We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The analytic rule is the most valuable feature."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Free ingestion for Azure logs (with E5 licence)"
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The connectivity and analytics are great."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Offers a good wireless feature."
"Their technical support responds quickly and are knowledgable."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable features are the threat prediction and network forensics."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"Having everything in a central place has been helpful."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Asset discovery seems to be good."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"There is room for improvement in entity behavior and the integration site."
"The only thing is sometimes you can have a false positive."
"One key area that can be improved is by building a strong integration with our XDR platform."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The log system is a bit complex and has room for improvement."
"The product's licensing models are complex to understand. This particular area needs improvement."
"Technical support could be improved."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The solution should have more integration capabilities with different platforms."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The solution is a bit complicated. It could be simplified quite a bit."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"The reporting is mediocre and is something that needs to be improved."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.