We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The features that stand out are the detection engine and its integration with multiple data sources."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Offers a good wireless feature."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature is the hunting ability to work in a CERT."
"We are able to get alerts perfectly with FIM and VA features."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"The most valuable feature is threat intelligence."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Using the communication within the security device, it is easier to create plugins."
"It is my "security person" looking at irregularities and letting me know when something has occurred."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The solution should allow for a streamlined CI/CD procedure."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"It is not so easy to customize this product."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"We have encountered issues with unresolved crashes."
"More customizability is required, which is something that they need to improve on."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The solution is a bit complicated. It could be simplified quite a bit."
"The one thing I continue to dislike about the USM is the limitation on reports."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"Sometimes the log is unclear, and the report is a bit ambiguous."
NetWitness Platform is ranked 30th in Log Management with 35 reviews while USM Anywhere is ranked 14th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.