We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Their technical support responds quickly and are knowledgable."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The most valuable features are the threat prediction and network forensics."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The ease of implementation is the most valuable feature."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"The initial setup is complex. There are other solutions that are easier to implement."
"The initial setup is very complex and should be simplified."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"It is not so easy to customize this product."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"We have encountered issues with unresolved crashes."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"The only complex area of the setup was writing the custom scripts."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"The solution is a bit complicated. It could be simplified quite a bit."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while USM Anywhere is ranked 13th in Security Information and Event Management (SIEM) with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Microsoft Sentinel. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.