ArcSight Intelligence vs NetWitness Platform Comparison 2024

Sponsored

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews

31,886 views|17,713 comparisons

ArcSight Intelligence

Read 5 ArcSight Intelligence reviews

594 views|414 comparisons

NetWitness Platform

Read 36 NetWitness Platform reviews

2,049 views|1,256 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

ArcSight Intelligence vs. NetWitness Platform

March 2024

Executive Summary

We performed a comparison between ArcSight Intelligence and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed ArcSight Intelligence vs. NetWitness Platform Report (Updated: March 2024).

Download the complete report

769,630 professionals have used our research since 2012.

Featured Review

Sean Moore

Lead Azure Sentinel Architect at a financial services firm

Researched ArcSight Intelligence but chose Microsoft Sentinel: Quick to deploy, good performance, and automatically scales with our requirements

This solution has helped to improve our security posture in several ways. It includes machine learning and AI capabilities, but it's also got the... Read more →

Nagendra Nekkala

Senior Manager ICT & Innovations at Bangalore International Airport Limited

A user-friendly solution that can be used to integrate the logs properly with different connectors

Salah Sabouni

Director at ST

Provides comprehensive network visibility, and has available helpful support

Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""It's pretty powerful and its performance is pretty good.""It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.""The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high.""The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user.""The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running.""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources.""The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."

More Microsoft Sentinel Pros →

"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way.""The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk.""The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place.""The product has a valuable interface.""The platform helps us improve threat detection capabilities."

More ArcSight Intelligence Pros →

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""NetWitness can be highly beneficial for incident detection and response.""The newer 11.5 version that my team is using has found it to have good mapping.""The most valuable features are the packet decoder, log decoder, and concentrator.""The product's initial setup phase was not at all difficult.""Offers a good wireless feature.""In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing.""The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

More NetWitness Platform Pros →

Cons

"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more.""The only thing is sometimes you can have a false positive.""It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools.""Add more out-of-the-box connectors with other SaaS platforms/applications.""The troubleshooting has room for improvement.""They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.""There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."

More Microsoft Sentinel Cons →

"We haven't found the product fully scalable.""The dashboard is not user-friendly and is in black and white.""The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better.""ArcSight Intelligence's pricing needs improvement.""ArcSight Intelligence is a bit slower, and its speed should be improved."

More ArcSight Intelligence Cons →

"The implementation needs assistance.""The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.""The multi-tenant capabilities are lagging compared to IBM QRadar.""Its technical support could be better.""The initial setup is very complex and should be simplified.""The log system is a bit complex and has room for improvement.""There is no support for this product in this country, so problems have to be resolved through global technical teams.""There are instances where you try to run the reports and then it does not give you the desired outcome."

More NetWitness Platform Cons →

Pricing and Cost Advice

"It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"

"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."

"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."

"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."

"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."

"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

More Microsoft Sentinel Pricing and Cost Advice →

"Its price is average and not very high. Splunk might be a bit cheaper than this. Its licensing is on a monthly basis."

"The solution is expensive and only suitable for enterprise environments."

"ArcSight Intelligence is an expensive solution."

"It is an expensive platform."

"They offer perpetual licenses for the product."

More ArcSight Intelligence Pricing and Cost Advice →

"It’s cheaper to run virtual machines in a VMware environment."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"It is cheap."

"The licenses are good but the cost is very expensive."

"This is a pricey solution; it's not cheap."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"Our license is for one year."

More NetWitness Platform Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See Recommendations

769,630 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threa...

Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »

Read all 10 answers →

What is a better choice, Splunk or Azure Sentinel?

Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »

Which is better - Azure Sentinel or AWS Security Hub?

Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »

Read all 2 answers →

What do you like most about ArcSight Interset / Intelligence?

Top Answer:The platform helps us improve threat detection capabilities.

Read all 5 answers →

What is your experience regarding pricing and costs for ArcSight Interset...

Top Answer:They offer perpetual licenses for the product.

Read all 5 answers →

What needs improvement with ArcSight Interset / Intelligence?

Top Answer:The product could be improved in several areas; it currently requires significant enhancement. Compared to QRadar and… more »

Read all 5 answers →

What do you like most about NetWitness Platform?

Top Answer:The product's initial setup phase was not at all difficult.

Read all 26 answers →

What is your experience regarding pricing and costs for NetWitness Platform?

Top Answer:The product price was reasonable for my region and the market.

Read all 16 answers →

What needs improvement with NetWitness Platform?

Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log… more »

Read all 25 answers →

Comparisons

AWS Security Hub vs. Microsoft Sentinel

Compared 17% of the time.

IBM Security QRadar vs. Microsoft Sentinel

Compared 12% of the time.

Splunk Enterprise Security vs. Microsoft Sentinel

Compared 6% of the time.

Microsoft Defender for Cloud vs. Microsoft Sentinel

Compared 6% of the time.

Elastic Security vs. Microsoft Sentinel

Compared 5% of the time.

More Microsoft Sentinel Competitors →

ArcSight Enterprise Security Manager (ESM) vs. ArcSight Intelligence

Compared 69% of the time.

Exabeam Fusion SIEM vs. ArcSight Intelligence

Compared 15% of the time.

More ArcSight Intelligence Competitors →

Splunk Enterprise Security vs. NetWitness Platform

Compared 32% of the time.

RSA enVision vs. NetWitness Platform

Compared 16% of the time.

IBM Security QRadar vs. NetWitness Platform

Compared 14% of the time.

Cisco Secure Network Analytics vs. NetWitness Platform

Compared 9% of the time.

Trellix Network Detection and Response vs. NetWitness Platform

Compared 5% of the time.

More NetWitness Platform Competitors →

Also Known As

Azure Sentinel

ArcSight Interset / Intelligence, FileTrek, Interset UEBA, Micro Focus Interset UEBA, Micro Focus Interset, ArcSight Interset

RSA Security Analytics

Learn More

Microsoft

OpenText

NetWitness

Video Not Available

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Empower your threat hunting team to pre-empt elusive attacks with anomaly detection powered by security AI to find insider threats, zero-day attacks, and APTs.

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Accuvant, Splunk Inc., NuTech, Box, rSolutions, Voodoo Technology Limited

Los Angeles World Airports, Reply

Top Industries

REVIEWERS

Financial Services Firm22%

Computer Software Company11%

Manufacturing Company8%

Comms Service Provider8%

VISITORS READING REVIEWS

Computer Software Company16%

Financial Services Firm10%

Government9%

Manufacturing Company7%

VISITORS READING REVIEWS

Computer Software Company15%

Financial Services Firm14%

Government12%

Manufacturing Company9%

REVIEWERS

Financial Services Firm24%

Computer Software Company24%

Comms Service Provider24%

Manufacturing Company10%

VISITORS READING REVIEWS

Financial Services Firm15%

Computer Software Company15%

Government10%

Insurance Company6%

Company Size

REVIEWERS

Small Business33%

Midsize Enterprise21%

Large Enterprise47%

VISITORS READING REVIEWS

Small Business25%

Midsize Enterprise16%

Large Enterprise59%

VISITORS READING REVIEWS

Small Business22%

Midsize Enterprise9%

Large Enterprise69%

REVIEWERS

Small Business26%

Midsize Enterprise17%

Large Enterprise57%

VISITORS READING REVIEWS

Small Business22%

Midsize Enterprise10%

Large Enterprise68%

Buyer's Guide

ArcSight Intelligence vs. NetWitness Platform

March 2024

Free Report: ArcSight Intelligence vs. NetWitness Platform

Find out what your peers are saying about ArcSight Intelligence vs. NetWitness Platform and other solutions. Updated: March 2024.

DOWNLOAD NOW

769,630 professionals have used our research since 2012.

ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. ArcSight Intelligence is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM) and Exabeam Fusion SIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our ArcSight Intelligence vs. NetWitness Platform report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

ArcSight Intelligence vs NetWitness Platform comparison