We performed a comparison between NetWitness Platform and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"We have no complaints about the features or functionality."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The solution is really scalable for the high-end power, enterprise customer."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable features are the packet inspection and the automated incident response."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable features are the integration and ease of use."
"Offers a good wireless feature."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We'd like to see more connectors."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"It is not so easy to customize this product."
"The implementation needs assistance."
"The log system is a bit complex and has room for improvement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"Health monitoring of the event sources and devices."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The price of AT&T AlienVault USM could be reduced."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"In the future, I would like to see all these features of the solution working properly."
"The dashboard could be improved as well as the level of customization."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. NetWitness Platform is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NetWitness Platform vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.