• Home
  • Elastic Security vs. NetWitness Platform

Elastic Security vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
Elastic Logo
Elastic Security
Read 59 Elastic Security reviews
14,933 views|12,217 comparisons
86% willing to recommend
NetWitness Logo
NetWitness Platform
Read 36 NetWitness Platform reviews
1,117 views|686 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Elastic Security vs. NetWitness Platform
April 2024
Executive Summary

We performed a comparison between Elastic Security and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Elastic Security vs. NetWitness Platform Report (Updated: April 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
Haroon Khand
Enables users to know about the downtime and the errors in the code
There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. These are... Read more →
Nilesh Bhate
Streamlined solution that's easy to implement
Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Elastic is straightforward, easy to integrate, and highly customizable.""One of the most valuable features of this solution is that it is more flexible than AlienVault.""The most valuable feature is the ability to collect authentication information from service providers.""Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.""The most valuable feature for me is Discover.""It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.""The performance is good and it is faster than IBM QRadar.""The visualization is very good."

More Elastic Security Pros →

"The solution is really scalable for the high-end power, enterprise customer.""NetWitness Platform is valuable for creating rules that the solution must detect.""The most valuable feature is the security that it provides.""The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""It's quite economical compared to other solutions in the market.""It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.""The most valuable features are its ingestion of logs and raising of alerts based on those logs.""The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

More NetWitness Platform Pros →

Cons
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes.""They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.""The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming.""The biggest challenge has been related to the implementation.""With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data.""Technical support could respond faster.""Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.""Sometimes, the solution isn't the easiest to use."

More Elastic Security Cons →

"Security needs improvement.""The tool's integration capability isn't so great.""There are instances where you try to run the reports and then it does not give you the desired outcome.""More customizability is required, which is something that they need to improve on.""It is not so easy to customize this product.""If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.""I believe that integrating the solution with other products such as Oracle would be beneficial.""It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "We use the open-source version, so there is no charge for this solution."
  • "We are using the free, open-source version of this solution."
  • "Elastic Stack is an open-source tool. You don't have to pay anything for the components."
  • "There is no charge for using the open-source version."
  • "This is an open-source product, so there are no costs."
  • "It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
  • "It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
  • "Compared to other products such as Dynatrace, this is one of the cheaper options."

    • More Elastic Security Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Datadog vs ELK: which one is good in terms of performance, cost and effic...
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good core… more »
    Read all 7 answers   →
    What do you like most about Elastic Security?
    Top Answer:Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of… more »
    Read all 27 answers   →
    What is your experience regarding pricing and costs for Elastic Security?
    Top Answer:Elastic Security is open-source. Unlike many older solutions where you must pay for data ingestion, Elastic allows you to ingest data freely. Being open source, you can set up a Kafka front door layer… more »
    Read all 19 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    Ranking
    5th
    out of 95 in Log Management
    Views
    14,933
    Comparisons
    12,217
    Reviews
    26
    Average Words per Review
    499
    Rating
    7.7
    18th
    out of 95 in Log Management
    Views
    1,117
    Comparisons
    686
    Reviews
    10
    Average Words per Review
    487
    Rating
    7.4
    Comparisons
    Also Known As
    Elastic SIEM, ELK Logstash
    RSA Security Analytics
    Learn More
    Elastic
    NetWitness
    Video Not Available
    Overview
    Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


    Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

    Additional offerings and benefits:

    • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
    • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
    • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

    Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Financial Services Firm29%
    Computer Software Company25%
    Healthcare Company13%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government9%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company24%
    Comms Service Provider24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business59%
    Midsize Enterprise19%
    Large Enterprise22%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise56%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise10%
    Large Enterprise67%
    Buyer's Guide
    Elastic Security vs. NetWitness Platform
    April 2024
    Free Report: Elastic Security vs. NetWitness Platform
    Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: April 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Log Management with 59 reviews while NetWitness Platform is ranked 18th in Log Management with 36 reviews. Elastic Security is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar and Cisco Secure Network Analytics. See our Elastic Security vs. NetWitness Platform report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.