We performed a comparison between Elastic Security and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the machine learning capability."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable feature is the speed, as it responds in a very short time."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Stability-wise, I rate the solution a ten out of ten."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature is the hunting ability to work in a CERT."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The product's initial setup phase was not at all difficult."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"I would like more ways to manage permissions and restrict access to certain users."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"We'd like to see some more artificial intelligence capabilities."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Health monitoring of the event sources and devices."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"More customizability is required, which is something that they need to improve on."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
Elastic Security is ranked 5th in Log Management with 59 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. Elastic Security is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar and Cisco Secure Network Analytics. See our Elastic Security vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.