RSA NetWitness! What you need and more!
April 17, 2017
RSA NetWitness! What you need and more!
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with RSA enVision
We are using it as RSA Security Analytics (NetWitness) for our SIEM. We do log and packet collection and analysis and generate alerts and incidents that flow into RSA Archer Security Operations module. It is a major part of our information security program, and [we] depend on it for managing DLP incidents, Windows event logging and alerting. Our goal is automation, so we automate as much as we can, since we have limited resources, and do not have a 24/7 SOC.
- Log collection and parsing.
- Packet collection and parsing.
- Enhanched analytics and alerting.
- Robust integration.
- Lacking out of the box best practice templates etc. It relies heavily on customization.
- Lack of up to date threat feeds.
- Difficult to learn and use initially.
- Hard to calculate ROI since it is not revenue based.
- It is a expensive solution, bit very capable.
Best in Class for us, and was a good choice since we already are using a lot of other RSA products(DLP, Archer etc.)