We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The pricing of the product is excellent."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"We have no complaints about the features or functionality."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable features are the integration and ease of use."
"It's quite economical compared to other solutions in the market."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature is the hunting ability to work in a CERT."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Asset discovery seems to be good."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"We are able to get alerts perfectly with FIM and VA features."
"It has allowed us to see what is happening on our servers."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Having everything in a central place has been helpful."
"The vulnerability manager and the file integration are very good."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The AI capabilities must be improved."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"We'd like also a better ticketing system, which is older."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The solution could be more user-friendly; some query languages are required to operate it."
"The log system is a bit complex and has room for improvement."
"The initial setup is very complex and should be simplified."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"More customizability is required, which is something that they need to improve on."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"Health monitoring of the event sources and devices."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Technical support could be improved."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"It would be hard for any legitimate MSSP to use it."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"In the future, I would like to see all these features of the solution working properly."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.