We performed a comparison between ExtraHop Reveal(x) and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"The security features of this solution are the most valuable."
"The solution's initial setup process is easy."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The solution works well for sending sensors."
"Setting up the solution is relatively easy."
"The solution's ability to decrypt SSL traffic is its most valuable feature."
"Ability to isolate the machine when there are malicious files."
"This solution allows us to locate the malware in real-time."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"Technical support is knowledgeable."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The log correlation is good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"I would like to see more cloud capability."
"The solution is expensive and gets more expensive if a company needs to scale it."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"The solution’s pricing could be improved."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"It needs integration with more security vendors."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"RSA NetWitness Network could improve on integration with non-native application integration."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"Threat detection could be better."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
ExtraHop Reveal(x) is ranked 5th in Network Detection and Response (NDR) with 12 reviews while NetWitness XDR is ranked 9th in Network Detection and Response (NDR) with 15 reviews. ExtraHop Reveal(x) is rated 8.6, while NetWitness XDR is rated 8.0. The top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Cisco Secure Network Analytics and Trend Micro Deep Discovery, whereas NetWitness XDR is most compared with Darktrace, CrowdStrike Falcon, SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Vectra AI. See our ExtraHop Reveal(x) vs. NetWitness XDR report.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.