We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The UI-based analytics are excellent."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The most valuable features are the threat prediction and network forensics."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature is the hunting ability to work in a CERT."
"Offers a good wireless feature."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Asset discovery seems to be good."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The setup is very easy and straightforward."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The product can be improved by reducing the cost to use AI machine learning."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The solution could improve the playbooks."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Security needs improvement."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"It should be able to communicate with other security solutions to stop threats."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.