We performed a comparison between NetWitness XDR and Trend Micro XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trend Micro XDR is commended for its holistic approach to threat prevention, real-time visualization, and ability to prioritize network-based detection and response. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Trend Micro XDR should improve integration, overhaul its web interface, and strengthen its business relationships.
Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some customers have found Trend Micro’s customer service to be helpful and responsive, while others have encountered challenges with technical support in complex situations.
Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. The initial setup of Trend Micro XDR is straightforward and fast, but it may require the involvement of several technical professionals.
Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. Some reviews noted that Trend Micro XDR might be too costly for small organizations, but others found the price reasonable.
ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Trend Micro XDR delivers value through automation. Its efficient alerts ensure timely threat detection and prevention.
Comparison Results: Our users prefer Trend Micro XDR over NetWitness XDR. Trend Micro XDR is commended for its comprehensive visibility, high detection rate, and user-friendliness. NetWitness XDR users report challenges with integration, setup, and performance. Trend Micro XDR is considered reasonably priced, while NetWitness XDR is viewed as expensive.
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The summarization of emails is a valuable feature."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"Ability to isolate the machine when there are malicious files."
"It is stable. We have been using it for some time, without any issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The log correlation is good."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Scaling is not a problem at all."
"I like Vision One's workbench. It provides helpful logs that I can search, and the telemetry is excellent because I can see what's happening during an attack or potential attack."
"The automatic EDR system that notifies us when something is wrong is valuable."
"We had a quick deployment. The solution is easy to set up."
"We haven't had any issues with configurations or customizations."
"What I like the most about Trend Micro XDR is that the detection and response domain extends to the network. It goes beyond the endpoint and includes data about the network which lets you pinpoint patient zero as well as the root cause of the attack."
"The centralized visibility is good."
"The proactive approach is the best feature."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The management and automation of the cloud apps have room for improvement."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"Threat detection could be better."
"The contamination feature could be improved."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"We've received some mild complaints that the documentation is sometimes not up to date."
"The support documentation could be more comprehensive."
"It should integrate with more tools. There are a lot of tools that can do the PTP dump."
"I would like to have the capability to export the information we receive from the XDR into Microsoft Excel."
"It would be ideal if they could improve the control of connectivity between sensors."
"While the continuous addition of features is commendable, the sheer volume of changes makes it difficult to stay abreast of the latest developments."
"The price could be lower."
"The support should be improved."
NetWitness XDR is ranked 37th in Endpoint Detection and Response (EDR) with 15 reviews while Trend Vision One is ranked 5th in Endpoint Detection and Response (EDR) with 43 reviews. NetWitness XDR is rated 8.0, while Trend Vision One is rated 8.6. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI, whereas Trend Vision One is most compared with CrowdStrike Falcon, Trend Vision One Endpoint Security, SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks. See our NetWitness XDR vs. Trend Vision One report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
