We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Free ingestion for Azure logs (with E5 licence)"
"Performance and reporting are very good."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"NetWitness Platform is valuable for creating rules that the solution must detect."
"NetWitness can be highly beneficial for incident detection and response."
"We are able to get alerts perfectly with FIM and VA features."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"The setup is very easy and straightforward."
"Ease of deployment across various environments."
"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The troubleshooting has room for improvement."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"I think the number one area of improvement for Sentinel would be the cost."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The initial setup is very complex and should be simplified."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The solution should have more integration capabilities with different platforms."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"Health monitoring of the event sources and devices."
"It is not so easy to customize this product."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The GUI needs to improve because it's not user-friendly."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.