We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Free ingestion for Azure logs (with E5 licence)"
"The Log analytics are useful."
"We have no complaints about the features or functionality."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Their technical support responds quickly and are knowledgable."
"It's quite economical compared to other solutions in the market."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The product's initial setup phase was not at all difficult."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"The setup is very easy and straightforward."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"We'd like to see more connectors."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The AI capabilities must be improved."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"Its technical support could be better."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"Security needs improvement."
"It would be hard for any legitimate MSSP to use it."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"We develop additional rules and scripts to make it more usable."
"The price of AT&T AlienVault USM could be reduced."
"I'd like to see a dashboard that's a little more descriptive."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The reporting and dashboards have room for improvement."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.