Try our new research platform with insights from 80,000+ expert users

NetWitness Platform vs OpenText Enterprise Security Manager comparison

NetWitness and OpenText are both solutions in the Security Information and Event Management (SIEM) category. NetWitness is ranked #30 with an average rating of 8.3, while OpenText is ranked #21 with an average rating of 7.0. NetWitness holds a 0.6% mindshare in SIEM, compared to OpenText’s 1.6% mindshare. Additionally, 75% of NetWitness users are willing to recommend the solution, compared to 88% of OpenText users who would recommend it.
NetWitness Platform
Read 37 NetWitness Platform reviews
  • 1,507 Views
  • 980 Comparison Views
75% willing to recommend
OpenText Enterprise Securit...
Read 98 OpenText Enterprise Security Manager reviews
  • 2,595 Views
  • 2,491 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 21, 2025

NetWitness Platform and OpenText Enterprise Security Manager are competing products in the security information and event management industry. NetWitness seems to have the upper hand in terms of data-handling capabilities, while OpenText offers a broader range of security features which may justify its cost.

Features: NetWitness Platform focuses on threat detection and analysis through advanced packet capture and analysis, powerful threat intelligence integrations, and deep endpoint visibility. OpenText Enterprise Security Manager provides a comprehensive approach to security management with extensive compliance reporting and integration capabilities, providing a wider array of security features.

Room for Improvement: NetWitness could enhance its integration capabilities with third-party tools, improve the user interface for greater ease of use, and offer more out-of-the-box compliance reports. OpenText Enterprise Security Manager could streamline its deployment process, enhance performance for large-scale enterprise environments, and improve its pricing structure to be more competitive.

Ease of Deployment and Customer Service: The NetWitness Platform is noted for its straightforward deployment and responsive customer service, offering direct support for setup and ongoing maintenance. OpenText's deployment can be more complex, requiring additional resources for integration but compensates with robust customer support options and extended support hours.

Pricing and ROI: The NetWitness Platform offers competitive initial setup costs, with ROI gained from its ability to quickly identify advanced threats. OpenText Enterprise Security Manager, though potentially higher in initial cost, offers a broad range of integrated security features which may provide a better ROI for organizations seeking an all-encompassing solution to enterprise security.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed NetWitness Platform vs. OpenText Enterprise Security Manager Report (Updated: September 2025).
Buyer's Guide
NetWitness Platform vs. OpenText Enterprise Security Manager
September 2025
Download the complete report
Helped 868,759 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (33rd)
OpenText Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
21st
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
98
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, up from 0.6% compared to the previous year. The mindshare of OpenText Enterprise Security Manager is 1.6%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
OpenText Enterprise Security Manager1.6%
NetWitness Platform0.6%
Other97.8%
Security Information and Event Management (SIEM)
 

Featured Reviews

MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.
Read full review
Ramnesh Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product's initial setup phase was not at all difficult."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"NetWitness can be highly beneficial for incident detection and response."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
More NetWitness Platform pros
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"Very good real-time reporting with a good dashboard."
"The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"ArcSight gives us better visibility into threats that were unknown earlier."
"We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
More OpenText Enterprise Security Manager pros
 

Cons

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The initial setup is very complex and should be simplified."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"An area for improvement would be better automation and more inbuilt use cases."
"Security needs improvement."
"Its technical support could be better."
"The log system is a bit complex and has room for improvement."
More NetWitness Platform cons
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"Could benefit from a more modern interface."
"ArcSight ESM is lacking cloud scalable technology."
"HPE ArcSight has a quite steep learning curve."
"The dashboard looks a bit cumbersome."
"The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
More OpenText Enterprise Security Manager cons
 

Pricing and Cost Advice

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"We are on an annual license for the use of the solution."
"The product is expensive."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
More NetWitness Platform pricing and cost advice
"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."
"There is a license required for this solution."
"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
"The solution is super expensive. At our organization size and license model, I think the price is average to what anyone else would charge us."
"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."
"Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service."
"HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
More OpenText Enterprise Security Manager pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
868,759 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
12%
Comms Service Provider
7%
Performing Arts
7%
Financial Services Firm
14%
Computer Software Company
12%
Manufacturing Company
11%
Performing Arts
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise14
Large Enterprise57
 

Questions from the Community

What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
See all answers
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
See all answers
Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
See all answers
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
See all answers
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.
See all answers
 

Comparisons

IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 24% of the time
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 18% of the time
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Compared 14% of the time
USM Anywhere vs NetWitness Platform Logo
USM Anywhere vs NetWitness Platform
Compared 11% of the time
Cisco Secure Network Analytics vs NetWitness Platform Logo
Cisco Secure Network Analytics vs NetWitness Platform
Compared 7% of the time
More NetWitness Platform Competitors
Trellix ESM vs OpenText Enterprise Security Manager Logo
Trellix ESM vs OpenText Enterprise Security Manager
Compared 18% of the time
IBM Security QRadar vs OpenText Enterprise Security Manager Logo
IBM Security QRadar vs OpenText Enterprise Security Manager
Compared 11% of the time
Splunk Enterprise Security vs OpenText Enterprise Security Manager Logo
Splunk Enterprise Security vs OpenText Enterprise Security Manager
Compared 9% of the time
SurfWatch Labs SurfWatch vs OpenText Enterprise Security Manager Logo
SurfWatch Labs SurfWatch vs OpenText Enterprise Security Manager
Compared 7% of the time
Elastic Security vs OpenText Enterprise Security Manager Logo
Elastic Security vs OpenText Enterprise Security Manager
Compared 7% of the time
More OpenText Enterprise Security Manager Competitors
 

Product Reports

Buyer's Guide
NetWitness Platform
September 2025
NetWitness Platform reportDownload NetWitness Platform product report
Buyer's Guide
OpenText Enterprise Security Manager
September 2025
OpenText Enterprise Security Manager reportDownload OpenText Enterprise Security Manager product report
 

Also Known As

RSA Security Analytics
Micro Focus ArcSight, HPE ArcSight, ArcSight
 

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.

OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.

What are the key features of OpenText Enterprise Security Manager?
  • Event Correlation Engine: Real-time threat detection with advanced correlation capabilities.
  • Scalability: Adapts to enterprise-level demands and complex security needs.
  • Integration: Seamlessly integrates with multiple platforms and third-party tools.
  • Customizable Dashboards: Tailored views and active lists enhance user experience.
  • Advanced Alerting: Provides timely incident response and security alerts.
Why should users look for reviews when evaluating OpenText Enterprise Security Manager?
  • Timely Incident Responses: Fast alerting and action against threats.
  • User-Friendly Experience: Customizable dashboards simplify monitoring tasks.
  • Comprehensive Security Management: Integrated log management and threat detection across domains.
  • Adaptability and Scalability: Supports both on-premises and cloud deployments.

In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.

OpenText
 

Sample Customers

Los Angeles World Airports, Reply
Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Buyer's Guide
NetWitness Platform vs. OpenText Enterprise Security Manager
September 2025
Free Report: NetWitness Platform vs. OpenText Enterprise Security Manager
Find out what your peers are saying about NetWitness Platform vs. OpenText Enterprise Security Manager and other solutions. Updated: September 2025.
DOWNLOAD NOW
868,759 professionals have used our research since 2012.
See our NetWitness Platform vs. OpenText Enterprise Security Manager report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.