No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Sumo Logic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
37th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
Sumo Logic Security
Ranking in Log Management
21st
Ranking in Security Information and Event Management (SIEM)
20th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
25
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (13th)
 

Mindshare comparison

As of June 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. The mindshare of Sumo Logic Security is 1.6%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Sumo Logic Security1.6%
NetWitness Platform1.0%
Other97.4%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
MR
Senior Security Analyst at City Electric Supply Company
Security insights have enabled faster incident response and streamlined cross-team collaboration
To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the hunting ability to work in a CERT."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Their technical support responds quickly and are knowledgable."
"Offers a good wireless feature."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"Overall, I feel that the product is very good and my biggest complaint is about their support."
"Technically speaking, this is a good product."
"We can integrate threat intelligence solutions into the product."
"The solution is quite stable."
"Technical support is always great."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"I would recommend Sumo Logic; it is easy to use, the culture at Sumo Logic seems to be developer focused, the product is good, the developers are able to use it to get their job done quickly and easily, it fits into the developer's workload, the support is excellent, and we use it in both AWS and on-premise where it tends to work the same in both cases."
"Sumo Logic does give a lot of monitoring ability, even ingesting logs and integrating dashboard reports."
 

Cons

"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The solution should have more integration capabilities with different platforms."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions."
"It is overly complicated. It has taken years to implement and the return on investment just isn't there."
"More customizability is required, which is something that they need to improve on."
"The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk; they are much easier to set up."
"Technical support could be improved."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"The integration with multiple sources could be better."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"A more transparent roadmap as to what Sumo Logic Security is trying to achieve would be beneficial. Sumo often gives information in three-month cycles, which makes it hard for planning purposes."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"If you want to up your subscription through the AWS Marketplace, it can be difficult."
 

Pricing and Cost Advice

"We are on an annual license for the use of the solution."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"Compared to the competition, the is price is not that high."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"It is cheap."
"The product is expensive."
"Our license is for one year."
"The pricing is a little high, but for the features that we receive from Sumo Logic, it suits the price. For some small organizations, the price might be a little high."
"The pricing is good. It's not an issue for us."
"The price scaling comes in a bit expensive."
"Purchasing the solution through the AWS Marketplace is very easy."
"Purchasing Sumo Logic through the AWS Marketplace was a simple step."
"The only limit to the scalability of the product for us is how much we are willing to pay."
"If we went to ELK Stack, which is open source, it would have been less costly, but it would have required more development from our side."
"Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
Manufacturing Company
12%
Financial Services Firm
11%
Outsourcing Company
10%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise16
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
What is your experience regarding pricing and costs for Sumo Logic Security?
I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to fin...
What needs improvement with Sumo Logic Security?
I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few la...
 

Also Known As

RSA Security Analytics
No data available
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
Information Not Available
Find out what your peers are saying about NetWitness Platform vs. Sumo Logic Security and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.