Try our new research platform with insights from 80,000+ expert users

NetWitness Platform pros and cons

Vendor: NetWitness

3.7 out of 5

37 reviews
75% willing to recommend

2,208 followers

Pros & Cons summary

NetWitness Platform enables advanced alerting through real-time event processing using SQL-like statements on logs and packet streams. It excels in network traffic investigation and log correlation to detect malware. With high scalability, it handles vast data amounts, featuring automated incident response and threat prediction. However, its complex architecture complicates troubleshooting, and its integration and licensing require improvement, with lagging threat detection and overwhelming alert aggregation noted as concerns.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

NetWitness Platform offers real-time correlation and alerting capabilities, which are highly valued for threat detection.

The platform allows for scalable deployment with flexible resources, including cloud integration.

NetWitness supports comprehensive logs and packet ingestion, which enables advanced incident investigation and response.

Users appreciate its ability to create custom connectors and rules, enhancing integration and security monitoring.

Technical support is responsive and knowledgeable, providing effective assistance when needed.

CONS

NetWitness Platform has a complex system architecture that can complicate troubleshooting and implementation.

Technical support for NetWitness Platform is considered subpar compared to other solutions.

Initial setup and log aggregation in NetWitness Platform are deemed complex and time-consuming.

More integration capabilities and multi-tenant support are required for NetWitness Platform.

Licensing models in NetWitness Platform are perceived as complex and in need of improvement.

NetWitness Platform Pros review quotes

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

Aug 21, 2023

NetWitness Platform is valuable for creating rules that the solution must detect.

Read full review

MS

Mahesh Suryawanshi

Program Manager at EGYANAM TECH

Sep 1, 2021

It's quite economical compared to other solutions in the market.

Read full review

RD

Senior Cyber Security Specialist at HCL Technologies

Jan 9, 2020

The most valuable features are the packet decoder, log decoder, and concentrator.

Read full review

NetWitness Platform

Free Report: NetWitness Platform Reviews and More

Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

842,592 professionals have used our research since 2012.

HL

Information Technology Security Architect at a financial services firm with 5,001-10,000 employees

Aug 25, 2019

It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.

Read full review

Director at ST

Apr 8, 2023

In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing.

Read full review

Direct Sales Director at a tech services company with 501-1,000 employees

May 7, 2017

Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network

Read full review

VG

IT Security Head with 1,001-5,000 employees

Jan 19, 2020

The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it.

Read full review

reviewer1926666

Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees

Jul 27, 2022

I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.

Read full review

Rafał Popielski

Solution Architect at NASK

Feb 7, 2024

NetWitness can be highly beneficial for incident detection and response.

Read full review

MH

Team Leader & Head of MSSP at We Ankor

May 22, 2019

The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.

Read full review

Show 10 more reviews (out of 35)

NetWitness Platform Cons review quotes

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

Aug 21, 2023

There is no support for this product in this country, so problems have to be resolved through global technical teams.

Read full review

MS

Mahesh Suryawanshi

Program Manager at EGYANAM TECH

Sep 1, 2021

The initial setup is complex. There are other solutions that are easier to implement.

Read full review

RD

Senior Cyber Security Specialist at HCL Technologies

Jan 9, 2020

Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance.

Read full review

NetWitness Platform

Free Report: NetWitness Platform Reviews and More

Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

842,592 professionals have used our research since 2012.

HL

Information Technology Security Architect at a financial services firm with 5,001-10,000 employees

Aug 25, 2019

They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.

Read full review

Director at ST

Apr 8, 2023

I believe that integrating the solution with other products such as Oracle would be beneficial.

Read full review

Direct Sales Director at a tech services company with 501-1,000 employees

May 7, 2017

The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.

Read full review

VG

IT Security Head with 1,001-5,000 employees

Jan 19, 2020

The initial setup is very complex and should be simplified.

Read full review

reviewer1926666

Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees

Jul 27, 2022

Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine.

Read full review

Rafał Popielski

Solution Architect at NASK

Feb 7, 2024

The product's licensing models are complex to understand. This particular area needs improvement.

Read full review

MH

Team Leader & Head of MSSP at We Ankor

May 22, 2019

The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together.

Read full review

Show 10 more reviews (out of 34)

Product Categories

Product Categories

Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons

Splunk Enterprise Security vs NetWitness Platform

IBM Security QRadar vs NetWitness Platform

Elastic Security vs NetWitness Platform

Security Onion vs NetWitness Platform

LogRhythm SIEM vs NetWitness Platform

USM Anywhere vs NetWitness Platform

DNIF HYPERCLOUD vs NetWitness Platform

See all alternatives

Product Categories

Product Categories

Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons

Splunk Enterprise Security vs NetWitness Platform

IBM Security QRadar vs NetWitness Platform

Elastic Security vs NetWitness Platform

Security Onion vs NetWitness Platform

LogRhythm SIEM vs NetWitness Platform

USM Anywhere vs NetWitness Platform

DNIF HYPERCLOUD vs NetWitness Platform

See all alternatives

Related questions

31

When evaluating Log Management tools and software, what aspect do you think is the most important to look for?

3,047

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?

73

Which Windows event log monitoring tool do you recommend?

261

What is the difference between log management and SIEM?

40

Splunk vs. Elastic Stack

37

How can Cloudtrail logs be used effectively to improve log monitoring?

350

Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?

105

When evaluating Log Management solutions, what aspect do you think is the most important to look for?

13

When evaluating Log Management solutions, what aspects do you think are the most important to look for?

15

Why are Log Management tools important for companies?