We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Performance and reporting are very good."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable features are the integration and ease of use."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"Having everything in a central place has been helpful."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"I would like to see more AI used in processes."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The tool's integration capability isn't so great."
"The log system is a bit complex and has room for improvement."
"We have encountered issues with unresolved crashes."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Its technical support could be better."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"An area for improvement would be better automation and more inbuilt use cases."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"It would be hard for any legitimate MSSP to use it."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"This solution could be easier to use."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
NetWitness Platform is ranked 19th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
