Try our new research platform with insights from 80,000+ expert users

Elastic Security vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Ranking in Security Information and Event Management (SIEM)
5th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
65
Ranking in other categories
Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (8th), Extended Detection and Response (XDR) (10th)
NetWitness Platform
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Elastic Security is 3.0%, down from 6.0% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"ELK documentation is very good, so never needed to contact technical support."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"It is scalable."
"It's open-source and free to use."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The most valuable feature for me is Discover."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness can be highly beneficial for incident detection and response."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The solution is really scalable for the high-end power, enterprise customer."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
 

Cons

"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"The tool should improve its scalability."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Email notification should be done the same way as Logentries does it."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"Sometimes, the solution isn't the easiest to use."
"Better integration with third-party APMs would be really good."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The tool's integration capability isn't so great."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The solution should have more integration capabilities with different platforms."
 

Pricing and Cost Advice

"Compared to other products such as Dynatrace, this is one of the cheaper options."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"This is a pricey solution; it's not cheap."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"It is cheap."
"It’s cheaper to run virtual machines in a VMware environment."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
9%
Financial Services Firm
9%
Comms Service Provider
8%
Financial Services Firm
17%
Computer Software Company
16%
Comms Service Provider
5%
Energy/Utilities Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they do not need extensive budgets for security solutions.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

Elastic SIEM, ELK Logstash
RSA Security Analytics
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Los Angeles World Airports, Reply
Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.