NetWitness Platform vs Netsurion comparison

Netsurion and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. Netsurion is ranked #55, while NetWitness is ranked #30 with an average rating of 8.3. Netsurion holds a 0.6% mindshare in SIEM, compared to NetWitness’s 0.7% mindshare. Additionally, 92% of Netsurion users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

Netsurion

Read 24 Netsurion reviews

1,568 Views
847 Comparison Views

92% willing to recommend

NetWitness Platform

Read 36 NetWitness Platform reviews

1,776 Views
1,119 Comparison Views

75% willing to recommend

Netsurion

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Netsurion are prominent cybersecurity solutions. Users prefer Netsurion for its feature set, while appreciating the pricing and support of NetWitness Platform.

Features: NetWitness Platform is known for comprehensive threat detection, responsive analytics, and scalability for large enterprises. Netsurion is valued for ease of use, efficient incident response capabilities, and integration with existing systems. Users favor Netsurion's streamlined functionality and user-friendly experience.

Room for Improvement: Users of NetWitness Platform suggest improvements in integration with other security tools, a more intuitive learning curve, and better automation features. Netsurion users seek higher customization options, better integration with third-party tools, and enhancements in automation. Both products show room for improvement, focusing on these areas.

Ease of Deployment and Customer Service: NetWitness Platform’s deployment is complex but supported by strong customer service. Netsurion offers straightforward deployment and proactive support, making it easier for users to get started. Both have robust support, but Netsurion's simpler deployment process is advantageous.

Pricing and ROI: NetWitness Platform’s setup cost is reasonable, offering significant ROI through enhanced threat management. Netsurion is highlighted for cost-effectiveness and quicker ROI, suitable for smaller businesses and budget-conscious organizations. Both provide good ROI, with Netsurion’s pricing more accessible for various organizational sizes.

To learn more, read our detailed NetWitness Platform vs. Netsurion Report (Updated: December 2025).

Buyer's Guide

NetWitness Platform vs. Netsurion

December 2025

Download the complete report

Helped 879,310 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Netsurion

Ranking in Security Information and Event Management (SIEM)

55th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Managed Security Services Providers (MSSP) (42nd), SOC as a Service (13th), Managed Detection and Response (MDR) (37th), Extended Detection and Response (XDR) (43rd)

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

30th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (34th)

Mindshare comparison

As of December 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Netsurion is 0.6%, up from 0.3% compared to the previous year. The mindshare of NetWitness Platform is 0.7%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
NetWitness Platform	0.7%
Netsurion	0.6%
Other	98.7%

Security Information and Event Management (SIEM)

Featured Reviews

John-Berry

Information Technology Manager at ProfitSolv

The SOC center monitors, hunts, and notifies us of threats around the clock

I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Read full review

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."

"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."

"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."

"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."

"The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on."

"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."

"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."

"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."

More Netsurion pros

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."

"The solution is really scalable for the high-end power, enterprise customer."

"The most valuable feature is the hunting ability to work in a CERT."

"It's quite economical compared to other solutions in the market."

"Incident management is its most valuable feature."

More NetWitness Platform pros

Cons

"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."

"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."

"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."

"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."

"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."

"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."

"I would like to see the dashboard come up more quickly."

"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."

More Netsurion cons

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"The log system is a bit complex and has room for improvement."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"Technical support could be improved."

"The implementation needs assistance."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

More NetWitness Platform cons

Pricing and Cost Advice

"It is a bit expensive as compared to some of the other products that have come out in recent years. Expense-wise, the only downside is that it is not cheap."

"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."

"In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."

"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."

"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."

"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."

"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."

"Our pricing for Netsurion last year was US $52,000 per year."

More Netsurion pricing and cost advice

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"This is a pricey solution; it's not cheap."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"Compared to the competition, the is price is not that high."

"We are on an annual license for the use of the solution."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

879,310 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Performing Arts

15%

Government

Manufacturing Company

Outsourcing Company

Financial Services Firm

11%

Computer Software Company

10%

Performing Arts

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	7
Large Enterprise	7

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	7
Large Enterprise	20

Questions from the Community

Ask a question

Earn 20 points

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Comparisons

Devo vs Netsurion

Compared 10% of the time

Legato Security vs Netsurion

Compared 10% of the time

Fortinet FortiSIEM vs Netsurion

Compared 8% of the time

Trellix Helix Connect vs Netsurion

Compared 8% of the time

IBM Security QRadar vs Netsurion

Compared 7% of the time

More Netsurion Competitors

IBM Security QRadar vs NetWitness Platform

Compared 13% of the time

Splunk Enterprise Security vs NetWitness Platform

Compared 11% of the time

Elastic Security vs NetWitness Platform

Compared 8% of the time

RSA enVision vs NetWitness Platform

Compared 6% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 5% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

Netsurion

December 2025

Download Netsurion product report

Buyer's Guide

NetWitness Platform

December 2025

Download NetWitness Platform product report

Also Known As

Netsurion Managed Threat Protection, Netsurion EventTracker

RSA Security Analytics

Overview

Netsurion offers robust SIEM capabilities enhanced by managed services, facilitating efficient threat identification and response with real-time alerts and comprehensive reporting.

Netsurion stands out for its integration of SIEM, IDS, and vulnerability management. Its real-time threat alerts and dashboards enhance user response capabilities. With centralized logging from Windows, Linux, Cisco devices, firewalls, and Active Directory, Netsurion enables effective compliance support for HIPAA and PCI standards. Managed Threat Protection with the embedded MITRE ATT&CK Framework enhances threat intelligence, while its evolving interface aims to improve user interactions. However, some users find deployment and searching challenging, pointing to areas for improvement.

What are Netsurion's key features?

SIEM Capabilities: Efficient threat identification using real-time alerts and dashboards.
Managed Services: Provides remote monitoring and advisory support.
Comprehensive Reporting: Assists in compliance and actionable insights.
MITRE ATT&CK Framework: Enhances threat intelligence and management.
Seamless Integration: Works with existing systems for streamlined operations.

What benefits should users consider in reviews?

Threat Response Tool: Rapid identification and response to security incidents.
Usability: Efforts to evolve and simplify user interactions.
Operational Efficiency: Streamlined processes through integration and managed services.
Compliance Support: Assistance with industry standards like HIPAA and PCI.

Netsurion is frequently implemented in industries requiring comprehensive security monitoring and compliance, such as healthcare and finance. It aids businesses in consolidating security efforts, offering insights into user activities and system changes, an asset for companies lacking substantial internal resources.

Netsurion

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Sample Customers

The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores

Los Angeles World Airports, Reply

Buyer's Guide

NetWitness Platform vs. Netsurion

December 2025

Free Report: NetWitness Platform vs. Netsurion

Find out what your peers are saying about NetWitness Platform vs. Netsurion and other solutions. Updated: December 2025.

DOWNLOAD NOW

879,310 professionals have used our research since 2012.

See our NetWitness Platform vs. Netsurion report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.