Try our new research platform with insights from 80,000+ expert users

Elastic Security vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Ranking in Security Information and Event Management (SIEM)
5th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
65
Ranking in other categories
Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (8th), Extended Detection and Response (XDR) (10th)
NetWitness Platform
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Elastic Security is 3.0%, down from 6.0% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Elastic Security offers advanced features such as machine learning and integration with ChatGPT."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"The solution is quite stable. The performance has been good."
"I like the indexing of the logs."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The product's initial setup phase was not at all difficult."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness can be highly beneficial for incident detection and response."
"Offers a good wireless feature."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"It's quite economical compared to other solutions in the market."
"The newer 11.5 version that my team is using has found it to have good mapping."
 

Cons

"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"There isn't really a very good user experience. You need a lot of training."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"Health monitoring of the event sources and devices."
"The initial setup is very complex and should be simplified."
"More customizability is required, which is something that they need to improve on."
"Security needs improvement."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"We have encountered issues with unresolved crashes."
"The log system is a bit complex and has room for improvement."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
 

Pricing and Cost Advice

"There is no charge for using the open-source version."
"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
"The solution is free."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"We are using the free, open-source version of this solution."
"We use the open-source version, so there is no charge for this solution."
"I can say that the product is cheaply priced."
"This is an open-source product, so there are no costs."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We are on an annual license for the use of the solution."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"Compared to the competition, the is price is not that high."
"The product is expensive."
"This is a pricey solution; it's not cheap."
"It’s cheaper to run virtual machines in a VMware environment."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
860,711 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
9%
Financial Services Firm
9%
Comms Service Provider
7%
Financial Services Firm
17%
Computer Software Company
17%
Government
5%
Manufacturing Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they do not need extensive budgets for security solutions.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

Elastic SIEM, ELK Logstash
RSA Security Analytics
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Los Angeles World Airports, Reply
Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: June 2025.
860,711 professionals have used our research since 2012.