NetWitness Platform Reviews

Name: NetWitness Platform
Brand: NetWitness
Rating: 3.7 (36 reviews)

3.7 out of 5

36 reviews
74% willing to recommend

2,207 followers

What is NetWitness Platform?

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

Get the NetWitness Platform Buyer's Guide and find out what your peers are saying about NetWitness Platform, Splunk Enterprise Security, IBM Security QRadar and more!

NetWitness Platform is the #22 ranked solution in Log Management Software and #23 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give NetWitness Platform an average rating of 7.4 out of 10. NetWitness Platform is most commonly compared to Splunk Enterprise Security: NetWitness Platform vs Splunk Enterprise Security. NetWitness Platform is popular among the large enterprise segment, accounting for 71% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.

Helped 839,422 peers since 2012

Featured NetWitness Platform reviews

MdZaman

IT manager at a agriculture with 10,001+ employees

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

MOTASHIM Al Razi

CISO at One Bank Limited

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Rafał Popielski

Solution Architect at NASK

The most valuable feature of the NetWitness Platform, as I've found through occasional engagements, is its Total Customer Ownership (TOC) approach. It encompasses having a unified engine and database where all collected information, including logs, network traffic, and endpoint data, is correlated and analyzed. This centralized database enables efficient analysis and correlation of security events aided by artificial intelligence algorithms. Additionally, customers can develop custom parsers to integrate new data sources into the database, enhancing its speed and reliability.

Read full review

NetWitness Platform mindshare

Product category:

As of March 2025, the mindshare of NetWitness Platform in the Log Management category stands at 0.3%, down from 0.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

PeerAnalyst reports based on NetWitness Platform reviews

Type	Title	Date
Category	Log Management	Mar 4, 2025	Download
Product	Reviews, tips, and advice from real users	Mar 4, 2025	Download
Comparison	NetWitness Platform vs Wazuh	Mar 4, 2025	Download
Comparison	NetWitness Platform vs Splunk Enterprise Security	Mar 4, 2025	Download
Comparison	NetWitness Platform vs Datadog	Mar 4, 2025	Download

Title	Rating	Mindshare	Recommending
Splunk Enterprise Security	4.2	7.6%	93%	305 interviews Add to research
IBM Security QRadar	4.0	3.9%	90%	207 interviews Add to research

Valuable Features

NetWitness Platform can monitor network traffic, logs, and network captures, making it easy to pinpoint and correlate information. The solution's alerts and correlation tools are also helpful for identifying incidents and malware. The incident management feature is also highly valued. The SSA console is user-friendly and doesn't require learning another language. Additionally, the newer version has good mapping, and the solution is scalable and economically priced. Technical support is also highly praised by users.

"NetWitness can be highly beneficial for incident detection and response."
"The product's initial setup phase was not at all difficult."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

Room for Improvement

Improvements that could be made to the NetWitness Platform include better integration with other products, a more user-friendly interface, simplification of the log system, enhancing threat detection and alert capabilities, and improving database search. Other enhancements include adding log storage and threat intelligence features, automating security incident response, providing more precise logs when integrating with Windows-based systems, and automating reviews for compliance control requirements. The installation process could also be simplified.

"The product's licensing models are complex to understand. This particular area needs improvement."
"The tool's integration capability isn't so great."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

ROI

NetWitness Platform has proven to be financially beneficial for users. Many have reported positive returns on investment, indicating that the platform has helped them achieve their desired outcomes.

Pricing

The NetWitness Platform may not be affordable for small and medium-sized businesses, but it is less costly than some SIEM solutions. Licensing costs are based on the volume of EPS and can be subscription-based or perpetual. There is only one licensing model and hardware included in the price.

"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product price was reasonable for my region and the market."
"The product is expensive."

Popular Use Cases

Customers use NetWitness Platform to monitor security alerts by ingesting logs from all their assets. It is also used to create correlation rules to identify potential breaches or hacking attempts and receive notifications through the dashboard. The solution is employed for incident management, compliance and governance, network forensics, and to integrate with applications and systems like firewalls and routers. RSA NetWitness Logs and Packets are used for monitoring scenarios, insider threat analysis, and log retention.

Service and Support

Some users find the technical support staff to be responsive and helpful, while others feel that they lack expertise and knowledge about the product. Some users have had unresolved issues with database management. The availability of around-the-clock support is appreciated.

Deployment

The initial setup for NetWitness Platform is complex and requires knowledge. It involves preparing hardware boxes, configuring log sources, and generating metadata. Correlation rules and alerts are crucial for effective monitoring. Reviewer ratings of the setup process range from three out of 10 to six or seven out of 10.

Configuring it can be complex. There are multiple connectors, including standard and specialized connectors, but the complexity of the deployment depends on the amount and type of log sources. Support is recommended.

It is important to continuously monitor and maintain the solution.

Scalability

The scalability of the NetWitness Platform varies on factors such as the storage capacity of the servers it is deployed on and the size of the organization using it. Some reviewers rate its scalability as high, while others suggest that it could be improved. The solution is considered scalable for enterprise customers and larger organizations, but may not be as suitable for small organizations. It is also noted that the solution can be scaled in the cloud, but may require additional workers and hardware procurement for on-premises scaling.

Stability

The NetWitness Platform solution is stable and reliable, with some minor issues when integrating with Windows-based systems or performing updates and upgrades. The stability ultimately depends on how well the site is set up and the performance may suffer if CPU and OS utilization is too high. While not rated as great compared to other products like Splunk and QRadar, it is a good solution.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NetWitness Platform Buyer's Guide for additional reliable information.