• Home
  • Elastic Security vs. NetWitness Platform

Elastic Security vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
Elastic Logo
Elastic Security
Read 58 Elastic Security reviews
14,933 views|12,217 comparisons
86% willing to recommend
NetWitness Logo
NetWitness Platform
Read 36 NetWitness Platform reviews
1,117 views|686 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Elastic Security vs. NetWitness Platform
April 2024
Executive Summary

We performed a comparison between Elastic Security and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Elastic Security vs. NetWitness Platform Report (Updated: April 2024).
Download the complete report
787,033 professionals have used our research since 2012.
Featured Review
Haroon Khand
Enables users to know about the downtime and the errors in the code
There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. These are... Read more →
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Enables monitoring of application performance and the ability to predict behaviors.""ELK Logstash is easy and fast, at least for the initial setup with the out of box uses.""Elastic Security is very customizable, and the dashboards are very easy to build.""The stability of the solution is good.""ELK documentation is very good, so never needed to contact technical support.""The most valuable feature for me is Discover.""I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.""The scalability is good. It can be scaled easily in the production environment."

More Elastic Security Pros →

"The most valuable feature is the correlation. It can report in real-time and monitor the management.""Their technical support responds quickly and are knowledgable.""The product's initial setup phase was not at all difficult.""It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.""What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.""NetWitness Platform is valuable for creating rules that the solution must detect.""It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.""Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

More NetWitness Platform Pros →

Cons
"I would like more ways to manage permissions and restrict access to certain users.""Email notification should be done the same way as Logentries does it.""We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).""If you compare this with CrowdStrike or Carbon Black, they can improve.""It is difficult to anticipate and understand the space utilization, so more clarity there would be great.""The solution could offer better reporting features.""With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM.""Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."

More Elastic Security Cons →

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly.""The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too.""If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.""There are instances where you try to run the reports and then it does not give you the desired outcome.""Technical support could be improved.""The multi-tenant capabilities are lagging compared to IBM QRadar.""RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms.""Security needs improvement."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "We use the open-source version, so there is no charge for this solution."
  • "We are using the free, open-source version of this solution."
  • "Elastic Stack is an open-source tool. You don't have to pay anything for the components."
  • "There is no charge for using the open-source version."
  • "This is an open-source product, so there are no costs."
  • "It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
  • "It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
  • "Compared to other products such as Dynatrace, this is one of the cheaper options."

    • More Elastic Security Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    See Recommendations
    787,033 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Datadog vs ELK: which one is good in terms of performance, cost and effic...
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good core… more »
    Read all 7 answers   →
    What do you like most about Elastic Security?
    Top Answer:Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of… more »
    Read all 26 answers   →
    What is your experience regarding pricing and costs for Elastic Security?
    Top Answer:Elastic Security is open-source. Unlike many older solutions where you must pay for data ingestion, Elastic allows you to ingest data freely. Being open source, you can set up a Kafka front door layer… more »
    Read all 19 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    Ranking
    5th
    out of 95 in Log Management
    Views
    14,933
    Comparisons
    12,217
    Reviews
    26
    Average Words per Review
    499
    Rating
    7.7
    18th
    out of 95 in Log Management
    Views
    1,117
    Comparisons
    686
    Reviews
    10
    Average Words per Review
    487
    Rating
    7.4
    Comparisons
    Also Known As
    Elastic SIEM, ELK Logstash
    RSA Security Analytics
    Learn More
    Elastic
    NetWitness
    Video Not Available
    Overview
    Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


    Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

    Additional offerings and benefits:

    • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
    • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
    • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

    Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Financial Services Firm30%
    Computer Software Company26%
    Healthcare Company13%
    Comms Service Provider9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government9%
    Comms Service Provider6%
    REVIEWERS
    Comms Service Provider24%
    Financial Services Firm24%
    Computer Software Company24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business60%
    Midsize Enterprise18%
    Large Enterprise23%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise56%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise10%
    Large Enterprise67%
    Buyer's Guide
    Elastic Security vs. NetWitness Platform
    April 2024
    Free Report: Elastic Security vs. NetWitness Platform
    Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: April 2024.
    DOWNLOAD NOW
    787,033 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Log Management with 58 reviews while NetWitness Platform is ranked 18th in Log Management with 36 reviews. Elastic Security is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Elastic Security writes "Customizable with great dashboards but the premium support is poor". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar and Cisco Secure Network Analytics. See our Elastic Security vs. NetWitness Platform report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.