We performed a comparison between Exabeam Fusion SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"It's a very user-friendly product and it's a very comprehensive technology."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"The advanced analytics has a really great overview of user behavior."
"Timeline based analysis; good platform support"
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Their technical support responds quickly and are knowledgable."
"The most valuable features are the packet inspection and the automated incident response."
"The most valuable feature is the hunting ability to work in a CERT."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The solution could be more user-friendly; some query languages are required to operate it."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"They should provide detailed information about detecting phishing emails."
"The organzation is rigid and not flexible in the way they operate"
"We still have questions surrounding hardware deployment."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"I believe if it were more flexible it would be a better product."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"Its technical support could be better."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"It is not so easy to customize this product."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The solution should have more integration capabilities with different platforms."
Exabeam Fusion SIEM is ranked 31st in Log Management with 10 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. Exabeam Fusion SIEM is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Gurucul UEBA, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Exabeam Fusion SIEM vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
