We performed a comparison between NetWitness XDR and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Cortex XDR over NetWitness XDR. Users praise Cortex XDR for its user-friendly interface, ease of use, and comprehensive threat detection capabilities. They also appreciate its stability, scalability, and seamless integration with other solutions. NetWitness XDR users have encountered issues with slow performance, and configuration problems. They say NetWitness needs improvements in threat intelligence and reporting. While Cortex XDR has been praised for its reasonable pricing, NetWitness XDR is considered expensive. Cortex XDR offers a superior experience with robust features and better value for the investment.
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"Microsoft Defender XDR is scalable."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The integration between all the Defender products is the most valuable feature."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"Stability is one of the features we like the most."
"The solution doesn't need a high level of technical training."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"The dashboard is customizable."
"From a single pane of glass, you can easily manage all of your endpoints."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Technical support is knowledgeable."
"The interface of this solution is very flexible and easy to use."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The stability of the RSA NetWitness Endpoint is very good."
"This solution allows us to locate the malware in real-time."
"It is stable. We have been using it for some time, without any issues."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"We should be able to use the product on devices like Apple, Linux, etc."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The price could be a little lower."
"We would also like to have advanced tech protection and email scanning."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"The playbooks could be improved to include more functionalities or actions."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Limited remote connection."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The solution lacks a reporting engine."
"RSA NetWitness Network could improve on integration with non-native application integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The contamination feature could be improved."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while NetWitness XDR is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Corelight. See our Cortex XDR by Palo Alto Networks vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.