• Home
  • Microsoft Sentinel vs. NetWitness Platform

Microsoft Sentinel vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
NetWitness Logo

NetWitness Platform

Read 36 NetWitness Platform reviews
2,136 views|1,314 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Microsoft Sentinel vs. NetWitness Platform
March 2024
Executive Summary

We performed a comparison between Microsoft Sentinel and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Sentinel vs. NetWitness Platform Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Harman Saggu
Provides valuable alerts and saves investigation time, but can use more connectors
It is crucial that Sentinel empowers us to safeguard our hybrid, cloud, and multi-cloud environments. We employ a hybrid cloud setup, and securing... Read more →
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The UI of Sentinel is very good and easy to use, even for beginners.""It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.""The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it.""The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native.""It has a lot of great features.""I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL.""The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.""Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."

More Microsoft Sentinel Pros →

"The most valuable features are the packet decoder, log decoder, and concentrator.""Performance and reporting are very good.""The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools.""The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""The solution is really scalable for the high-end power, enterprise customer.""The most valuable features are its ingestion of logs and raising of alerts based on those logs.""Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements.""The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."

More NetWitness Platform Pros →

Cons
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""The playbook is a bit difficult and could be improved.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest.""Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more.""Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider.""I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."

More Microsoft Sentinel Cons →

"The initial setup is complex. There are other solutions that are easier to implement.""The product's licensing models are complex to understand. This particular area needs improvement.""They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.""The tool's integration capability isn't so great.""I believe that integrating the solution with other products such as Oracle would be beneficial.""RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms.""The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.""There are instances where you try to run the reports and then it does not give you the desired outcome."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Read all 2 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    Ranking
    1st
    out of 80 in Security Information and Event Management (SIEM)
    Views
    32,763
    Comparisons
    18,195
    Reviews
    60
    Average Words per Review
    1,620
    Rating
    8.4
    16th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    2,136
    Comparisons
    1,314
    Reviews
    10
    Average Words per Review
    458
    Rating
    7.2
    Comparisons
    Also Known As
    Azure Sentinel
    RSA Security Analytics
    Learn More
    Microsoft
    NetWitness
    Video Not Available
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Comms Service Provider24%
    Financial Services Firm24%
    Computer Software Company24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise67%
    Buyer's Guide
    Microsoft Sentinel vs. NetWitness Platform
    March 2024
    Free Report: Microsoft Sentinel vs. NetWitness Platform
    Find out what your peers are saying about Microsoft Sentinel vs. NetWitness Platform and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews. Microsoft Sentinel is rated 8.2, while NetWitness Platform is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Microsoft Sentinel vs. NetWitness Platform report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.