NetWitness Platform vs OpenText Enterprise Security Manager comparison

NetWitness and OpenText are both solutions in the Security Information and Event Management (SIEM) category. NetWitness is ranked #30 with an average rating of 8.3, while OpenText is ranked #21 with an average rating of 7.0. NetWitness holds a 0.6% mindshare in SIEM, compared to OpenText’s 1.6% mindshare. Additionally, 75% of NetWitness users are willing to recommend the solution, compared to 88% of OpenText users who would recommend it.

NetWitness Platform

Read 36 NetWitness Platform reviews

1,507 Views
980 Comparison Views

75% willing to recommend

OpenText Enterprise Securit...

Read 98 OpenText Enterprise Security Manager reviews

2,595 Views
2,491 Comparison Views

88% willing to recommend

NetWitness Platform

OpenText Enterprise Securit...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 21, 2025

NetWitness Platform and OpenText Enterprise Security Manager are competing products in the security information and event management industry. NetWitness seems to have the upper hand in terms of data-handling capabilities, while OpenText offers a broader range of security features which may justify its cost.

Features: NetWitness Platform focuses on threat detection and analysis through advanced packet capture and analysis, powerful threat intelligence integrations, and deep endpoint visibility. OpenText Enterprise Security Manager provides a comprehensive approach to security management with extensive compliance reporting and integration capabilities, providing a wider array of security features.

Room for Improvement: NetWitness could enhance its integration capabilities with third-party tools, improve the user interface for greater ease of use, and offer more out-of-the-box compliance reports. OpenText Enterprise Security Manager could streamline its deployment process, enhance performance for large-scale enterprise environments, and improve its pricing structure to be more competitive.

Ease of Deployment and Customer Service: The NetWitness Platform is noted for its straightforward deployment and responsive customer service, offering direct support for setup and ongoing maintenance. OpenText's deployment can be more complex, requiring additional resources for integration but compensates with robust customer support options and extended support hours.

Pricing and ROI: The NetWitness Platform offers competitive initial setup costs, with ROI gained from its ability to quickly identify advanced threats. OpenText Enterprise Security Manager, though potentially higher in initial cost, offers a broad range of integrated security features which may provide a better ROI for organizations seeking an all-encompassing solution to enterprise security.

To learn more, read our detailed NetWitness Platform vs. OpenText Enterprise Security Manager Report (Updated: September 2025).

Buyer's Guide

NetWitness Platform vs. OpenText Enterprise Security Manager

September 2025

Download the complete report

Helped 871,829 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

30th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (33rd)

OpenText Enterprise Securit...

Ranking in Security Information and Event Management (SIEM)

21st

Average Rating

7.8

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of October 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, up from 0.6% compared to the previous year. The mindshare of OpenText Enterprise Security Manager is 1.6%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
OpenText Enterprise Security Manager	1.6%
NetWitness Platform	0.6%
Other	97.8%

Security Information and Event Management (SIEM)

Featured Reviews

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Ramnesh Dubey

Solutions Architect at Ericsson

Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods

The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"The most valuable features are the threat prediction and network forensics."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

"Offers a good wireless feature."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The solution is really scalable for the high-end power, enterprise customer."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

More NetWitness Platform pros

"Support is very good."

"The correlation feature is good."

"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."

"What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."

"ArcSight gives us better visibility into threats that were unknown earlier."

"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."

"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."

"Very good real-time reporting with a good dashboard."

More OpenText Enterprise Security Manager pros

Cons

"Technical support could be improved."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"The tool's integration capability isn't so great."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

More NetWitness Platform cons

"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."

"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."

"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."

"Customer service and support is our biggest challenge."

"They need to develop NetFlow appliances that can be installed in the customer network on span ports, collect NetFlow, and send it to ArcSight without relying on the devices' NetFlow capability and their position in the network."

"The stability isn't quite perfect. We occasionally run into problems."

"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."

"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."

More OpenText Enterprise Security Manager cons

Pricing and Cost Advice

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"The product is expensive."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"It’s cheaper to run virtual machines in a VMware environment."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"Our license is for one year."

More NetWitness Platform pricing and cost advice

"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."

"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."

"Aggregation can help a lot in pushing down licensing costs."

"The pricing is great compared to others."

"It's a good price, it's one of the cheaper solutions."

"There is a license required for this solution."

"The pricing model is expensive compared to open-source alternatives."

"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."

More OpenText Enterprise Security Manager pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

871,829 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Computer Software Company

11%

Comms Service Provider

Performing Arts

Financial Services Firm

13%

Manufacturing Company

11%

Computer Software Company

11%

Performing Arts

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	7
Large Enterprise	20

By reviewers
Company Size	Count
Small Business	37
Midsize Enterprise	14
Large Enterprise	57

Questions from the Community

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...

See all answers

What do you like most about ArcSight Enterprise Security Manager (ESM)?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

See all answers

What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?

ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.

See all answers

Comparisons

IBM Security QRadar vs NetWitness Platform

Compared 21% of the time

Splunk Enterprise Security vs NetWitness Platform

Compared 16% of the time

Elastic Security vs NetWitness Platform

Compared 10% of the time

USM Anywhere vs NetWitness Platform

Compared 8% of the time

Cisco Secure Network Analytics vs NetWitness Platform

Compared 6% of the time

More NetWitness Platform Competitors

Trellix ESM vs OpenText Enterprise Security Manager

Compared 19% of the time

IBM Security QRadar vs OpenText Enterprise Security Manager

Compared 11% of the time

Splunk Enterprise Security vs OpenText Enterprise Security Manager

Compared 8% of the time

SurfWatch Labs SurfWatch vs OpenText Enterprise Security Manager

Compared 7% of the time

Elastic Security vs OpenText Enterprise Security Manager

Compared 6% of the time

More OpenText Enterprise Security Manager Competitors

Product Reports

Buyer's Guide

NetWitness Platform

October 2025

Download NetWitness Platform product report

Buyer's Guide

OpenText Enterprise Security Manager

October 2025

OpenText Enterprise Security Manager report

Download OpenText Enterprise Security Manager product report

Also Known As

RSA Security Analytics

Micro Focus ArcSight, HPE ArcSight, ArcSight

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.

OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.

What are the key features of OpenText Enterprise Security Manager?

Event Correlation Engine: Real-time threat detection with advanced correlation capabilities.
Scalability: Adapts to enterprise-level demands and complex security needs.
Integration: Seamlessly integrates with multiple platforms and third-party tools.
Customizable Dashboards: Tailored views and active lists enhance user experience.
Advanced Alerting: Provides timely incident response and security alerts.

Why should users look for reviews when evaluating OpenText Enterprise Security Manager?

Timely Incident Responses: Fast alerting and action against threats.
User-Friendly Experience: Customizable dashboards simplify monitoring tasks.
Comprehensive Security Management: Integrated log management and threat detection across domains.
Adaptability and Scalability: Supports both on-premises and cloud deployments.

In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.

OpenText

Sample Customers

Los Angeles World Airports, Reply

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

Buyer's Guide

NetWitness Platform vs. OpenText Enterprise Security Manager

September 2025

Free Report: NetWitness Platform vs. OpenText Enterprise Security Manager

Find out what your peers are saying about NetWitness Platform vs. OpenText Enterprise Security Manager and other solutions. Updated: September 2025.

DOWNLOAD NOW

871,829 professionals have used our research since 2012.

See our NetWitness Platform vs. OpenText Enterprise Security Manager report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.