We performed a comparison between ArcSight Enterprise Security Manager (ESM) and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard that allows me to view all the incidents is the most valuable feature."
"The machine learning and artificial intelligence on offer are great."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"We have no complaints about the features or functionality."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"ESM has valuable features for event prediction and security analysis."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"The stability of ArcSight Enterprise Security Manager is good."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"ArcSight gives us better visibility into threats that were unknown earlier."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is the security that it provides."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The reporting could be more structured."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"The initial setup could be more straightforward."
"The security area has room for improvement."
"They need to develop NetFlow appliances that can be installed in the customer network on span ports, collect NetFlow, and send it to ArcSight without relying on the devices' NetFlow capability and their position in the network."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"The UI interface is somewhat complex and needs to be simplified."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"Technical support could be improved."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The product's licensing models are complex to understand. This particular area needs improvement."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while NetWitness Platform is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.