NetWitness Platform vs OpenText Enterprise Security Manager comparison

NetWitness Platform vs. OpenText Enterprise Security Manager

Download the complete report

Helped 868,759 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

30th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (33rd)

OpenText Enterprise Securit...

Ranking in Security Information and Event Management (SIEM)

21st

Average Rating

7.8

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of October 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, up from 0.6% compared to the previous year. The mindshare of OpenText Enterprise Security Manager is 1.6%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
OpenText Enterprise Security Manager	1.6%
NetWitness Platform	0.6%
Other	97.8%

Security Information and Event Management (SIEM)

Featured Reviews

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Ramnesh Dubey

Solutions Architect at Ericsson

Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods

The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's quite economical compared to other solutions in the market."

"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."

"Their technical support responds quickly and are knowledgable."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The most valuable feature is the security that it provides."

"The most valuable feature is the correlation. It can report in real-time and monitor the management."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"The solution is really scalable for the high-end power, enterprise customer."

More NetWitness Platform pros

"Very good real-time reporting with a good dashboard."

"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."

"On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."

"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."

"Once the rules are defined, it becomes easy to detect changes and generate automated logs."

"ArcSight gives us better visibility into threats that were unknown earlier."

"The solution offers very good monitoring."

"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."

More OpenText Enterprise Security Manager pros

Cons

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"The solution should have more integration capabilities with different platforms."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

More NetWitness Platform cons

"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."

"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."

"ArcSight ESM needs to improve performance, user interface, and automation."

"Could benefit from a more modern interface."

"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."

"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."

"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."

"The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight."

More OpenText Enterprise Security Manager cons

Pricing and Cost Advice

"This is a pricey solution; it's not cheap."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"Compared to the competition, the is price is not that high."

"We are on an annual license for the use of the solution."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"It is cheap."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

More NetWitness Platform pricing and cost advice

"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."

"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."

"The product licenses are inexpensive."

"There is a license required for this solution."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"It's a good price, it's one of the cheaper solutions."

"The solution is super expensive. At our organization size and license model, I think the price is average to what anyone else would charge us."

"Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement."

More OpenText Enterprise Security Manager pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

868,759 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Computer Software Company

12%

Comms Service Provider

Performing Arts

Financial Services Firm

14%

Computer Software Company

12%

Manufacturing Company

11%

Performing Arts

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	7
Large Enterprise	20

By reviewers
Company Size	Count
Small Business	37
Midsize Enterprise	14
Large Enterprise	57

Questions from the Community

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...

What do you like most about ArcSight Enterprise Security Manager (ESM)?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?

ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.

IBM Security QRadar vs NetWitness Platform

Comparisons

Compared 24% of the time

Splunk Enterprise Security vs NetWitness Platform

Compared 18% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

USM Anywhere vs NetWitness Platform

Compared 11% of the time

Cisco Secure Network Analytics vs NetWitness Platform

Compared 7% of the time

More NetWitness Platform Competitors

Trellix ESM vs OpenText Enterprise Security Manager

Compared 18% of the time

IBM Security QRadar vs OpenText Enterprise Security Manager

Compared 11% of the time

Splunk Enterprise Security vs OpenText Enterprise Security Manager

Compared 9% of the time

SurfWatch Labs SurfWatch vs OpenText Enterprise Security Manager

Compared 7% of the time

Elastic Security vs OpenText Enterprise Security Manager

Compared 7% of the time

More OpenText Enterprise Security Manager Competitors

Product Reports

NetWitness Platform

Download NetWitness Platform product report

OpenText Enterprise Security Manager

Download OpenText Enterprise Security Manager product report

OpenText Enterprise Security Manager report

Also Known As

RSA Security Analytics

Micro Focus ArcSight, HPE ArcSight, ArcSight

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.

OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.

What are the key features of OpenText Enterprise Security Manager?

Event Correlation Engine: Real-time threat detection with advanced correlation capabilities.
Scalability: Adapts to enterprise-level demands and complex security needs.
Integration: Seamlessly integrates with multiple platforms and third-party tools.
Customizable Dashboards: Tailored views and active lists enhance user experience.
Advanced Alerting: Provides timely incident response and security alerts.

Why should users look for reviews when evaluating OpenText Enterprise Security Manager?

Timely Incident Responses: Fast alerting and action against threats.
User-Friendly Experience: Customizable dashboards simplify monitoring tasks.
Comprehensive Security Management: Integrated log management and threat detection across domains.
Adaptability and Scalability: Supports both on-premises and cloud deployments.

In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.

OpenText

Sample Customers

Los Angeles World Airports, Reply

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

NetWitness Platform vs. OpenText Enterprise Security Manager