Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
7.4
Number of Reviews
36
Ranking in other categories
Log Management (25th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 10.8%, down from 12.8% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Nitin Arora - PeerSpot reviewer
Nov 2, 2022
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
MdZaman - PeerSpot reviewer
Oct 22, 2021
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The query language of Microsoft Sentinel is easy to understand and use."
"The product can integrate with any device."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable feature is the security that it provides."
"The solution is really scalable for the high-end power, enterprise customer."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature is the hunting ability to work in a CERT."
 

Cons

"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The troubleshooting has room for improvement."
"The solution should allow for a streamlined CI/CD procedure."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"We have encountered issues with unresolved crashes."
"The initial setup is very complex and should be simplified."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
 

Pricing and Cost Advice

"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."
"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
"Microsoft Sentinel is included in our E5 license."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"The licenses are good but the cost is very expensive."
"The product is expensive."
"It is cheap."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
Financial Services Firm
17%
Computer Software Company
17%
Government
7%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
 

Also Known As

Azure Sentinel
RSA Security Analytics
 

Learn More

Video not available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Los Angeles World Airports, Reply
Find out what your peers are saying about Microsoft Sentinel vs. NetWitness Platform and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.