NetWitness Platform Reviews

Name: NetWitness Platform
Brand: NetWitness
Rating: 3.7 (37 reviews)

3.7 out of 5

37 reviews
75% willing to recommend

What is NetWitness Platform?

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

Get the NetWitness Platform Buyer's Guide and find out what your peers are saying about NetWitness Platform, Wazuh, Microsoft Sentinel and more!

NetWitness Platform is the #29 ranked solution in top Security Information and Event Management (SIEM) solutions and #37 ranked solution in Log Management Software. PeerSpot users give NetWitness Platform an average rating of 7.4 out of 10. NetWitness Platform is most commonly compared to Wazuh: NetWitness Platform vs Wazuh. NetWitness Platform is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 861,803 peers since 2012

Featured NetWitness Platform reviews

MOTASHIM Al Razi

CISO at One Bank Limited

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

MdZaman

IT manager at a agriculture with 10,001+ employees

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

Suri Shahar

Security Analyst at HeiTech Padu Berhad

For small to medium-sized organizations, NetWitness Platform will be a suitable option. Most enterprises or larger organizations will likely choose a different platform because NetWitness Platform is no longer listed in Gartner. Additionally, the pricing is too high and is not competitive with Splunk and other products. It is relevant, but they need to set up or hire someone to help them compete with similar products like Slack, QRadar, or Palo Alto. Overall, I rate it a seven out of ten.

Read full review

NetWitness Platform mindshare

Product category:

As of July 2025, the mindshare of NetWitness Platform in the Log Management category stands at 0.3%, down from 0.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

PeerResearch reports based on NetWitness Platform reviews

Type	Title	Date
Category	Log Management	Jul 15, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 15, 2025	Download
Comparison	NetWitness Platform vs Wazuh	Jul 15, 2025	Download
Comparison	NetWitness Platform vs Splunk Enterprise Security	Jul 15, 2025	Download
Comparison	NetWitness Platform vs Datadog	Jul 15, 2025	Download

Title	Rating	Mindshare	Recommending
Wazuh	3.7	13.7%	80%	48 interviews Add to research
Microsoft Sentinel	4.1	N/A	93%	97 interviews Add to research

Valuable Features

NetWitness Platform offers features like real-time correlation, log ingestion, and full packet capture, enabling detailed network traffic analysis. Users appreciate its incident management, automated threat detection, and user-friendly interface. Its advanced capabilities allow creation of custom rules, integration with other tools, and detailed reporting. The platform's security intelligence and threat prediction enhance network forensics. Flexible deployment and efficient analytics are valued, as well as the ability to monitor network devices and data efficiently.

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"NetWitness can be highly beneficial for incident detection and response."
"The product's initial setup phase was not at all difficult."

Room for Improvement

NetWitness Platform would benefit from improved integration with third-party tools, streamlined user interface, and better support for external tools like sandboxes. Enhanced threat detection and centralized management are desired. The setup is complex and the API needs refinement. Users experience challenges with log aggregation and reporting. Improved documentation and ease of use are needed. Additionally, features like machine learning, artificial intelligence, and automated incident responses are recommended. Better customization and reliable support are also sought.

"The product's licensing models are complex to understand. This particular area needs improvement."
"The tool's integration capability isn't so great."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

ROI

NetWitness Platform has proven to be financially beneficial for users. Many have reported positive returns on investment, indicating that the platform has helped them achieve their desired outcomes.

Pricing

NetWitness Platform pricing varies widely based on deployment and usage, often rated as expensive but competitive for enterprise buyers. License structures include perpetual and annual models, factoring in EPS and data volume. Many find virtual machines cost-effective over hardware. Some recommend the full solution for better value. Designated support incurs additional costs. Recent pricing plans are seen as fair, appealing to diverse organizational sizes. Virtual machine adoption has reduced appliance-related expenses.

"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product price was reasonable for my region and the market."
"The product is expensive."

Popular Use Cases

NetWitness Platform is primarily used for network monitoring, threat detection, and security management. Enterprises employ it for log analysis, anomaly identification, and compliance. It supports monitoring across networks, endpoints, and databases. Organization use cases span malware detection, threat prediction, and SOC integrations. They leverage its capabilities for real-time alerts, forensic analysis, and incident management. Its deployment aids in security operations by providing insights from varied data sources, crucial for governance and incident responses.

Service and Support

Customer service for Enterprise Customers is highly rated, while technical support receives mixed feedback, ranging from fast responses but slow escalation to lacking expertise. Some rate it 8/10 for proficiency, while others find them frustrating due to delayed replies. Technical support is considered good, responsive, and professional, though there are challenges with responsibility and international support limitations. Ratings vary, with some users satisfied despite high costs, whereas others find improvement needed in expertise and response times.

Deployment

Initial setup experiences with NetWitness Platform are mixed. Some find it straightforward and quick to deploy, especially with expertise. Others report complexity, requiring professional support to manage integrations and configurations. Duration varies, ranging from two days to several months, influenced by organizational size and complexity. Ongoing maintenance can be demanding, needing skilled personnel and effective resource allocation. Opinions range from easy to intricate, depending on familiarity, environment, and the level of customizations needed.

Scalability

Users generally find NetWitness Platform to be highly scalable, accommodating small to large organizations. It efficiently handles increased capacity and user load. Network deployment is crucial, as metadata flows are significant. While licensing may influence limits, users can expand resources via cloud solutions. Enterprises appreciate its scalability, although specific implementations and hardware considerations might affect performance. Some users rate it below average for scalability due to on-premise hardware demands.

Stability

Users generally find NetWitness Platform stable with reliable performance when systems are properly configured with adequate CPU, RAM, and HDD. However, some note instability during updates and upgrades, particularly with versions prior to 11.3. Earlier versions had stability issues, but recent updates improved performance. A well-sized setup helps, though some users experienced crashes despite technical support. Stability ratings vary, often around seven to nine out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NetWitness Platform Buyer's Guide for additional reliable information.