We performed a comparison between NetWitness XDR and OpenText EnCase eDiscovery based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Advanced hunting is good. I like that. We can drill down to lots of details."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The threat intelligence is excellent."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The log correlation is good."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"This solution allows us to locate the malware in real-time."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"Ability to isolate the machine when there are malicious files."
"It speeds up the process, so I can meet my deadlines."
"The most important feature we've found is the Enscripts. That is one powerful feature that I, personally, love to use."
"The solution is very stable."
"I like the processing feature on the product because it does everything at once, i.e, indexing, recovery, keyword searches, etc."
"It indexes much faster, and is more reflexive because of the Enscripts."
"Data Recovery: Its ability to repair damaged partitions and uncover hidden partitions from within the tool, and allow further analysis."
"The technical support is excellent."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The initial setup requires a high level of skill."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The contamination feature could be improved."
"RSA NetWitness Network could improve on integration with non-native application integration."
"There were minor UI bugs."
"I would like to see a capability to ingest and absorb more data. That would be really good. It currently is lacking this function."
"We have come across problems with the end-case. We could not find an email discovery type of module and there was not flexibility with the email."
"In the past, incident response time for tech support was slow."
"The reporting is a bit unreliable. It needs to be better."
"Ease of use and learning curve need improvement."
"Sometimes the application can take more time to complete the image processing or fail at the end of the process."
NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews while OpenText EnCase eDiscovery is ranked 6th in eDiscovery with 8 reviews. NetWitness XDR is rated 8.0, while OpenText EnCase eDiscovery is rated 7.8. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of OpenText EnCase eDiscovery writes "A stable and scalable hybrid solution with easy setup". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas OpenText EnCase eDiscovery is most compared with Nuix eDiscovery, CrowdStrike Falcon, Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS) and Microsoft Purview eDiscovery. See our NetWitness XDR vs. OpenText EnCase eDiscovery report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.