We performed a comparison between LogRhythm SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that makes it usable is the web interface."
"The GUI is very intuitive and the solution has good integration."
"The product is great for medium to large-scale organizations."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"We now have a central point of monitoring for all potential threats."
"The security operation center is excellent."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is the security that it provides."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"Scalability-wise, it's not that great."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"We're still struggling to get a real return on it and finding something that isn't false noise."
"The installation was a bit complex because we are running a virtual infrastructure."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"Move it to Linux. I would like to see it get off the SQL Server."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Its technical support could be better."
"Security needs improvement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"More customizability is required, which is something that they need to improve on."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. LogRhythm SIEM is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and LogRhythm Axon, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Fortinet FortiSIEM. See our LogRhythm SIEM vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.