We performed a comparison between ArcSight Intelligence and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It's pretty powerful and its performance is pretty good."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The product has a valuable interface."
"The platform helps us improve threat detection capabilities."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"NetWitness can be highly beneficial for incident detection and response."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The product's initial setup phase was not at all difficult."
"Offers a good wireless feature."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The only thing is sometimes you can have a false positive."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The troubleshooting has room for improvement."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We haven't found the product fully scalable."
"The dashboard is not user-friendly and is in black and white."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"ArcSight Intelligence's pricing needs improvement."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The implementation needs assistance."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"Its technical support could be better."
"The initial setup is very complex and should be simplified."
"The log system is a bit complex and has room for improvement."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. ArcSight Intelligence is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM) and Exabeam Fusion SIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our ArcSight Intelligence vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.