We performed a comparison between Microsoft Defender for Endpoint and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"The solution was relatively easy to deploy."
"Fortinet is very user-friendly for customers."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"This is stable and scalable."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Ability to get forensics details and also memory exfiltration."
"The ransomware and malware protection is the most valuable feature."
"Easy to understand and easy to set up endpoint security solution. It's a multifeatured product with web content filtering and automated investigation features. It also has a fantastic vulnerability management dashboard."
"Because it has been integrated with the OS, we get the entire software inventories, and we even get access to the registries. Those are the primary features."
"The detection features are valuable, as is the fact that it is easier to port these logs into Sentinel. That is also useful for us. It is more comprehensive."
"It's a Microsoft product; it's easier to deploy this product than other options."
"There are a couple of features, such as isolating the devices or connecting the device and connecting live response."
"We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations."
"It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. It doesn't use too many resources, so you don't have to install different things."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The interface of this solution is very flexible and easy to use."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"Technical support is knowledgeable."
"It is stable. We have been using it for some time, without any issues."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The log correlation is good."
"Detections could be improved."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Making the portal mobile friendly would be helpful when I am out of office."
"The SIEM could be improved."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads."
"Lacks some additional integration."
"Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated."
"It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good."
"The biggest issue I had with Microsoft Defender for Endpoint was the antivirus and ransomware. I wanted central visibility over all the machines that we operate."
"With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately."
"The GUI is very complex and could be more user friendly."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The contamination feature could be improved."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The initial setup requires a high level of skill."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews. Microsoft Defender for Endpoint is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Intune, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our Microsoft Defender for Endpoint vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.