We performed a comparison between Exabeam Fusion SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The setup is not difficult. It was easy."
"The solution's initial setup process is easy."
"It's a very user-friendly product and it's a very comprehensive technology."
"The advanced analytics has a really great overview of user behavior."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"Timeline based analysis; good platform support"
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The product's initial setup phase was not at all difficult."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The solution is really scalable for the high-end power, enterprise customer."
"Incident management is its most valuable feature."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The most valuable features are the packet inspection and the automated incident response."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The AI capabilities must be improved."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"They should provide detailed information about detecting phishing emails."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"The organzation is rigid and not flexible in the way they operate"
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"I believe if it were more flexible it would be a better product."
"The only problem is that the UI is not very impressive."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Technical support could be improved."
"The user interface is a little bit difficult for new users and it needs to be improved."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It is not so easy to customize this product."
"Its technical support could be better."
Exabeam Fusion SIEM is ranked 32nd in Log Management with 10 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. Exabeam Fusion SIEM is rated 8.0, while NetWitness Platform is rated 7.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Gurucul UEBA, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Exabeam Fusion SIEM vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.