We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The main benefit is the ease of integration."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The UI-based analytics are excellent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The newer 11.5 version that my team is using has found it to have good mapping."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is the security that it provides."
"Performance and reporting are very good."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Incident management is its most valuable feature."
"Their technical support responds quickly and are knowledgable."
"It has allowed us to see what is happening on our servers."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"The vulnerability manager and the file integration are very good."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"It has powerful threat detection, incident response, and compliance management."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The on-prem log sources still require a lot of development."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The initial setup is very complex and should be simplified."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"An area for improvement would be better automation and more inbuilt use cases."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"Security needs improvement."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"The solution is a bit complicated. It could be simplified quite a bit."
"The dashboard could be improved as well as the level of customization."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"The only complex area of the setup was writing the custom scripts."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
