We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Log aggregation and data connectors are the most valuable features."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are the integration and ease of use."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Performance and reporting are very good."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The setup is very easy and straightforward."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"We are able to get alerts perfectly with FIM and VA features."
"The ease of implementation is the most valuable feature."
"This solution can completely detect and prevent incidents on your network."
"Asset discovery seems to be good."
"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The only thing is sometimes you can have a false positive."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The product can be improved by reducing the cost to use AI machine learning."
"I would like to see more AI used in processes."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The initial setup is complex. There are other solutions that are easier to implement."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"We have encountered issues with unresolved crashes."
"The implementation needs assistance."
"Technical support could be improved."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"Pay attention to false-positive event automatic correlations."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"It should be able to communicate with other security solutions to stop threats."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
