Try our new research platform with insights from 80,000+ expert users

LogRhythm SIEM vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm SIEM
Ranking in Log Management
13th
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
175
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Log Management
33rd
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Log Management category, the mindshare of LogRhythm SIEM is 2.3%, down from 2.6% compared to the previous year. The mindshare of NetWitness Platform is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Market Share Distribution
ProductMarket Share (%)
LogRhythm SIEM2.3%
NetWitness Platform0.4%
Other97.3%
Log Management
 

Featured Reviews

SumitKumar20 - PeerSpot reviewer
Tool consistently aids in effective threat detection and monitoring but could benefit from improved log source management and resource optimization
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of gigabytes, terabytes, or petabytes from particular devices or environments. This information is crucial for planning future storage needs and scalability. The system monitor (collector) agent has issues with resource consumption. Even when not actively collecting data, the agent continues to consume significant CPU and memory resources, which can be particularly problematic for small business environments with limited resources. LogRhythm SIEM could improve by adding more default device support. While they have good default settings for devices such as Palo Alto firewalls, custom log sources often require extensive work. Increasing the number of supported devices with built-in policies and functionality would reduce the need for custom work. Competitive SIEM tools often provide more comprehensive coverage for various devices and vendors.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In general, the visibility of events and advanced analysis of events are good."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"LogRhythm SIEM's automated response capabilities help organizations mitigate threats through alerts based on specific use cases and monitoring requirements."
"It supports most standard log sources."
"As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
"The user interface is pretty good compared to other SIEM tools."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The most valuable features are the integration and ease of use."
"Offers a good wireless feature."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Performance and reporting are very good."
"It's quite economical compared to other solutions in the market."
"Their technical support responds quickly and are knowledgable."
 

Cons

"I face stability issues every quarter that necessitate corrective maintenance."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"The initial setup is not so easy because it is quite a process."
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"The pricing is the only problem."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The initial setup is very complex and should be simplified."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The solution should have more integration capabilities with different platforms."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"Security needs improvement."
 

Pricing and Cost Advice

"Everything is expensive with LogRhythm, and you don't get anything for free."
"LogRhythm's pricing and licensing is extremely competitive and it's one of the top three reasons we continue to invest in the platform."
"It is a very cost-effective solution."
"I give the price a six out of ten."
"The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent."
"I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now."
"The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required."
"The license cost is around $10 per MPS."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The product price was reasonable for my region and the market."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"We are on an annual license for the use of the solution."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
871,469 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Government
10%
Manufacturing Company
8%
Financial Services Firm
7%
Financial Services Firm
13%
Computer Software Company
11%
Comms Service Provider
7%
Performing Arts
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise38
Large Enterprise83
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
RSA Security Analytics
 

Overview

 

Sample Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Los Angeles World Airports, Reply
Find out what your peers are saying about LogRhythm SIEM vs. NetWitness Platform and other solutions. Updated: September 2025.
871,469 professionals have used our research since 2012.