We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The machine learning and artificial intelligence on offer are great."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The most valuable features are the integration and ease of use."
"Incident management is its most valuable feature."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"The solution has all the features that we need, however they do not work correctly."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We'd like also a better ticketing system, which is older."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"We'd like to see more connectors."
"The initial setup is complex. There are other solutions that are easier to implement."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Security needs improvement."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The initial setup is very complex and should be simplified."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"It should be able to communicate with other security solutions to stop threats."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"This solution could be easier to use."
"The one thing I continue to dislike about the USM is the limitation on reports."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.