No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform pros and cons

Vendor: NetWitness

3.7 out of 5

36 reviews
75% willing to recommend

Pros & Cons summary

NetWitness Platform enables advanced alerting through real-time event processing using SQL-like statements on logs and packet streams. It excels in network traffic investigation and log correlation to detect malware. With high scalability, it handles vast data amounts, featuring automated incident response and threat prediction. However, its complex architecture complicates troubleshooting, and its integration and licensing require improvement, with lagging threat detection and overwhelming alert aggregation noted as concerns.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

NetWitness Platform offers real-time correlation and alerting capabilities, which are highly valued for threat detection.

The platform allows for scalable deployment with flexible resources, including cloud integration.

NetWitness supports comprehensive logs and packet ingestion, which enables advanced incident investigation and response.

Users appreciate its ability to create custom connectors and rules, enhancing integration and security monitoring.

Technical support is responsive and knowledgeable, providing effective assistance when needed.

CONS

NetWitness Platform has a complex system architecture that can complicate troubleshooting and implementation.

Technical support for NetWitness Platform is considered subpar compared to other solutions.

Initial setup and log aggregation in NetWitness Platform are deemed complex and time-consuming.

More integration capabilities and multi-tenant support are required for NetWitness Platform.

Licensing models in NetWitness Platform are perceived as complex and in need of improvement.

NetWitness Platform Pros review quotes

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

Aug 21, 2023

NetWitness Platform is valuable for creating rules that the solution must detect.

Read full review

reviewer1130436

Information Technology Security and Infrastructure Expert at a government with 201-500 employees

Mar 14, 2024

The product's initial setup phase was not at all difficult.

Read full review

SS

Security Analyst at HeiTech Padu Berhad

Sep 15, 2023

The product has a user-friendly interface and a valuable feature for threat intelligence integration.

Read full review

NetWitness Platform

Free Report: NetWitness Platform Reviews and More

Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.

893,244 professionals have used our research since 2012.

MOTASHIM Al Razi

CISO at One Bank Limited

Mar 30, 2023

Incident management is its most valuable feature.

Read full review

reviewer1926666

Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees

Jul 27, 2022

I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution.

Read full review

reviewer1486083

Manager at a comms service provider with 10,001+ employees

Jun 23, 2022

The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools.

Read full review

reviewer1417383

Presales Manager at a tech services company with 51-200 employees

May 15, 2022

It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.

Read full review

Rafał Popielski

Solution Architect at NASK

Feb 7, 2024

NetWitness can be highly beneficial for incident detection and response.

Read full review

Director at ST

Apr 8, 2023

In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing.

Read full review

Francesco Ritrovato

Security Analyst at Sogei

Mar 2, 2023

The most valuable feature is the hunting ability to work in a CERT.

Read full review

Show 10 more reviews (out of 35)

NetWitness Platform Cons review quotes

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

Aug 21, 2023

There is no support for this product in this country, so problems have to be resolved through global technical teams.

Read full review

reviewer1130436

Information Technology Security and Infrastructure Expert at a government with 201-500 employees

Mar 14, 2024

The tool's integration capability isn't so great.

Read full review

SS

Security Analyst at HeiTech Padu Berhad

Sep 15, 2023

It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform.

Read full review

NetWitness Platform

Free Report: NetWitness Platform Reviews and More

Learn what your peers think about NetWitness Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.

893,244 professionals have used our research since 2012.

MOTASHIM Al Razi

CISO at One Bank Limited

Mar 30, 2023

Its technical support could be better.

Read full review

reviewer1926666

Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees

Jul 27, 2022

Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine.

Read full review

reviewer1486083

Manager at a comms service provider with 10,001+ employees

Jun 23, 2022

RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms.

Read full review

reviewer1417383

Presales Manager at a tech services company with 51-200 employees

May 15, 2022

If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis.

Read full review

Rafał Popielski

Solution Architect at NASK

Feb 7, 2024

The product's licensing models are complex to understand. This particular area needs improvement.

Read full review

Director at ST

Apr 8, 2023

I believe that integrating the solution with other products such as Oracle would be beneficial.

Read full review

Francesco Ritrovato

Security Analyst at Sogei

Mar 2, 2023

The log system is a bit complex and has room for improvement.

Read full review

Show 10 more reviews (out of 35)

Product Categories

Product Categories

Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons

Wazuh vs NetWitness Platform

Datadog vs NetWitness Platform

Splunk Enterprise Security vs NetWitness Platform

Dynatrace vs NetWitness Platform

IBM Security QRadar vs NetWitness Platform

Microsoft Sentinel vs NetWitness Platform

Cribl vs NetWitness Platform

Elastic Security vs NetWitness Platform

LogRhythm SIEM vs NetWitness Platform

Rapid7 InsightIDR vs NetWitness Platform

Graylog Enterprise vs NetWitness Platform

Security Onion vs NetWitness Platform

Fortinet FortiSIEM vs NetWitness Platform

Amazon OpenSearch Service vs NetWitness Platform

Exabeam vs NetWitness Platform

See all alternatives

Product Categories

Product Categories

Security Information and Event Management (SIEM)

Popular Comparisons

Popular Comparisons

Wazuh vs NetWitness Platform

Datadog vs NetWitness Platform

Splunk Enterprise Security vs NetWitness Platform

Dynatrace vs NetWitness Platform

IBM Security QRadar vs NetWitness Platform

Microsoft Sentinel vs NetWitness Platform

Cribl vs NetWitness Platform

Elastic Security vs NetWitness Platform

LogRhythm SIEM vs NetWitness Platform

Rapid7 InsightIDR vs NetWitness Platform

Graylog Enterprise vs NetWitness Platform

Security Onion vs NetWitness Platform

Fortinet FortiSIEM vs NetWitness Platform

Amazon OpenSearch Service vs NetWitness Platform

Exabeam vs NetWitness Platform

See all alternatives

Related questions

90

When evaluating Log Management tools and software, what aspect do you think is the most important to look for?

445

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?

93

Which Windows event log monitoring tool do you recommend?

86

What is the difference between log management and SIEM?

80

Splunk vs. Elastic Stack

53

How can Cloudtrail logs be used effectively to improve log monitoring?

130

Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?

177

When evaluating Log Management solutions, what aspect do you think is the most important to look for?

69

When evaluating Log Management solutions, what aspects do you think are the most important to look for?

57

Why are Log Management tools important for companies?