We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"It has a lot of great features."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The UI of Sentinel is very good and easy to use, even for beginners."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The most valuable features are the packet inspection and the automated incident response."
"Their technical support responds quickly and are knowledgable."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The product's initial setup phase was not at all difficult."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Its powerful correlation engine helps reduce time in manually correlating events."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"We are able to get alerts perfectly with FIM and VA features."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"Reports are customized, so you can present them to executives or engineers."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The solution should allow for a streamlined CI/CD procedure."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The on-prem log sources still require a lot of development."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The log system is a bit complex and has room for improvement."
"Security needs improvement."
"It is not so easy to customize this product."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The solution should have more integration capabilities with different platforms."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"Its technical support could be better."
"An area for improvement would be better automation and more inbuilt use cases."
"Plugins could be better utilized, as some of them do not recognize all logs."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The solution is a bit complicated. It could be simplified quite a bit."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.