No more typing reviews! Try our Samantha, our new voice AI agent.

Elastic Security vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
12th
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
66
Ranking in other categories
Endpoint Detection and Response (EDR) (20th), Security Orchestration Automation and Response (SOAR) (10th), Extended Detection and Response (XDR) (12th)
NetWitness Platform
Ranking in Log Management
38th
Ranking in Security Information and Event Management (SIEM)
39th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of May 2026, in the Log Management category, the mindshare of Elastic Security is 3.2%, down from 3.3% compared to the previous year. The mindshare of NetWitness Platform is 1.0%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Elastic Security3.2%
NetWitness Platform1.0%
Other95.8%
Log Management
 

Featured Reviews

Laurentiu Popescu - PeerSpot reviewer
Chief Product Officer at ClusterPower
Has improved threat detection with deep log analysis and streamlined investigation workflows
The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution's most valuable features are anomaly detection and connectivity reporting."
"The stability of the solution is good."
"The most valuable feature is the machine learning capability."
"The solution is free."
"Elastic Security is cost-effective compared to Defender and CrowdStrike."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"In terms of query resolution, error searching finding and production issues, we're able to find issues quicker."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"The most valuable feature is the security that it provides."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Incident management is its most valuable feature."
"Technically speaking, this is a good product."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"NetWitness can be highly beneficial for incident detection and response."
 

Cons

"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature."
"It could use maybe a little more on the Linux side."
"Elastic Security consumes a lot of resources, requiring a substantial deployment setup."
"The solution could offer better reporting features."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"The solution's basic setup takes time, and a lot of effort is required from the beginning to make it actually work."
"The price of this product could be improved, especially the additional costs."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"It is overly complicated. It has taken years to implement and the return on investment just isn't there."
"More customizability is required, which is something that they need to improve on."
"The implementation needs assistance."
"Technical support could be improved."
"I believe they could improve their support, there are often delays."
"The initial setup is very complex and should be simplified."
 

Pricing and Cost Advice

"When compared to other products, the price is average or on the low side."
"There is no charge for using the open-source version."
"Elastic Security is free to use."
"I can say that the product is cheaply priced."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"Affordable but with additional costs"
"We are using the free, open-source version of this solution."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We are on an annual license for the use of the solution."
"Compared to the competition, the is price is not that high."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"Our license is for one year."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"This is a pricey solution; it's not cheap."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
893,244 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Comms Service Provider
9%
Computer Software Company
9%
Government
9%
Financial Services Firm
8%
Financial Services Firm
11%
Comms Service Provider
10%
Construction Company
8%
Performing Arts
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise11
Large Enterprise15
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

Elastic SIEM, ELK Logstash
RSA Security Analytics
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Los Angeles World Airports, Reply
Find out what your peers are saying about Elastic Security vs. NetWitness Platform and other solutions. Updated: April 2026.
893,244 professionals have used our research since 2012.