We performed a comparison between Microsoft Defender for Endpoint and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet is very user-friendly for customers."
"The price is low and quite competitive with others."
"The solution was relatively easy to deploy."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The setup is pretty simple."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
"Stable endpoint manager, antivirus, and antimalware, with fast technical support and a straightforward setup."
"For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes.""
"The solution is highly scalable."
"Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs."
"Technical support is good."
"It doesn't cause the slowness of the system, which is one of the reasons why I like it."
"The solution's main antivirus capabilities are okay. So far, they have kept us safe."
"Technical support is knowledgeable."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"This solution allows us to locate the malware in real-time."
"The log correlation is good."
"Ability to isolate the machine when there are malicious files."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The stability of the RSA NetWitness Endpoint is very good."
"The dashboard isn't easy to access and manage."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The only minor concern is occasional interference with desired programs."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Updates are not coming out of preview quickly enough and it is holding back on the development of the product."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"In India at least, it seems to be a bit more expensive than other options."
"They should come up with pre-built inner workflows."
"Defender's cloud integration could be improved."
"It would be helpful if they offered video tutorial guides."
"Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."
"Microsoft Defender for Endpoint should include better automation that will make it faster to detect the latest threats happening across the world."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"Threat detection could be better."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews. Microsoft Defender for Endpoint is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and ESET Endpoint Protection Platform, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Palo Alto Networks Cortex XSOAR. See our Microsoft Defender for Endpoint vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.