI Governance

Cloud Storage

Custom Software Development Services

Data Center Virtualization

Data Fabric

Fraud Detection

IT Service Providers

Identity Verification

Integration Platform as a Service (iPaaS)

Intranet

Load Testing

Managed File Transfer (MFT)

Managed Private Cloud

Network Performance Monitoring

SaaS Management

Software-Defined WAN

System Monitoring

Time Series Databases

User Activity Monitoring

Web Portal

Information Technology

A/B Testing

Ad Serving & Retargeting

All-in-One Marketing

Audio Editing

Content Management

Contest Management

Email Marketing

Gamification

Marketing Automation

Personalization Engines

Press Release Management

Product Sampling

Social Media Management

Survey & Forms Building

Video Editing

Web Analytics

Marketing

Project Management

Professional Services

Customer Relationship Management (CRM)

Lead-to-Account Matching and Routing

Product Configuration

Sales

Architecture

Construction Workforce Management

Inventory Management

Last Mile Delivery

Loan Servicing

Moving Software

Oil and Gas

Physical Therapy

Vertical-Specific

Find top rated software and services based on in-depth reviews from verified users. 400+ software categories including PaaS, NoSQL, BI, HR, and more.

LevelBlue USM Anywhere

LevelBlue

Datadog

Splunk Enterprise

Cisco

New Relic

SolarWinds Security Event Manager (SEM)

SolarWinds

Aorato (discontinued)

Discontinued Products

Plixer Scrutinizer

Plixer International

LogRhythm NextGen SIEM Platform

LogRhythm

McAfee Total Protection (discontinued)

Cybereason Defense Platform

Cybereason

NetWitness Cloud SIEM delivers log management, retention, and analytics services in a simplified cloud form. It aims t o eliminate traditional deployment and administration requirements with a simple throughput-based licensing model, to make high-quality SIEM quick and easy to acquire without sacrificing capability or power.

The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.

Essentials

Standard

Premium

Trellix Helix (formerly FireEye Helix) is a SIEM solution providing a non-malware threat detection solution.

Helix Console

Helix Enterprise

Trellix Helix

NetWitness Cloud SIEM

Security Information and Event Management Tools and Software (often shortened to SIEM) analyze security-related events and log data from network hardware and applications in real-time, performing event correlation and alerting managers to configuration changes of interest, vulnerabilities and potential threats.

Security Information and Event Management (SIEM)

Likelihood to Recommend

Centralized event and log data collection

Correlation

Event and log normalization/management

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and workspaces

Host and network-based intrusion detection

RSA Security

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

Effectiveness of real-time centralized event and log data collection

Correlation of logs and events to pinpoint significant threats

Ability to normalize event syntax so that logs can be compared and are machine-understandable

Ability to tune system to maximize threat detection and minimize false positives

Integration with access control tools like Active Directory and LDAP

dashboards that can be customized to meet the needs of specific groups

Ability to detect both endpoint intrusion and network ingress detection

Log retention

Length and quality of log storage and archiving over time

Data integration/API management

Ease and quality of data integrations between SIEM and other systems

Behavioral analytics and baselining

How effectively activity and behavior baselines are established and maintained

Rules-based and algorithmic detection thresholds

Effectiveness of manually-established rules and algorithmically-determined detection thresholds

Response orchestration and automation

Quality of built-in response orchestration and automation in Next-Gen SIEM

Reporting and compliance management

Ease and quality of reporting and compliance functions

Incident indexing/searching

Effectiveness of searching across structured and unstructured events and incidents within SIEM

NetWitness Network

Archer Integrated Risk Management Platform

RSA enVision 2017-04-14 11:15:34

TrustRadius is a technology and business research firm based in Austin, Texas. The company is known as a review platform for verified B2B technology and software reviews through a proprietary algorithm and human verification.

TrustRadius

Difficult to learn

Highly flexible

Highly scalable

Log collection

Home

Security Information and Event Management (SIEM) Software

We are using it as RSA Security Analytics (NetWitness) for our SIEM. We do log and packet collection and analysis and generate alerts and incidents that flow into RSA Archer Security Operations module. It is a major part of our information security program, and [we] depend on it for managing DLP incidents, Windows event logging and alerting. Our goal is automation, so we automate as much as we can, since we have limited resources, and do not have a 24/7 SOC.

Log collection and parsing.
Packet collection and parsing.
Enhanched analytics and alerting.
Robust integration.

Lacking out of the box best practice templates etc. It relies heavily on customization.
Lack of up to date threat feeds.
Difficult to learn and use initially.

Hard to calculate ROI since it is not revenue based.
It is a expensive solution, bit very capable.

NetWitness Cloud SIEM

Overview

What is NetWitness Cloud SIEM?