We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The threat intelligence is excellent."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The most valuable feature is the network security."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Elastic Security is very easy to adapt."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The visualization is very good."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"ELK documentation is very good, so never needed to contact technical support."
"The most valuable feature is the ability to collect authentication information from service providers."
"It is scalable."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The log correlation is good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"Ability to isolate the machine when there are malicious files."
"The stability of the RSA NetWitness Endpoint is very good."
"This solution allows us to locate the malware in real-time."
"It is stable. We have been using it for some time, without any issues."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"We should be able to use the product on devices like Apple, Linux, etc."
"The solution does not offer a unified response and standard data."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"Email notification should be done the same way as Logentries does it."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Technical support could respond faster."
"Sometimes, the solution isn't the easiest to use."
"The contamination feature could be improved."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"RSA NetWitness Network could improve on integration with non-native application integration."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Elastic Security vs. NetWitness XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.