We performed a comparison between NetWitness Platform and Securonix Next-Gen SIEM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Incident management is its most valuable feature."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable features are the packet inspection and the automated incident response."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness can be highly beneficial for incident detection and response."
"Performance and reporting are very good."
"The user interface is easy to learn and navigate."
"When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"The solution has proven to be stable so far...The solution is easy to scale up."
"One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"One of the most valuable features it has is the thread chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before."
"More customizability is required, which is something that they need to improve on."
"The log system is a bit complex and has room for improvement."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"We have encountered issues with unresolved crashes."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"An area for improvement would be better automation and more inbuilt use cases."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"Sometimes, the injectors lag and are not loading. It would be nice if that could be improved."
"The technical support of the solution is an area with shortcomings and needs improvement."
"When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. NetWitness Platform is rated 7.4, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and Sumo Logic Security. See our NetWitness Platform vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.