We performed a comparison between NetWitness Platform and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The UI of Sentinel is very good and easy to use, even for beginners."
"The connectivity and analytics are great."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is the security that it provides."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"It's quite economical compared to other solutions in the market."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"SolarWinds is easy to configure, and it provides timely alerts."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"SolarWinds Security Event Manager has been generally working well."
"We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The solution should allow for a streamlined CI/CD procedure."
"The implementation needs assistance."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The product's licensing models are complex to understand. This particular area needs improvement."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"We have encountered issues with unresolved crashes."
"It is not so easy to customize this product."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"There are no multiple dashboards which would allow you to see information side-by-side."
"We'd like more customization capabilities."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
More SolarWinds Security Event Manager Pricing and Cost Advice →
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while SolarWinds Security Event Manager is ranked 20th in Security Information and Event Management (SIEM) with 24 reviews. NetWitness Platform is rated 7.4, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Wazuh and Microsoft Defender XDR. See our NetWitness Platform vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
