Strengths: Generates a lot of information and offers a relatively simple interface and good technical support
Weaknesses: Time-consuming configuration
Verdict: This is worth a close look if you are willing to take the time to set up and configure
RSA NetWitness is a network-monitoring system designed to handle a wide range of information. NetWitness comes in three parts: a Concentrator (a Linux-based network appliance), Decoder (a configurable network-recording appliance) and Investigator (an interactive threat analysis application).
NetWitness proved to be a difficult product to set up. The installation directions for the software and hardware are minimal, which resulted in us making several mistakes during system configuration. Also, it was difficult to obtain solutions since we received the incorrect key for different clock times between the NetWitness Investigator and Decoder.
However, once the product was up and running, we found the tool to be compelling. Not only did it capture every packet travelling through the network, but it organised the report in a way that users can quickly reference. Certain functions allow users to implement the packets for risk assessment by way of analysing all traffic on the network. Furthermore, packet capture is not restricted to LANs, but extends to wireless traffic.
The Decoder and Concentrator took some time to grow familiar with, but eventually became fairly easy to navigate. The tool tips were helpful in navigating our way through the application.
The Investigator was another matter, however. It was slightly confusing to navigate, and the amount of information it provided was overwhelming on occasion. But, after getting used to the immense reports, this tool began to shine.
User documentation, excluding the installation directions, was helpful, presenting solid instructions. The user guide was straightforward and attempted to walk the administrator through most of the process, but some sections left us in the dark for certain functions.
On the plus side, the customer service representatives we phoned for support were very accommodating. Not only were they patient with our own network issues, but they continuously offered advice and answers where needed. They were even willing to use immediate means of contact, such as WebEx and remote desktop, for additional assistance.
Overall, NetWitness is a solid product with many useful applications. However, setting it up and the lack of coordination between the user and the company left something to be desired. Setup time and system cooperation took up a good majority of testing time, consequently leaving little room to resolve some troubleshooting issues. The setup problem is not new. Previous evaluations have experienced similar challenges in recent years.