We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It has a lot of great features."
"It has basic out-of-the-box integrations with multiple log sources."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The connectivity and analytics are great."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Offers a good wireless feature."
"The most valuable feature is the security that it provides."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Their technical support responds quickly and are knowledgable."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"We are able to get alerts perfectly with FIM and VA features."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The reporting could be more structured."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Security needs improvement."
"The solution should have more integration capabilities with different platforms."
"We have encountered issues with unresolved crashes."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The implementation needs assistance."
"An area for improvement would be better automation and more inbuilt use cases."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"It should be able to communicate with other security solutions to stop threats."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"The GUI needs to improve because it's not user-friendly."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"The reporting and dashboards have room for improvement."
NetWitness Platform is ranked 19th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.