We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel pricing is good"
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It has basic out-of-the-box integrations with multiple log sources."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable features are the integration and ease of use."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The product's initial setup phase was not at all difficult."
"It's quite economical compared to other solutions in the market."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is the security that it provides."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Using the communication within the security device, it is easier to create plugins."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"The solution could improve the playbooks."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The only thing is sometimes you can have a false positive."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The tool's integration capability isn't so great."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Health monitoring of the event sources and devices."
"Security needs improvement."
"Technical support could be improved."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The reporting and dashboards have room for improvement."
"The only complex area of the setup was writing the custom scripts."
"It would be hard for any legitimate MSSP to use it."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"We develop additional rules and scripts to make it more usable."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"The reporting is mediocre and is something that needs to be improved."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.