We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The most valuable features are the threat prediction and network forensics."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The most valuable features are the integration and ease of use."
"The most valuable feature is the hunting ability to work in a CERT."
"Offers a good wireless feature."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"The flexibility of the solution is quite good."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Splunk's visualizations make it easy for users to understand the data."
"It has a rapid response search environment in the event of an incident."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"The initial setup is pretty straightforward."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The tool's integration capability isn't so great."
"The support that is included with the standard licensing fee is very bad."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"An improved user interface along with multi-tenancy support would be beneficial."
"While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"We had some connections issues with the solution at the beginning."
"The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
