We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The automation feature is valuable."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It's pretty powerful and its performance is pretty good."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The features that stand out are the detection engine and its integration with multiple data sources."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The product's initial setup phase was not at all difficult."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"NetWitness can be highly beneficial for incident detection and response."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."
"The solution has all the features that we need, however they do not work correctly."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"The most valuable feature of this solution is security management for PCI DSS."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"Using the communication within the security device, it is easier to create plugins."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"We had used previous products and found AlienVault centralized the logging for our security."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The solution could be more user-friendly; some query languages are required to operate it."
"The only thing is sometimes you can have a false positive."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The solution should allow for a streamlined CI/CD procedure."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Its technical support could be better."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Technical support could be improved."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"It would be hard for any legitimate MSSP to use it."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"I'd like to see a dashboard that's a little more descriptive."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"The one thing I continue to dislike about the USM is the limitation on reports."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.