We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is very easy to use."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"Microsoft 365 Defender is a good solution and easy to use."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The summarization of emails is a valuable feature."
"The most valuable aspect is undoubtedly the exploration capability"
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"It's not very complicated to install Elastic."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"The stability of the solution is good."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The most valuable feature is the machine learning capability."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The stability of the RSA NetWitness Endpoint is very good."
"Ability to isolate the machine when there are malicious files."
"Technical support is knowledgeable."
"It is stable. We have been using it for some time, without any issues."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"Their visuals and graphs need to be better."
"It could use maybe a little more on the Linux side."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Technical support could respond faster."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"RSA NetWitness Network could improve on integration with non-native application integration."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The contamination feature could be improved."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The initial setup requires a high level of skill."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our Elastic Security vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.