We performed a comparison between NetWitness Platform and RSA enVision based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We have no complaints about the features or functionality."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The product's initial setup phase was not at all difficult."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Offers a good wireless feature."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Performance and reporting are very good."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"Incident management is its most valuable feature."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The AI capabilities must be improved."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The log system is a bit complex and has room for improvement."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The implementation needs assistance."
"It is not so easy to customize this product."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The user interface is a little bit difficult for new users and it needs to be improved."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews. NetWitness Platform is rated 7.4, while RSA enVision is rated 6.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". NetWitness Platform is most compared with Splunk Enterprise Security, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas RSA enVision is most compared with Splunk Enterprise Security and IBM Security QRadar. See our NetWitness Platform vs. RSA enVision report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.