We performed a comparison between NetWitness Platform and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The product can integrate with any device."
"It's pretty powerful and its performance is pretty good."
"It has a lot of great features."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The product’s most valuable feature is log monitoring."
"Compared to other solutions, the user interface is good."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It has performed well and delivered the results that I have been looking for."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The troubleshooting has room for improvement."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"I would like to be able to monitor applications outside of the Azure Cloud."
"There is room for improvement in entity behavior and the integration site."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Technical support could be improved."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Its technical support could be better."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"Tech support is required each time there is a system update of the solution."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"Product currently requires Flash."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
NetWitness Platform is ranked 28th in Security Information and Event Management (SIEM) with 11 reviews while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 8 reviews. NetWitness Platform is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of NetWitness Platform writes "A solid SIEM solution that should improve technical support and online resources to be easier to use". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM. See our NetWitness Platform vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.