• Home
  • Microsoft Sentinel vs. NetWitness Platform

Microsoft Sentinel vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
30,365 views|16,911 comparisons
92% willing to recommend
NetWitness Logo
NetWitness Platform
Read 36 NetWitness Platform reviews
1,932 views|1,200 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Microsoft Sentinel vs. NetWitness Platform
May 2024
Executive Summary

We performed a comparison between Microsoft Sentinel and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Sentinel vs. NetWitness Platform Report (Updated: May 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
Joseph Messina
Helps save us time, streamlines event investigations, and improves our visibility
Sentinel provides us with a unified set of tools for detecting, investigating, and responding to incidents. This centralized approach offers both... Read more →
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.""The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.""Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.""Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.""I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box.""Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage.""It's pretty powerful and its performance is pretty good.""There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."

More Microsoft Sentinel Pros →

"Performance and reporting are very good.""I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.""The most valuable feature is the security that it provides.""Incident management is its most valuable feature.""In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing.""Their technical support responds quickly and are knowledgable.""It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.""Offers a good wireless feature."

More NetWitness Platform Pros →

Cons
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable.""We'd like also a better ticketing system, which is older.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language.""We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear.""The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."

More Microsoft Sentinel Cons →

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10.""The initial setup is complex. There are other solutions that are easier to implement.""The initial setup is very complex and should be simplified.""The tool's integration capability isn't so great.""Its technical support could be better.""The implementation needs assistance.""It is not so easy to customize this product.""It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Read all 2 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    Ranking
    2nd
    out of 80 in Security Information and Event Management (SIEM)
    Views
    30,365
    Comparisons
    16,911
    Reviews
    58
    Average Words per Review
    1,662
    Rating
    8.4
    15th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    1,932
    Comparisons
    1,200
    Reviews
    10
    Average Words per Review
    487
    Rating
    7.4
    Comparisons
    Also Known As
    Azure Sentinel
    RSA Security Analytics
    Learn More
    Microsoft
    NetWitness
    Video Not Available
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company24%
    Comms Service Provider24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise58%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise10%
    Large Enterprise67%
    Buyer's Guide
    Microsoft Sentinel vs. NetWitness Platform
    May 2024
    Free Report: Microsoft Sentinel vs. NetWitness Platform
    Find out what your peers are saying about Microsoft Sentinel vs. NetWitness Platform and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. Microsoft Sentinel is rated 8.2, while NetWitness Platform is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Microsoft Sentinel vs. NetWitness Platform report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.