No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Sumo Logic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Log Management
38th
Ranking in Security Information and Event Management (SIEM)
39th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
Sumo Logic Security
Ranking in Log Management
20th
Ranking in Security Information and Event Management (SIEM)
22nd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
25
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (13th)
 

Mindshare comparison

As of May 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.9%, up from 0.6% compared to the previous year. The mindshare of Sumo Logic Security is 1.7%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Sumo Logic Security1.7%
NetWitness Platform0.9%
Other97.4%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
MR
Senior Security Analyst at City Electric Supply Company
Security insights have enabled faster incident response and streamlined cross-team collaboration
To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Technically speaking, this is a good product."
"Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"This solution has a very good dashboard with a separate tab for incidents and alerts."
"The most valuable feature is the security that it provides."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"Sumo Logic Security offers a single dashboard and customization, which are the most valuable features."
"There are a lot of things we like about this product."
"Sumo Logic Security has positively impacted my organization by increasing engagement with different teams."
"Technical support is always great."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"We can integrate threat intelligence solutions into the product."
 

Cons

"More customizability is required, which is something that they need to improve on."
"Advance monitoring and alerting feature is not stable (Event Stream Analysis)."
"The initial setup is complex. There are other solutions that are easier to implement."
"Technical support could be improved."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"More customizability is required, which is something that they need to improve on."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"It took a bit of trial and error to get it set up correctly based on everything we had to do."
"If you want to up your subscription through the AWS Marketplace, it can be difficult."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk."
"This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations."
"A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking."
"The initial setup is the most stressful, like learning how to use it."
 

Pricing and Cost Advice

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"The product price was reasonable for my region and the market."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"The pricing is good. It's not an issue for us."
"The pricing is a little high, but for the features that we receive from Sumo Logic, it suits the price. For some small organizations, the price might be a little high."
"We chose to go through the AWS Marketplace because it makes it a lot easier when we bill our customers. Rather than having to get multiple different sources of information then correlate a monthly bill for our customers, it is just included in the AWS usage charges."
"I don't pay the bill. I've heard the AWS Marketplace pricing is high, but I like the value."
"Purchasing Sumo Logic through the AWS Marketplace was a simple step."
"The AWS Marketplace pricing is borderline. Every annual renewal, we always contemplate if we are getting what we think we could out of it or could we do it cheaper with some other product."
"Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products."
"Purchasing the solution through the AWS Marketplace is very easy."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
893,244 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Comms Service Provider
10%
Construction Company
8%
Performing Arts
7%
Manufacturing Company
12%
Financial Services Firm
10%
Outsourcing Company
9%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise5
Large Enterprise14
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
What is your experience regarding pricing and costs for Sumo Logic Security?
I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to fin...
What needs improvement with Sumo Logic Security?
I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few la...
 

Also Known As

RSA Security Analytics
No data available
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
Information Not Available
Find out what your peers are saying about NetWitness Platform vs. Sumo Logic Security and other solutions. Updated: April 2026.
893,244 professionals have used our research since 2012.