We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel pricing is good"
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Performance and reporting are very good."
"The most valuable features are the threat prediction and network forensics."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The product's initial setup phase was not at all difficult."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"NetWitness can be highly beneficial for incident detection and response."
"It's quite economical compared to other solutions in the market."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"Its powerful correlation engine helps reduce time in manually correlating events."
"This solution can completely detect and prevent incidents on your network."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"Using the communication within the security device, it is easier to create plugins."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"The reporting could be more structured."
"The troubleshooting has room for improvement."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The initial setup is complex. There are other solutions that are easier to implement."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The log system is a bit complex and has room for improvement."
"It is not so easy to customize this product."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"An area for improvement would be better automation and more inbuilt use cases."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"The reporting is mediocre and is something that needs to be improved."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
"I'd like to see a dashboard that's a little more descriptive."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.