We performed a comparison between IBM Security QRadar and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The initial setup is very simple and straightforward."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The tool helps with infrastructure, application, and network monitoring."
"The solution is easy to use, manage, and review all incidents."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"We run 65 servers globally with just two people: an engineering person and me."
"It is a scalable solution."
"It's a state-of-the-art product for security information and event management (SIEM)."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The solution is really scalable for the high-end power, enterprise customer."
"Offers a good wireless feature."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is the security that it provides."
"NetWitness can be highly beneficial for incident detection and response."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"AI is superb but need improvements."
"The solution can be improved by lowering the cost and bettering their technical support."
"I would like to see a better GUI."
"We would like to see better instrumentation for debugging changes in the log flow."
"In a future release, the solution could provide malware analysis."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"GUI needs to be improved."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Technical support could be improved."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Its technical support could be better."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Health monitoring of the event sources and devices."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. IBM Security QRadar is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM. See our IBM Security QRadar vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.