Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs NetWitness Platform comparison

Microsoft and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. Microsoft is ranked #2 with an average rating of 8.4, while NetWitness is ranked #24 with an average rating of 7.8. Microsoft holds a 10.8% mindshare in SIEM, compared to NetWitness’s 0.6% mindshare. Additionally, 93% of Microsoft users are willing to recommend the solution, compared to 74% of NetWitness users who would recommend it.
Microsoft Sentinel
Read 89 Microsoft Sentinel reviews
  • 23,840 Views
  • 13,739 Comparison Views
93% willing to recommend
NetWitness Platform
Read 36 NetWitness Platform reviews
  • 1,404 Views
  • 910 Comparison Views
74% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Microsoft Sentinel are leading solutions in cybersecurity. Based on user reviews, Microsoft Sentinel often stands out due to its comprehensive features and integration capabilities, making it a preferred choice despite potentially higher costs.

Features: NetWitness Platform is praised for its robust threat detection and response capabilities. It offers in-depth packet capture and session analysis, providing granular visibility into network activity. The platform also includes behavior analytics to detect threats based on deviations from normal patterns. Microsoft Sentinel features advanced AI-driven analytics, automating threat detection and response processes. It includes seamless integration with other Microsoft products, enhancing its utility in Microsoft-centric environments. Additionally, Sentinel offers built-in orchestration and automation for streamlined security operations.

Room for Improvement: Users suggest that NetWitness Platform could benefit from enhanced scalability, more intuitive navigation, and better integration with third-party tools. Microsoft Sentinel users request improved alerting mechanisms, more customizable reporting options, and a more user-friendly interface. While suggestions for NetWitness are aimed at usability enhancements, Sentinel users focus on functional refinements.

Ease of Deployment and Customer Service: NetWitness Platform is noted for its straightforward deployment process and reliable customer support. Microsoft Sentinel receives positive feedback for deployment, especially in cloud environments, but some users find its initial setup complex. Customer service for Sentinel garners mixed reviews, with some users experiencing delays in support.

Pricing and ROI: NetWitness Platform is generally seen as requiring a significant initial investment, but users report good ROI over time. Microsoft Sentinel is perceived as more expensive, yet users feel the comprehensive feature set and integration justify the cost, leading to a strong ROI. Pricing strategies differ, with Sentinel's flexible cloud-based pricing appealing to many users. Differences in perceived value highlight each product's pricing strategy and return on investment dynamics.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Sentinel vs. NetWitness Platform Report (Updated: October 2024).
Buyer's Guide
Microsoft Sentinel vs. NetWitness Platform
October 2024
Download the complete report
Helped 816,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

Sentiment score
7.3
Microsoft Sentinel support is generally positive, with mixed reviews on responsiveness and the necessity for premium support tiers.
No sentiment score available
 

Room For Improvement

Sentiment score
5.0
Microsoft Sentinel users want better integration, more tools, improved UI, clearer documentation, reduced costs, and enhanced alert system.
No sentiment score available
 

Scalability Issues

Sentiment score
8.1
Microsoft Sentinel offers scalable, automatic resource adjustments, multi-region support, and extensive data integration, adapting to diverse organizational needs.
No sentiment score available
 

Setup Cost

Sentiment score
5.2
Microsoft Sentinel offers value through integration but requires careful cost management due to its complex, consumption-based pricing model.
No sentiment score available
 

Stability Issues

Sentiment score
8.4
Microsoft Sentinel is highly stable and reliable, with 99.9% availability, despite some integration and log ingestion issues.
No sentiment score available
 

Valuable Features

Sentiment score
8.5
Microsoft Sentinel offers seamless integration, automation, AI capabilities, and scalable threat detection, enhancing security with cost-effectiveness and efficient monitoring.
No sentiment score available
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
2nd
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
89
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
7.4
Reviews Sentiment
7.5
Number of Reviews
36
Ranking in other categories
Log Management (25th)
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 10.8%, down from 12.8% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
Read full review
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
816,406 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
Financial Services Firm
18%
Computer Software Company
17%
Government
8%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
See all answers
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 20% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 10% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 7% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Google Chronicle Suite vs Microsoft Sentinel Logo
Google Chronicle Suite vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 34% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 16% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 14% of the time
Cisco Secure Network Analytics vs NetWitness Platform Logo
Cisco Secure Network Analytics vs NetWitness Platform
Compared 11% of the time
Trellix Network Detection and Response vs NetWitness Platform Logo
Trellix Network Detection and Response vs NetWitness Platform
Compared 6% of the time
More NetWitness Platform Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
November 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
NetWitness Platform
November 2024
NetWitness Platform reportDownload NetWitness Platform product report
 

Also Known As

Azure Sentinel
RSA Security Analytics
 

Learn More

Microsoft
Video not available
NetWitness
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Los Angeles World Airports, Reply
Buyer's Guide
Microsoft Sentinel vs. NetWitness Platform
October 2024
Free Report: Microsoft Sentinel vs. NetWitness Platform
Find out what your peers are saying about Microsoft Sentinel vs. NetWitness Platform and other solutions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
See our Microsoft Sentinel vs. NetWitness Platform report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.