NetWitness Platform vs Splunk Enterprise Security comparison

NetWitness Platform vs. Splunk Enterprise Security

Download the complete report

Helped 893,244 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Log Management

38th

Ranking in Security Information and Event Management (SIEM)

39th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Splunk Enterprise Security

Ranking in Log Management

1st

Ranking in Security Information and Event Management (SIEM)

1st

Average Rating

8.4

Reviews Sentiment

7.3

Number of Reviews

387

Ranking in other categories

IT Operations Analytics (1st)

Mindshare comparison

As of May 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.9%, up from 0.6% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.1%, down from 9.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Mindshare Distribution
Product	Mindshare (%)
Splunk Enterprise Security	7.1%
NetWitness Platform	0.9%
Other	92.0%

Security Information and Event Management (SIEM)

Featured Reviews

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

A solid SIEM solution that should improve technical support and online resources to be easier to use

A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Read full review

Sathis-Kumar

Senior Manager at Bank of America

Helps us detect cyber threats quickly and integrate multiple feeds effectively

Overall, the product is good, but when it comes to some infrastructure issues, we have to dig into more logs. There is no straightforward indication of an issue. Health check kind of dashboards are not available. More AI would help us, and more optimization, since security products run more queries. The AI module could suggest solutions, optimizing queries or workload balancing. If the product itself advises on running queries during peak times, it would be similar to what ChatGPT currently offers. We see quite a few issues on stability. Even last week, we faced something, and identifying bottlenecks is not easy. We need more SMEs, and there is no mechanism to tell us about indexer or search head issues. Self-monitoring dashboards could be beneficial. The technical support still requires more improvement. Often, primary support takes a lot of time and forwards most solutions to the engineering side. The primary support team has very limited knowledge to provide.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"NetWitness Platform offers flexibility for deployment and robust integration capabilities."

"The most valuable features are the packet inspection and the automated incident response."

"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Overall, I feel that the product is very good and my biggest complaint is about their support."

"Technical support is very good; they try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner."

"Setting up NetWitness is straightforward; there are multiple connectors, including standard and specialized connectors, with enhanced capability to integrate custom applications, and from there you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"The solution is reliable."

More NetWitness Platform pros

"Splunk Enterprise Security can retain logs for compliance purposes longer than the usual three months."

"The visibility is amazing with easy dashboard creation."

"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."

"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."

"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."

"I appreciate the Identity and Assets framework the most, as well as the threat analysis framework."

"The ability to ingest any data and display it in a way that anyone can understand."

"It has virtual visualization, and other products do not."

More Splunk Enterprise Security pros

Cons

"Health monitoring of the event sources and devices."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"We encountered stability issues in the earlier versions, and much fewer in the newer versions."

"I cannot say that the solution was stable because it tended to crash."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

More NetWitness Platform cons

"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."

"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."

"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."

"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is quite challenging."

"The upgrading process could be smoother."

"Technical support services are lacking, especially after you buy the product."

"I find the process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security to be challenging at times."

"Deployment is not difficult but the lock sources and configurations can take time."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"The product price was reasonable for my region and the market."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The licenses are good but the cost is very expensive."

"Our license is for one year."

"It is cheap."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."

"It’s cheaper to run virtual machines in a VMware environment."

More NetWitness Platform pricing and cost advice

"Splunk Enterprise Security is expensive."

"Splunk is priced higher than other solutions."

"The cost is on the high end, which makes it difficult for some organizations to use."

"The licensing costs are high for Splunk Enterprise Security."

"Licensing is a yearly, one-time cost."

"Our ROI is high."

"Further reductions would be fantastic, and I believe that more and more people would flock to it."

"The variables and the flexibility that Splunk provides are helpful, especially in a hybrid and multi-cloud environment."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

893,244 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

11%

Comms Service Provider

10%

Construction Company

Performing Arts

Financial Services Firm

14%

Manufacturing Company

Computer Software Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	7
Large Enterprise	20

By reviewers
Company Size	Count
Small Business	118
Midsize Enterprise	51
Large Enterprise	269

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

What is your primary use case for NetWitness Platform?

I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

IBM Security QRadar vs NetWitness Platform

Comparisons

Compared 7% of the time

RSA enVision vs NetWitness Platform

Compared 5% of the time

Palo Alto Networks WildFire vs NetWitness Platform

Compared 4% of the time

Elastic Security vs NetWitness Platform

Compared 3% of the time

Sumo Logic Security vs NetWitness Platform

Compared 3% of the time

More NetWitness Platform Competitors

IBM Security QRadar vs Splunk Enterprise Security

Compared 8% of the time

Sentinel vs Splunk Enterprise Security

Compared 5% of the time

Wazuh vs Splunk Enterprise Security

Compared 3% of the time

Elastic Security vs Splunk Enterprise Security

Compared 3% of the time

Dynatrace vs Splunk Enterprise Security

Compared 2% of the time

More Splunk Enterprise Security Competitors

Product Reports

NetWitness Platform

Download NetWitness Platform product report

Splunk Enterprise Security

Download Splunk Enterprise Security product report

Also Known As

RSA Security Analytics

No data available

Overview

NetWitness Platform provides seamless threat intelligence integration and robust log/packet ingestion. It enhances network visibility and incident management through automated threat detection, ideal for enterprises seeking scalability and security intelligence.

NetWitness Platform offers a comprehensive suite of tools designed to tackle security challenges within Security Operations Centers. It integrates data from endpoints, networks, and other sources, ensuring in-depth security analysis. By supporting features like XDR and UEBA, it grants a unified view of security events. Its capabilities extend to threat hunting, malware analysis, and network forensics, assisting organizations in managing incidents, ensuring compliance with regulations like GDPR, and detecting cyber threats. Users appreciate its ease of deployment, flexibility, and threat prediction capabilities, although improvements in integration, documentation, and AI are desired.

What are the key features of NetWitness Platform?

User-friendly Interface: Simplifies security monitoring and management.
Threat Intelligence Integration: Provides seamless access to threat data.
Log/Packet Ingestion and Alerting: Enhances detection and response.
Network Visibility: Improves threat detection across networks.
Incident Management: Streamlines response to security incidents.
Automated Threat Detection: Facilitates quick identification of threats.
Custom Connectors: Allows for tailored integrations.
Advanced Dashboarding and Reporting: Offers detailed insights.
Packet/Incident Correlation: Enhances understanding of threats.

What benefits can users expect when evaluating NetWitness Platform?

Threat Prediction: Anticipates potential vulnerabilities.
Ease of Use: Streamlines user experience.
Deployment Flexibility: Adapts to organizational structure.
Scalability: Supports growing security infrastructure needs.
Security Intelligence: Enhances awareness and response capabilities.

In finance and health sectors, NetWitness Platform aids significantly by providing comprehensive threat analysis, ensuring compliance, and facilitating rapid incident management. Enterprises in these industries benefit by maintaining robust security postures and meeting regulatory demands.

NetWitness

Splunk Enterprise Security delivers powerful log management, rapid searches, and intuitive dashboards, enhancing real-time analytics and security measures. Its advanced machine learning and wide system compatibility streamline threat detection and incident response across diverse IT environments.

Splunk Enterprise Security stands out in security operations with robust features like comprehensive threat intelligence and seamless data integration. Its real-time analytics and customizable queries enable proactive threat analysis and efficient incident response. Integration with multiple third-party feeds allows detailed threat correlation and streamlined data visualization. Users find the intuitive UI and broad compatibility support efficient threat detection while reducing false positives. Despite its strengths, areas such as visualization capabilities and integration processes with cloud environments need enhancement. Users face a high learning curve, and improvements in automation, AI, documentation, and training are desired to maximize its potential.

What Are the Key Features of Splunk Enterprise Security?

Log Management: Efficiently manages and organizes a vast amount of logs for better data handling.
Rapid Data Search: Quickly retrieves relevant data for fast decision-making.
Flexible Dashboards: Customizable dashboards provide clear data visualization.
Comprehensive Threat Intelligence: Offers detailed insights to preemptively defend against threats.
Real-Time Analytics: Analyzes data in real-time to enhance response times.
Integration with Third-Party Feeds: Streamlines information flow from multiple sources.

What Benefits Should Users Investigate in Reviews?

Efficient Incident Response: Enhances the ability to respond promptly to threats.
False Positive Reduction: Minimizes incorrect threat alarms, making monitoring more efficient.
Threat Detection Speed: Accelerates the identification and evaluation of security threats.
Cost-Effectiveness: Potential savings through better licensing options and operational efficiency.
User Adaptability: Enhancements in documentation and training resources aid in overcoming the learning curve.

In specific industries like finance and healthcare, Splunk Enterprise Security is instrumental for log aggregation, SIEM functionalities, and compliance monitoring. Companies leverage its capabilities for proactive threat analysis and response, ensuring comprehensive security monitoring and integration with various tools for heightened operational intelligence.

Splunk

Sample Customers

Los Angeles World Airports, Reply

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

NetWitness Platform vs. Splunk Enterprise Security