We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The Log analytics are useful."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the integration and ease of use."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"Reports are customized, so you can present them to executives or engineers."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The solution could improve the playbooks."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The on-prem log sources still require a lot of development."
"The initial setup is complex. There are other solutions that are easier to implement."
"Its technical support could be better."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The implementation needs assistance."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Health monitoring of the event sources and devices."
"The log system is a bit complex and has room for improvement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"Pay attention to false-positive event automatic correlations."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"The only complex area of the setup was writing the custom scripts."
"It would be hard for any legitimate MSSP to use it."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
