We performed a comparison between NetWitness Platform and Splunk based on real PeerSpot user reviews.Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"It's very, very versatile."
"The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The solution is really scalable for the high-end power, enterprise customer."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"It's quite economical compared to other solutions in the market."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Offers a good wireless feature."
"The most valuable feature of Splunk is the management and built-in workflows."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"We can easily configure things as required in relation to our use cases."
"It's better than IBM, in my opinion, because it's an independent entity."
"The solution has plenty of features that are good."
"The level of robustness on offer is very good."
"The integration is seamless with many devices and operating systems."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"Technical support could be improved."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The initial setup is complex. There are other solutions that are easier to implement."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The solution should have more integration capabilities with different platforms."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
". Having a trial version or more training on Splunk would be helpful."
"There is improvement needed when importing from some types of data sources."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"The documentation is in definite need of improvement."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"I would like to see more SIEM functionality and a better ticket tool."
"If you monitor too much, you can lose performance on your systems."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
Splunk is a tool that provides log management, security information, and event management solutions that help organizations easily make their machine data accessible, usable, and valuable for everybody. Splunk utilizes operational intelligence to turn machine data into valuable information by monitoring and to analyze all activities.
Splunk is ideal for data monitoring and searching, since it correlates and indexes large volumes of data into a searchable container. This enables users to create alerts, reports, and visualizations in real time. Splunk provides an in-depth, real-time view of the health and performance of all layers of your tech stack so you can optimize your system’s performance by proactively detecting errors and quickly fixing them.
These days, it is becoming more and more difficult to maintain a strong security posture. Cyber attacks are becoming more and more sophisticated, and attackers have access to more entrance points. By implementing Splunk’s threat intelligence tools, you can modernize your security operations in any setting or framework, making your corporate growth more effective and flexible. The advanced visibility that Splunk provides, allows security teams to quickly detect and remove malicious threats in their environment.
Some of the benefits of using Splunk include:
Reviews from Real Users
Splunk stands out among its competitors for a number of reasons. Two major ones are its flexible search query tools and its strong AI capabilities.
A Solutions Consultant at a tech services company notes, “It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.”
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
NetWitness Platform is ranked 13th in Log Management with 11 reviews while Splunk is ranked 1st in Log Management with 63 reviews. NetWitness Platform is rated 7.6, while Splunk is rated 8.2. The top reviewer of NetWitness Platform writes "Economical with good technical support and is easily scalable". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". NetWitness Platform is most compared with IBM QRadar, RSA enVision, Microsoft Sentinel, ArcSight Enterprise Security Manager (ESM) and FireEye Network Security, whereas Splunk is most compared with Microsoft Sentinel, Elastic Security, Wazuh, Dynatrace and AppDynamics. See our NetWitness Platform vs. Splunk report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.