We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The automation feature is valuable."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The most valuable features are the packet inspection and the automated incident response."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is the hunting ability to work in a CERT."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"The most valuable feature of this solution is security management for PCI DSS."
"Asset discovery seems to be good."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"We'd like also a better ticketing system, which is older."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The solution should allow for a streamlined CI/CD procedure."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"It is not so easy to customize this product."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"The only complex area of the setup was writing the custom scripts."
"Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."
"The price of AT&T AlienVault USM could be reduced."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"This solution could be easier to use."
NetWitness Platform is ranked 30th in Log Management with 35 reviews while USM Anywhere is ranked 14th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.