NetWitness Platform vs Splunk Enterprise Security comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

NetWitness Platform
Ranking in Log Management
Ranking in Security Information and Event Management (SIEM)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
Ranking in Security Information and Event Management (SIEM)
Average Rating
Number of Reviews
Ranking in other categories
IT Operations Analytics (1st)

Mindshare comparison

As of June 2024, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 1.2%, up from 1.1% compared to the previous year. The mindshare of Splunk Enterprise Security is 13.7%, down from 14.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
Log Management
IT Operations Analytics

Featured Reviews

Oct 30, 2020
Good packet inspection and automated incident response, but it needs to be more customizable
We are using this solution for security The most valuable features are the packet inspection and the automated incident response. More customizability is required, which is something that they need to improve on. When it comes to starting a log event, there are not many options available. It is…
Surya Ambavarapu - PeerSpot reviewer
May 16, 2024
Helps streamline incident responses, provide visibility into our environment, and reduce alert volume
Splunk has streamlined our incident response by automating key processes. For instance, alerts trigger upon exceeding three failed login attempts, automatically assigning tickets for review. Similarly, unauthorized access attempts from unfamiliar regions are automatically blocked. These automated data-driven responses significantly improve our overall incident response efficiency. The customizable dashboards offer great visualization and extra add-ons. Splunk Enterprise Security helps us to easily monitor multiple cloud environments. Mission Control lets us monitor and manage our security from a single panel. Based on my short experience, I would rate Splunk Enterprise Security eight out of ten for its ability to analyze malicious activity. Splunk Enterprise Security helps reduce our alert volume. Splunk Enterprise Security streamlines our security investigations by providing a central platform and offering a growing library of add-ons that expand our investigative capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"The newer 11.5 version that my team is using has found it to have good mapping."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The most valuable features are the packet inspection and the automated incident response."
"The product's initial setup phase was not at all difficult."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Offers a good wireless feature."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The solution has proven to be quite stable."
"UBA, User Behavior Analytics, is a key feature."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"It is very stable. We have not had any problems."
"Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
"The product is good, it satisfies our customers."
"The speed of the search engine"


"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The implementation needs assistance."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Health monitoring of the event sources and devices."
"The product's licensing models are complex to understand. This particular area needs improvement."
"Licensing costs can be a barrier for those with limited budgets."
"Splunk Enterprise Security is complicated in terms of developing specific cybersecurity use cases."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The solution could improve by giving more email details."
"The documentation is in definite need of improvement."

Pricing and Cost Advice

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"It is cheap."
"It’s cheaper to run virtual machines in a VMware environment."
"I am not personally involved with the pricing of the solution."
"It is pretty straightforward and based on the sizing. If I compare it with other competitors, it makes sense."
"Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive."
"As a team, we prefer the old pricing model with a perpetual license. We are still evaluating the whole subscription-based model."
"It is a bit costly."
"Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
"We have an unlimited one, and we pay yearly, but I don't know how much it costs. Previously, I worked for a startup, and when they started building it up, it was complicated for them because they didn't have the budget for that many licenses. It was very costly for them. So, startups might find it a little bit problematic because of the licensing, but for bigger companies, there is no issue."
"We have had a reduction in the time it takes to resolve issues and correlate what has failed."
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
787,779 professionals have used our research since 2012.

Comparison Review

Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Insurance Company
Financial Services Firm
Computer Software Company
Manufacturing Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

Also Known As

RSA Security Analytics
No data available

Learn More

Video not available



Sample Customers

Los Angeles World Airports, Reply
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about NetWitness Platform vs. Splunk Enterprise Security and other solutions. Updated: June 2024.
787,779 professionals have used our research since 2012.