We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Free ingestion for Azure logs (with E5 licence)"
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The main benefit is the ease of integration."
"The machine learning and artificial intelligence on offer are great."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Performance and reporting are very good."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable feature is the security that it provides."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"Offers a good wireless feature."
"Asset discovery seems to be good."
"The most valuable feature of this solution is security management for PCI DSS."
"Using the communication within the security device, it is easier to create plugins."
"The setup is very easy and straightforward."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The on-prem log sources still require a lot of development."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The product can be improved by reducing the cost to use AI machine learning."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The tool's integration capability isn't so great."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"We have encountered issues with unresolved crashes."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"The solution is a bit complicated. It could be simplified quite a bit."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"It should be able to communicate with other security solutions to stop threats."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.