RSA NetWitness! What you need and more!
Rating: 7 out of 10
IncentivizedUse Cases and Deployment Scope
We are using it as RSA Security Analytics (NetWitness) for our SIEM. We do log and packet collection and analysis and generate alerts and incidents that flow into RSA Archer Security Operations module. It is a major part of our information security program, and [we] depend on it for managing DLP incidents, Windows event logging and alerting. Our goal is automation, so we automate as much as we can, since we have limited resources, and do not have a 24/7 SOC.
Pros
- Log collection and parsing.
- Packet collection and parsing.
- Enhanched analytics and alerting.
- Robust integration.
Cons
- Lacking out of the box best practice templates etc. It relies heavily on customization.
- Lack of up to date threat feeds.
- Difficult to learn and use initially.
Likelihood to Recommend
It is really a robust platform that can be heavily customized to suit requirements. Good for advanced hunting and forensics. Robust automation features.
Vetted Review
3 years of experience