We performed a comparison between ExtraHop Reveal(x) 360 and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The integration with other Microsoft solutions is the most valuable feature."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"Microsoft Defender XDR is scalable."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"It is scalable."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The stability of the RSA NetWitness Endpoint is very good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Ability to isolate the machine when there are malicious files."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It is stable. We have been using it for some time, without any issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"This solution allows us to locate the malware in real-time."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The solution does not offer a unified response and standard data."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"There needs to be more support."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"RSA NetWitness Network could improve on integration with non-native application integration."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The initial setup requires a high level of skill."
"The contamination feature could be improved."
ExtraHop Reveal(x) 360 is ranked 23rd in Extended Detection and Response (XDR) with 3 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. ExtraHop Reveal(x) 360 is rated 8.6, while NetWitness XDR is rated 8.0. The top reviewer of ExtraHop Reveal(x) 360 writes "A competitive choice for network detection and response with exceptional user interface, ease of implementation and minimal false positives". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". ExtraHop Reveal(x) 360 is most compared with ExtraHop Reveal(x), Forescout Platform and Corelight, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our ExtraHop Reveal(x) 360 vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.