We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"Offers a good wireless feature."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"It's quite economical compared to other solutions in the market."
"The most valuable features are the threat prediction and network forensics."
"Their technical support responds quickly and are knowledgable."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Ease of deployment across various environments."
"This solution can completely detect and prevent incidents on your network."
"The ease of implementation is the most valuable feature."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"Asset discovery seems to be good."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"I would like to be able to monitor applications outside of the Azure Cloud."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The troubleshooting has room for improvement."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"One key area that can be improved is by building a strong integration with our XDR platform."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The product's licensing models are complex to understand. This particular area needs improvement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"We have encountered issues with unresolved crashes."
"Health monitoring of the event sources and devices."
"The initial setup is very complex and should be simplified."
"Technical support could be improved."
"Its technical support could be better."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"The one thing I continue to dislike about the USM is the limitation on reports."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
