Try our new research platform with insights from 80,000+ expert users

Elastic Security vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Ranking in Security Information and Event Management (SIEM)
5th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
65
Ranking in other categories
Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (8th), Extended Detection and Response (XDR) (10th)
NetWitness Platform
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Elastic Security is 3.0%, down from 6.0% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The visualization is very good."
"The most valuable feature is the ability to collect authentication information from service providers."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"The stability of the solution is good."
"The solution's most valuable features are anomaly detection and connectivity reporting."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Elastic is straightforward, easy to integrate, and highly customizable."
"Offers a good wireless feature."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable features are the integration and ease of use."
"The most valuable features are the threat prediction and network forensics."
"The most valuable features are the packet inspection and the automated incident response."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The most valuable features are the packet decoder, log decoder, and concentrator."
 

Cons

"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"Sometimes, the solution isn't the easiest to use."
"The tool should improve its scalability."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"We'd like to see some more artificial intelligence capabilities."
"There isn't really a very good user experience. You need a lot of training."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"The user interface is a little bit difficult for new users and it needs to be improved."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"More customizability is required, which is something that they need to improve on."
"It is not so easy to customize this product."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"Its technical support could be better."
"The log system is a bit complex and has room for improvement."
 

Pricing and Cost Advice

"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"I can say that the product is cheaply priced."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"We are using the free, open-source version of this solution."
"This is an open-source product, so there are no costs."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"The solution is not expensive and costs around ten dollars a month."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"It is cheap."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We are on an annual license for the use of the solution."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"The licenses are good but the cost is very expensive."
"It’s cheaper to run virtual machines in a VMware environment."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
860,825 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
9%
Financial Services Firm
9%
Comms Service Provider
7%
Financial Services Firm
17%
Computer Software Company
17%
Manufacturing Company
5%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they do not need extensive budgets for security solutions.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

Elastic SIEM, ELK Logstash
RSA Security Analytics
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Los Angeles World Airports, Reply
Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: June 2025.
860,825 professionals have used our research since 2012.