We performed a comparison between CrowdStrike Falcon and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: CrowdStrike Falcon's customer service is considered prompt and helpful. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: CrowdStrike Falcon is favored over NetWitness XDR. Users like Falcon's lightweight design, machine learning capabilities, UBA features, and reliable cyberattack detection. The solution also earned praise for its integration with other systems and accurate threat detection. NetWitness XDR users mentioned difficulties with the initial setup and slow performance. CrowdStrike Falcon is considered reasonably priced, while NetWitness XDR is seen as expensive.
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The most valuable feature is the network security."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Microsoft 365 Defender is simple to upgrade."
"The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"The stability is good; we haven't experienced any glitches or bugs."
"Their endpoint is pretty flawless. There is no lag on the machines at all. Even though I have a good overview of all the machines, that's pretty much the most valuable feature of CrowdStrike Falcon."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool."
"The detection and response console is the most valuable feature."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The stability of the RSA NetWitness Endpoint is very good."
"Technical support is knowledgeable."
"The log correlation is good."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"This solution allows us to locate the malware in real-time."
"The interface of this solution is very flexible and easy to use."
"It is stable. We have been using it for some time, without any issues."
"There could be a way to proactively monitor unusual activity ."
"The licensing is a nightmare and has room for improvement."
"The tool gives inconsistent answers and crashes a lot."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"CrowdStrike costs a little more than its competitors."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"We can't do scanning audits or device blocking or application control."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"The performance could be better."
"The contamination feature could be improved."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The initial setup requires a high level of skill."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while NetWitness XDR is ranked 40th in Endpoint Protection Platform (EPP) with 15 reviews. CrowdStrike Falcon is rated 8.8, while NetWitness XDR is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Vectra AI. See our CrowdStrike Falcon vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.