We performed a comparison between i-SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The solution offers a lot of data on events. It helps us create specific detection strategies."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The analytic rule is the most valuable feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"It's pretty powerful and its performance is pretty good."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"The most valuable feature is the security that it provides."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The most valuable features are the packet inspection and the automated incident response."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The troubleshooting has room for improvement."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"Security needs improvement."
"Technical support could be improved."
"An area for improvement would be better automation and more inbuilt use cases."
"Health monitoring of the event sources and devices."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews. i-SIEM is rated 9.0, while NetWitness Platform is rated 7.4. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.