We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Free ingestion for Azure logs (with E5 licence)"
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The analytic rule is the most valuable feature."
"The initial setup is very simple and straightforward."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable features are the integration and ease of use."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"NetWitness can be highly beneficial for incident detection and response."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It is my "security person" looking at irregularities and letting me know when something has occurred."
"The most valuable feature of this solution is security management for PCI DSS."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"We are able to get alerts perfectly with FIM and VA features."
"The solution is stable."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"AlienVault provides a checklist answer when using SIEM."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The solution should allow for a streamlined CI/CD procedure."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The product can be improved by reducing the cost to use AI machine learning."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The implementation needs assistance."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The initial setup is very complex and should be simplified."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"We have encountered issues with unresolved crashes."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The GUI needs to improve because it's not user-friendly."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.