Try our new research platform with insights from 80,000+ expert users
NetWitness Platform Logo

NetWitness Platform pros and cons

Vendor: NetWitness
3.7 out of 5
Leave a review

Pros & Cons summary

NetWitness Platform enables advanced alerting through real-time event processing using SQL-like statements on logs and packet streams. It excels in network traffic investigation and log correlation to detect malware. With high scalability, it handles vast data amounts, featuring automated incident response and threat prediction. However, its complex architecture complicates troubleshooting, and its integration and licensing require improvement, with lagging threat detection and overwhelming alert aggregation noted as concerns.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

NetWitness Platform offers real-time correlation and alerting capabilities, which are highly valued for threat detection.
The platform allows for scalable deployment with flexible resources, including cloud integration.
NetWitness supports comprehensive logs and packet ingestion, which enables advanced incident investigation and response.
Users appreciate its ability to create custom connectors and rules, enhancing integration and security monitoring.
Technical support is responsive and knowledgeable, providing effective assistance when needed.

CONS

NetWitness Platform has a complex system architecture that can complicate troubleshooting and implementation.
Technical support for NetWitness Platform is considered subpar compared to other solutions.
Initial setup and log aggregation in NetWitness Platform are deemed complex and time-consuming.
More integration capabilities and multi-tenant support are required for NetWitness Platform.
Licensing models in NetWitness Platform are perceived as complex and in need of improvement.
 

NetWitness Platform Pros review quotes

it_user619134 - PeerSpot reviewer
it_user619134
Direct Sales Director at a tech services company with 501-1,000 employees
May 7, 2017
Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network
Read full review
it_user365328 - PeerSpot reviewer
it_user365328
Founder & CEO at a tech services company with 11-50 employees
May 22, 2017
Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements.
Read full review
MH
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
Nov 6, 2018
It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.
Read full review
Buyer's Guide
NetWitness Platform
December 2025
Free Report: NetWitness Platform Reviews and More
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,443 professionals have used our research since 2012.
AV
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
Dec 25, 2018
The most valuable feature is the correlation. It can report in real-time and monitor the management.
Read full review
AV
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
Feb 11, 2019
Their technical support responds quickly and are knowledgable.
Read full review
SrManagee3c6 - PeerSpot reviewer
SrManagee3c6
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Mar 11, 2019
The most valuable features are its ingestion of logs and raising of alerts based on those logs.
Read full review
MH
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
May 22, 2019
The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.
Read full review
HL
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Aug 25, 2019
It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.
Read full review
RD
RamneshDubey
Senior Cyber Security Specialist at a tech vendor with 10,001+ employees
Jan 9, 2020
The most valuable features are the packet decoder, log decoder, and concentrator.
Read full review
AM
AdrianMache
RSA Specialist at a computer software company with 1,001-5,000 employees
Feb 4, 2020
The most valuable features are the integration and ease of use.
Read full review
Show 10 more reviews (out of 33)
 

NetWitness Platform Cons review quotes

it_user619134 - PeerSpot reviewer
it_user619134
Direct Sales Director at a tech services company with 501-1,000 employees
May 7, 2017
The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.
Read full review
it_user365328 - PeerSpot reviewer
it_user365328
Founder & CEO at a tech services company with 11-50 employees
May 22, 2017
Health monitoring of the event sources and devices.
Read full review
MH
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
Nov 6, 2018
We have encountered issues with unresolved crashes.
Read full review
Buyer's Guide
NetWitness Platform
December 2025
Free Report: NetWitness Platform Reviews and More
Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,443 professionals have used our research since 2012.
AV
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
Dec 25, 2018
The implementation needs assistance.
Read full review
AV
Allan Vargas
IT security specialist at a comms service provider with 201-500 employees
Feb 11, 2019
The initial setup was complex because it takes a lot of time to complete the implementation.
Read full review
SrManagee3c6 - PeerSpot reviewer
SrManagee3c6
Sr Manager InfoSecurity at a healthcare company with 10,001+ employees
Mar 11, 2019
I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.
Read full review
MH
Maor Hojberg
Team Leader & Head of MSSP at We Ankor
May 22, 2019
The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together.
Read full review
HL
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Aug 25, 2019
They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.
Read full review
RD
RamneshDubey
Senior Cyber Security Specialist at a tech vendor with 10,001+ employees
Jan 9, 2020
Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance.
Read full review
AM
AdrianMache
RSA Specialist at a computer software company with 1,001-5,000 employees
Feb 4, 2020
The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly.
Read full review
Show 10 more reviews (out of 33)

Product Categories

Product Categories
Log Management
Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons
Wazuh vs NetWitness Platform Logo
Wazuh vs NetWitness Platform
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Microsoft Sentinel vs NetWitness Platform Logo
Microsoft Sentinel vs NetWitness Platform
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Cribl vs NetWitness Platform Logo
Cribl vs NetWitness Platform
Security Onion vs NetWitness Platform Logo
Security Onion vs NetWitness Platform
Rapid7 InsightIDR vs NetWitness Platform Logo
Rapid7 InsightIDR vs NetWitness Platform
Elastic Stack vs NetWitness Platform Logo
Elastic Stack vs NetWitness Platform
LogRhythm SIEM vs NetWitness Platform Logo
LogRhythm SIEM vs NetWitness Platform
Fortinet FortiSIEM vs NetWitness Platform Logo
Fortinet FortiSIEM vs NetWitness Platform
AlienVault OSSIM vs NetWitness Platform Logo
AlienVault OSSIM vs NetWitness Platform
Exabeam vs NetWitness Platform Logo
Exabeam vs NetWitness Platform
syslog-ng vs NetWitness Platform Logo
syslog-ng vs NetWitness Platform
Securonix Next-Gen SIEM vs NetWitness Platform Logo
Securonix Next-Gen SIEM vs NetWitness Platform
See all alternatives

Product Categories

Product Categories
Log Management
Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons
Wazuh vs NetWitness Platform Logo
Wazuh vs NetWitness Platform
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Microsoft Sentinel vs NetWitness Platform Logo
Microsoft Sentinel vs NetWitness Platform
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Cribl vs NetWitness Platform Logo
Cribl vs NetWitness Platform
Security Onion vs NetWitness Platform Logo
Security Onion vs NetWitness Platform
Rapid7 InsightIDR vs NetWitness Platform Logo
Rapid7 InsightIDR vs NetWitness Platform
Elastic Stack vs NetWitness Platform Logo
Elastic Stack vs NetWitness Platform
LogRhythm SIEM vs NetWitness Platform Logo
LogRhythm SIEM vs NetWitness Platform
Fortinet FortiSIEM vs NetWitness Platform Logo
Fortinet FortiSIEM vs NetWitness Platform
AlienVault OSSIM vs NetWitness Platform Logo
AlienVault OSSIM vs NetWitness Platform
Exabeam vs NetWitness Platform Logo
Exabeam vs NetWitness Platform
syslog-ng vs NetWitness Platform Logo
syslog-ng vs NetWitness Platform
Securonix Next-Gen SIEM vs NetWitness Platform Logo
Securonix Next-Gen SIEM vs NetWitness Platform
See all alternatives
Related questions
  • 30
When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
  • 607
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
  • 36
Which Windows event log monitoring tool do you recommend?
  • 41
What is the difference between log management and SIEM?
  • 34
Splunk vs. Elastic Stack
  • 13
How can Cloudtrail logs be used effectively to improve log monitoring?
  • 136
Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
  • 136
When evaluating Log Management solutions, what aspect do you think is the most important to look for?
  • 17
When evaluating Log Management solutions, what aspects do you think are the most important to look for?
  • 19
Why are Log Management tools important for companies?