We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The integration with other Microsoft solutions is the most valuable feature."
"The summarization of emails is a valuable feature."
"The threat intelligence is excellent."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Microsoft Defender XDR is scalable."
"The solution is well integrated with applications. It is easy to maintain and administer."
"Microsoft 365 Defender is a good solution and easy to use."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"It's not very complicated to install Elastic."
"The performance is good and it is faster than IBM QRadar."
"Stability-wise, I rate the solution a ten out of ten."
"We've found the initial setup to be quite straightforward."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"Elastic Security is very easy to adapt."
"The most valuable feature is the speed, as it responds in a very short time."
"The stability of the RSA NetWitness Endpoint is very good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"Ability to isolate the machine when there are malicious files."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Better integration with third-party APMs would be really good."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"This solution is very hard to implement."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"We'd like better premium support."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The initial setup requires a high level of skill."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Threat detection could be better."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Elastic Security vs. NetWitness XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
