We performed a comparison between Microsoft Defender for Endpoint and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"Impressive detection capabilities"
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Real-time detection and cloud-based delivery of detections are highly efficient."
"This product is flexible, and it is very easy to get updates from the Microsoft website."
"This is a very go, proactive solution to threat protection using advanced analysis."
"Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products."
"The antivirus features are very useful."
"It's pretty easy to scale."
"I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible."
"The investigation aspect is the most useful. It's user friendly and has a good user interface."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The stability of the RSA NetWitness Endpoint is very good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The log correlation is good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It is stable. We have been using it for some time, without any issues."
"FortiEDR can be improved by providing more detailed reporting."
"ZTNA can improve latency."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"It takes about two business days for initial support, which is too slow in urgent situations."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The solution is not stable."
"Its price could be better."
"The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened."
"In active mode, it's great that it gives you so much information, but it does record every keystroke so you have a lot of logs... that amount of data logging started to add up in the cost."
"The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor."
"It is inexpensive but could be cheaper like anything else."
"Microsoft Defender for Endpoint's licensing is confusing. It has conflicting information on the website. We also faced integration issues with other systems. It makes laptops slower than traditional antivirus systems."
"The management console is something that can be improved."
"Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The initial setup requires a high level of skill."
"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The contamination feature could be improved."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews. Microsoft Defender for Endpoint is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Intune, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our Microsoft Defender for Endpoint vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.