We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The solution is really scalable for the high-end power, enterprise customer."
"NetWitness can be highly beneficial for incident detection and response."
"It has allowed us to see what is happening on our servers."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"Asset discovery seems to be good."
"Ease of deployment across various environments."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"There is room for improvement in entity behavior and the integration site."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The solution could be more user-friendly; some query languages are required to operate it."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Its technical support could be better."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"We have encountered issues with unresolved crashes."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"In the future, I would like to see all these features of the solution working properly."
"Pay attention to false-positive event automatic correlations."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The only complex area of the setup was writing the custom scripts."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.