Try our new research platform with insights from 80,000+ expert users

NetWitness Platform vs Security Onion comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Log Management
22nd
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Security Information and Event Management (SIEM) (22nd)
Security Onion
Ranking in Log Management
18th
Average Rating
7.6
Reviews Sentiment
5.5
Number of Reviews
3
Ranking in other categories
AWS Marketplace (5th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. The mindshare of Security Onion is 5.7%, up from 2.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.
Jörg Kippe - PeerSpot reviewer
A mature and affordable solution that is easy to install and easy to update
The product takes time to learn, it's not that easy. In the beginning we had a lot of questions. If you want to use such a tool in an real (industrial) environment, you have to ask how to get the network data. Can we do a full packet capture? Can we provide agents to our end systems? There are no simple solutions to these questions. It's a general problem when running such systems in an industrial environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The product's initial setup phase was not at all difficult."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable features are the integration and ease of use."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Security Onion is the most mature solution in the market."
"We use Security Onion for internal vulnerability assessment."
"The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."
 

Cons

"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"More customizability is required, which is something that they need to improve on."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The product is not easy to learn."
"The initial setup of the solution is a little bit difficult."
"Security Onion's user interface could be improved."
 

Pricing and Cost Advice

"Compared to the competition, the is price is not that high."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"It is cheap."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"The licenses are good but the cost is very expensive."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"Our license is for one year."
"This is a pricey solution; it's not cheap."
"Security Onion is an open-source solution."
"It is an open-source solution."
"Security Onion is a free solution."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
17%
Government
6%
Insurance Company
6%
Computer Software Company
12%
University
11%
Government
11%
Comms Service Provider
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
What do you like most about Security Onion?
The most valuable feature of Security Onion for security monitoring is its ability to find infected ports.
What is your experience regarding pricing and costs for Security Onion?
Security Onion is an open-source solution. On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.
What needs improvement with Security Onion?
The initial setup of the solution is a little bit difficult.
 

Also Known As

RSA Security Analytics
No data available
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
Information Not Available
Find out what your peers are saying about NetWitness Platform vs. Security Onion and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.