We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's pretty powerful and its performance is pretty good."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The initial setup is very simple and straightforward."
"The connectivity and analytics are great."
"It has basic out-of-the-box integrations with multiple log sources."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Offers a good wireless feature."
"The most valuable feature is the security that it provides."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"NetWitness can be highly beneficial for incident detection and response."
"The solution is really scalable for the high-end power, enterprise customer."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"Incident management is its most valuable feature."
"The most valuable features are the threat prediction and network forensics."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Its powerful correlation engine helps reduce time in manually correlating events."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"Using the communication within the security device, it is easier to create plugins."
"This solution can completely detect and prevent incidents on your network."
"The solution should allow for a streamlined CI/CD procedure."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is room for improvement in entity behavior and the integration site."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The product can be improved by reducing the cost to use AI machine learning."
"The solution could improve the playbooks."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The implementation needs assistance."
"The tool's integration capability isn't so great."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The user interface is a little bit difficult for new users and it needs to be improved."
"It is not so easy to customize this product."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The initial setup is complex. There are other solutions that are easier to implement."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"It would be hard for any legitimate MSSP to use it."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"The dashboard could be improved as well as the level of customization."
"In the future, I would like to see all these features of the solution working properly."
"The reporting and dashboards have room for improvement."
"Plugins could be better utilized, as some of them do not recognize all logs."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.