We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"It's pretty powerful and its performance is pretty good."
"The UI of Sentinel is very good and easy to use, even for beginners."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The features that stand out are the detection engine and its integration with multiple data sources."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The pricing of the product is excellent."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"Performance and reporting are very good."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The newer 11.5 version that my team is using has found it to have good mapping."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable features are the packet inspection and the automated incident response."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"The most valuable feature is threat intelligence."
"AlienVault provides a checklist answer when using SIEM."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"The setup is very easy and straightforward."
"The solution has all the features that we need, however they do not work correctly."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The solution should have more integration capabilities with different platforms."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The initial setup is very complex and should be simplified."
"Technical support could be improved."
"More customizability is required, which is something that they need to improve on."
"An area for improvement would be better automation and more inbuilt use cases."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"Pay attention to false-positive event automatic correlations."
"The one thing I continue to dislike about the USM is the limitation on reports."
"This solution could be easier to use."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"The only complex area of the setup was writing the custom scripts."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.