• Home
  • NetWitness Platform vs. USM Anywhere

NetWitness Platform vs USM Anywhere comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
NetWitness Logo

NetWitness Platform

Read 36 NetWitness Platform reviews
1,183 views|721 comparisons
74% willing to recommend
AT&T Logo

USM Anywhere

Read 113 USM Anywhere reviews
4,523 views|2,984 comparisons
92% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
NetWitness Platform vs. USM Anywhere
April 2024
Executive Summary

We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed NetWitness Platform vs. USM Anywhere Report (Updated: April 2024).
Download the complete report
768,415 professionals have used our research since 2012.
Featured Review
Nagendra Nekkala
Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting
We use the tool because we want a solution that can quickly analyze large volumes of data across the enterprise. Microsoft Sentinel is a one-stop... Read more →
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Subramaniam L.
Easy to deploy, stable, and affordable
AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.""The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.""Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises.""In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store""The features that stand out are the detection engine and its integration with multiple data sources.""The connectivity and analytics are great.""The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one.""There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."

More Microsoft Sentinel Pros →

"The newer 11.5 version that my team is using has found it to have good mapping.""The product's initial setup phase was not at all difficult.""The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""The most valuable features are the packet inspection and the automated incident response.""The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs.""NetWitness can be highly beneficial for incident detection and response.""It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.""In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

More NetWitness Platform Pros →

"Its powerful correlation engine helps reduce time in manually correlating events.""Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats.""There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.""It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go.""AlienVault provides a checklist answer when using SIEM.""It has streamlined log aggregation and analysis to meet organizational and regulatory needs.""The most valuable feature is threat intelligence.""The other big selling feature for us was its integration capabilities with all the other security-based products."

More USM Anywhere Pros →

Cons
"I think the number one area of improvement for Sentinel would be the cost.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft.""The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything...""The AI capabilities must be improved.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.""The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."

More Microsoft Sentinel Cons →

"I believe that integrating the solution with other products such as Oracle would be beneficial.""It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform.""The user interface is a little bit difficult for new users and it needs to be improved.""Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10.""The initial setup was complex because it takes a lot of time to complete the implementation.""The initial setup is very complex and should be simplified.""It is not so easy to customize this product.""Security needs improvement."

More NetWitness Platform Cons →

"The lack of mature functionality and expertise in any of those areas is a strong negative.""Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.""I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.""The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.""Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.""Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.""We develop additional rules and scripts to make it more usable.""Plugins could be better utilized, as some of them do not recognize all logs."

More USM Anywhere Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

  • "AlienVault is flexible on their pricing for unlimited licenses."
  • "Pricing is very competitive with other products and you get much more functionality from AlienVault."
  • "QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."
  • "Do the one month trial and try to work out the kinks during it, as it has free support and service hours."
  • "We checked out several competitors. For what it can do and the cost, it was the best option!"
  • "Use the AlienVault team. They are helpful and the documentation that they provide is second to none."
  • "​The price point is good.​"
  • "It has good pricing."

    • More USM Anywhere Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    See Recommendations
    768,415 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log… more »
    Read all 25 answers   →
    What do you like most about AT&T AlienVault USM?
    Top Answer:The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the… more »
    Read all 33 answers   →
    What is your experience regarding pricing and costs for AT&T AlienVault USM?
    Top Answer:It is a product that is priced in a medium range, making it neither a cheap nor a costly product.
    Read all 33 answers   →
    What needs improvement with AT&T AlienVault USM?
    Top Answer:The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve… more »
    Read all 36 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    RSA Security Analytics
    AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
    Learn More
    Microsoft
    NetWitness
    Video Not Available
    AT&T
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

    Discover

    • Network asset discovery
    • Software & services discovery
    • AWS asset discovery
    • Azure asset discovery
    • Google Cloud Platform asset discovery

    Analyze

    • SIEM event correlation, auto-prioritized alarms
    • User activity monitoring
    • Up to 90-days of online, searchable events

    Detect

    • Cloud intrusion detection (AWS, Azure, GCP)
    • Network intrusion detection (NIDS)
    • Host intrusion detection (HIDS)
    • Endpoint Detection and Response (EDR)

    Respond

    • Forensics querying
    • Automate & orchestrate response
    • Notifications and ticketing

    Assess

    • Vulnerability scanning
    • Cloud infrastructure assessment
    • User & asset configuration
    • Dark web monitoring

    Report

    • Pre-built compliance reporting templates
    • Pre-built event reporting templates
    • Customizable views and dashboards
    • Log storage
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Los Angeles World Airports, Reply
    Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company24%
    Comms Service Provider24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Insurance Company6%
    REVIEWERS
    Financial Services Firm20%
    Healthcare Company17%
    Computer Software Company9%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Comms Service Provider8%
    Government8%
    Educational Organization7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise67%
    REVIEWERS
    Small Business54%
    Midsize Enterprise25%
    Large Enterprise21%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise19%
    Large Enterprise47%
    Buyer's Guide
    NetWitness Platform vs. USM Anywhere
    April 2024
    Free Report: NetWitness Platform vs. USM Anywhere
    Find out what your peers are saying about NetWitness Platform vs. USM Anywhere and other solutions. Updated: April 2024.
    DOWNLOAD NOW
    768,415 professionals have used our research since 2012.

    NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.