Elastic Security vs NetWitness XDR Comparison 2024

Read 76 Microsoft Defender XDR reviews

4,384 views|3,243 comparisons

Elastic Security

Read 58 Elastic Security reviews

5,225 views|4,355 comparisons

NetWitness XDR

Read 15 NetWitness XDR reviews

911 views|653 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Elastic Security vs. NetWitness XDR

March 2024

Executive Summary

We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.

Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Elastic Security vs. NetWitness XDR Report (Updated: March 2024).

Download the complete report

768,886 professionals have used our research since 2012.

Featured Review

Vladimir Lopatin

Consultant for Infrastructure Solution at Awara IT

The system of analysis and investigation is super convenient for our customers

Defender XDR provides more visibility into all the connected services, including the security stack and all the productivity software. They're all... Read more →

Haroon Khand

Head of Business Development at Qavi Technologies

Enables users to know about the downtime and the errors in the code

There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. These are... Read more →

Anonymous User

Senior Cyber Security Analyst (SAFe Agile) at a transportation company

Advanced threat detection undermined by issues with blocking

NetWitness Endpoint has enabled us to detect attacks that bypass the first stage of cybersecurity, like zero-day and advanced attacks.

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files.""Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit.""The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management.""There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply...""The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats.""The unified view of the threat landscape on a central dashboard is the most valuable feature.""Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing.""The integration, visibility, vulnerability management, and device identification are valuable."

More Microsoft Defender XDR Pros →

"It's simple and easy to use.""We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it.""The solution is compatible with the cloud-native environment and they can adapt to it faster.""We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive.""It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten.""The most valuable feature is the speed, as it responds in a very short time.""ELK documentation is very good, so never needed to contact technical support.""One of the most valuable features of this solution is that it is more flexible than AlienVault."

More Elastic Security Pros →

"Technical support is knowledgeable.""It is stable. We have been using it for some time, without any issues.""The interface of this solution is very flexible and easy to use.""We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.""It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.""The stability of the RSA NetWitness Endpoint is very good.""They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in.""NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."

More NetWitness XDR Pros →

Cons

"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides.""The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year.""The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist.""From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it.""There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups.""The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better.""The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense.""The capability to not only thwart attacks but also to adapt to evolving threats is crucial."

More Microsoft Defender XDR Cons →

"Better integration with third-party APMs would be really good.""We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised.""In terms of improvement, there could be more automation in responding to and evaluating detections.""Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks.""There is room for improvement in the Kibana dashboard and in the asset management for the program.""The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes.""The interface could be more user friendly because it is sometimes hard to deal with.""One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."

More Elastic Security Cons →

"The initial setup requires a high level of skill.""The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features.""The threat intelligence could improve in RSA NetWitness Endpoint.""This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.""We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues.""When analyzing something, you have to click several times. It requires a lot of effort to find something.""NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious.""RSA NetWitness Network could improve on integration with non-native application integration."

More NetWitness XDR Cons →

Pricing and Cost Advice

"The solutions price is fair for what they offer."

"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."

"The price of the solution is high compared to others and we have lost some customers because of it."

"Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."

"We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."

"The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."

"Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."

"They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

More Microsoft Defender XDR Pricing and Cost Advice →

"We use the open-source version, so there is no charge for this solution."

"We are using the free, open-source version of this solution."

"Elastic Stack is an open-source tool. You don't have to pay anything for the components."

"There is no charge for using the open-source version."

"This is an open-source product, so there are no costs."

"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."

"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."

"Compared to other products such as Dynatrace, this is one of the cheaper options."

More Elastic Security Pricing and Cost Advice →

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."

"It is highly scalable. It can be bought based on your requirements."

"I do not have any opinion on the pricing or licensing of the product."

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

"It is an expensive product."

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

More NetWitness XDR Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See Recommendations

768,886 professionals have used our research since 2012.

Questions from the Community

What do you like most about Microsoft 365 Defender?

Top Answer:I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an… more »

Read all 38 answers →

What is your experience regarding pricing and costs for Microsoft 365 Def...

Top Answer:While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.

Read all 29 answers →

What needs improvement with Microsoft 365 Defender?

Top Answer:Defender XDR has good threat visibility, but it could be better in some areas, like when we are hunting for a specific… more »

Read all 37 answers →

Datadog vs ELK: which one is good in terms of performance, cost and effic...

Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times… more »

Read all 7 answers →

What do you like most about Elastic Security?

Top Answer:It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten.

Read all 26 answers →

What is your experience regarding pricing and costs for Elastic Security?

Top Answer:The product offers an amazing pricing structure. Price-wise, the product is very competitive.

Read all 18 answers →

What do you like most about NetWitness XDR?

Top Answer:Technical support is knowledgeable.

Read all 15 answers →

What is your experience regarding pricing and costs for NetWitness XDR?

Top Answer:The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the… more »

Read all 10 answers →

What needs improvement with NetWitness XDR?

Top Answer:I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat… more »

Read all 14 answers →

Comparisons

CrowdStrike Falcon vs. Microsoft Defender XDR

Compared 39% of the time.

Microsoft Defender for Cloud vs. Microsoft Defender XDR

Compared 21% of the time.

Microsoft Purview Compliance Manager vs. Microsoft Defender XDR

Compared 5% of the time.

Wazuh vs. Microsoft Defender XDR

Compared 4% of the time.

Trend Vision One vs. Microsoft Defender XDR

Compared 3% of the time.

More Microsoft Defender XDR Competitors →

Wazuh vs. Elastic Security

Compared 38% of the time.

Splunk Enterprise Security vs. Elastic Security

Compared 9% of the time.

Microsoft Sentinel vs. Elastic Security

Compared 7% of the time.

IBM Security QRadar vs. Elastic Security

Compared 5% of the time.

Microsoft Defender for Endpoint vs. Elastic Security

Compared 5% of the time.

More Elastic Security Competitors →

Darktrace vs. NetWitness XDR

Compared 15% of the time.

ExtraHop Reveal(x) vs. NetWitness XDR

Compared 11% of the time.

CrowdStrike Falcon vs. NetWitness XDR

Compared 8% of the time.

SentinelOne Singularity Complete vs. NetWitness XDR

Compared 7% of the time.

Microsoft Defender for Endpoint vs. NetWitness XDR

Compared 7% of the time.

More NetWitness XDR Competitors →

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender

Elastic SIEM, ELK Logstash

RSA ECAT, NetWitness Network

Learn More

Microsoft

Elastic

NetWitness

Video Not Available

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.

Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care

ADP, Ameritas, Partners Healthcare

Top Industries

REVIEWERS

Manufacturing Company19%

Computer Software Company14%

Government11%

Financial Services Firm11%

VISITORS READING REVIEWS

Computer Software Company17%

Financial Services Firm10%

Government8%

Manufacturing Company8%

REVIEWERS

Financial Services Firm29%

Computer Software Company25%

Healthcare Company13%

Comms Service Provider8%

VISITORS READING REVIEWS

Computer Software Company17%

Financial Services Firm10%

Government9%

Comms Service Provider7%

VISITORS READING REVIEWS

Financial Services Firm15%

Computer Software Company15%

Government8%

Manufacturing Company7%

Company Size

REVIEWERS

Small Business44%

Midsize Enterprise23%

Large Enterprise33%

VISITORS READING REVIEWS

Small Business26%

Midsize Enterprise17%

Large Enterprise57%

REVIEWERS

Small Business60%

Midsize Enterprise18%

Large Enterprise23%

VISITORS READING REVIEWS

Small Business26%

Midsize Enterprise17%

Large Enterprise57%

REVIEWERS

Small Business59%

Midsize Enterprise24%

Large Enterprise18%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise16%

Large Enterprise67%

Buyer's Guide

Elastic Security vs. NetWitness XDR

March 2024

Free Report: Elastic Security vs. NetWitness XDR

Find out what your peers are saying about Elastic Security vs. NetWitness XDR and other solutions. Updated: March 2024.

DOWNLOAD NOW

768,886 professionals have used our research since 2012.

Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Elastic Security vs. NetWitness XDR report.

See our list of best Endpoint Detection and Response (EDR) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Extended Detection and Response (XDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Elastic Security vs NetWitness XDR comparison

Microsoft Defender XDR

Elastic Security

NetWitness XDR