NetWitness Platform vs Palo Alto Networks WildFire comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,221 views|5,466 comparisons
NetWitness Logo
5,458 views|3,507 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between NetWitness Platform and Palo Alto Networks WildFire based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed NetWitness Platform vs. Palo Alto Networks WildFire Report (Updated: September 2022).
654,658 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that.""The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is."

More Devo Pros →

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language.""I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.""The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""The solution is really scalable for the high-end power, enterprise customer.""The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools.""Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports.""Offers a good wireless feature.""It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

More NetWitness Platform Pros →

"The backup is the best feature.""We have found that Palo Alto Networks WildFire is scalable. We currently have six thousand users for the product.""I love the idea of Palo Alto Networks WildFire. It's more geared toward preventing malware. If someone's laptop or phone is malware-infected, the tool prevents it from uploading valuable corporate data outside the corporate network. That's what I love about Palo Alto Networks WildFire. It stops malware in its tracks.""The most valuable features are all of the security features in terms of protection and SSL and VPN.""Remote access is excellent.""WildFire's application encryption is useful.""The solution is completely integrated with all the other Palo Alto products. I think that it is the best part for endpoint protection. The firewall features include URL and DNS filtering, threat protection, and antivirus.""The most valuable feature of this solution is how it keeps up-to-date with viruses."

More Palo Alto Networks WildFire Pros →

Cons
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets.""There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc.""I would like to have the ability to create more complex dashboards.""The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts.""Technical support could be better.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."

More Devo Cons →

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.""There are instances where you try to run the reports and then it does not give you the desired outcome.""The initial setup is complex. There are other solutions that are easier to implement.""The multi-tenant capabilities are lagging compared to IBM QRadar.""The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too.""Technical support could be improved.""Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10.""RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

More NetWitness Platform Cons →

"The cost of the solution is excessively high.""In the future, Palo Alto could reduce the time it takes to process the file.""The threat intelligence that we receiving in the reporting was not as expected. We were expecting more. Additionally, we should be able to whitelist a specific file based on a variety of attributes.""In terms of what I'd like to see in the next release of Palo Alto Networks WildFire, each release is based on malware that has been identified. The key problem is an average of six months from the time malware is written to the time it's discovered and a signature is created for it. The only advice that I can give is for them to shorten that timeframe. I don't know how they would do it, but if they shorten that, for example, cut it in half, they'll make themselves more famous.""The global product feature needs improvement, the VPN, and we need some enhanced features.""The automation and responsiveness need improvement.""Our main concern is that everything has to be synced with the WildFire Cloud and has to be checked through the subscription.""The only problem with this solution is the cost. It's expensive."

More Palo Alto Networks WildFire Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
  • "We are on an annual license for the use of the solution."
  • "RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
  • "We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
  • "Compared to the competition, the is price is not that high."
  • More NetWitness Platform Pricing and Cost Advice →

  • "The price is a bit higher than the other products such as TrendMicro, or FireEye."
  • "Pricing could be improved."
  • "We are on an annual subscription. When we purchased the firewall, we had activated this solutions license for a minimum of one year. The price of the solution is fair."
  • "It depends on the features. Additional features cost additional money as well."
  • "The solution is overpriced."
  • "The price of the Palo Alto Networks WildFire license is expensive. When it came time to renew the solution the price doubled."
  • "WildFire is a little bit pricey. Sometimes it's difficult to sell it to customers at the current price."
  • "The physical appliance is around €3,000 or €4,000, and then, you have the licensing for a year for around €3,000."
  • More Palo Alto Networks WildFire Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    654,658 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's… more »
    Top Answer:I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on… more »
    Top Answer:We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:FortiGate has a lot going for it and I consider it to be the best, most user-friendly firewall out there. What I like… more »
    Top Answer:When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced… more »
    Comparisons
    Also Known As
    RSA Security Analytics
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.
    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about NetWitness Platform
    Learn more about Palo Alto Networks WildFire
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    Los Angeles World Airports, Reply
    Novamedia, Nexon Asia Pacific, Lenovo, Samsonite, IOOF, Sinogrid, SanDisk Corporation
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Comms Service Provider10%
    Retailer10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider12%
    Financial Services Firm9%
    Government9%
    REVIEWERS
    Comms Service Provider31%
    Financial Services Firm25%
    Computer Software Company25%
    Manufacturing Company13%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider14%
    Financial Services Firm12%
    Government11%
    REVIEWERS
    Government17%
    Financial Services Firm13%
    Comms Service Provider13%
    Retailer8%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider17%
    Government8%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business26%
    Midsize Enterprise11%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    REVIEWERS
    Small Business47%
    Midsize Enterprise13%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise58%
    Buyer's Guide
    NetWitness Platform vs. Palo Alto Networks WildFire
    September 2022
    Find out what your peers are saying about NetWitness Platform vs. Palo Alto Networks WildFire and other solutions. Updated: September 2022.
    654,658 professionals have used our research since 2012.

    NetWitness Platform is ranked 13th in Log Management with 11 reviews while Palo Alto Networks WildFire is ranked 1st in ATP (Advanced Threat Protection) with 19 reviews. NetWitness Platform is rated 7.6, while Palo Alto Networks WildFire is rated 8.2. The top reviewer of NetWitness Platform writes "Economical with good technical support and is easily scalable". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Intuitive, stable, and scalable zero-day threat prevention solution with a machine learning feature". NetWitness Platform is most compared with Splunk, IBM QRadar, RSA enVision, Microsoft Sentinel and AWS Security Hub, whereas Palo Alto Networks WildFire is most compared with Cisco Secure Firewall, Proofpoint Email Protection, Fortinet FortiGate, Juniper SRX and Zscaler Internet Access. See our NetWitness Platform vs. Palo Alto Networks WildFire report.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.