We performed a comparison between CrowdStrike Falcon and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: CrowdStrike Falcon's customer service is considered prompt and helpful. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: CrowdStrike Falcon is favored over NetWitness XDR. Users like Falcon's lightweight design, machine learning capabilities, UBA features, and reliable cyberattack detection. The solution also earned praise for its integration with other systems and accurate threat detection. NetWitness XDR users mentioned difficulties with the initial setup and slow performance. CrowdStrike Falcon is considered reasonably priced, while NetWitness XDR is seen as expensive.
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"Its most significant advantage lies in its affordability."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The integration, visibility, vulnerability management, and device identification are valuable."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The comprehensiveness of Microsoft's threat detection is good."
"Microsoft 365 Defender is a stable solution."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The solution can scale easily."
"Scalability is good. We have had no issues with it."
"The initial setup is very simple."
"I like the overall reports of this solution. They are crisp, and to the point."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"It provides very good protection and the ability to crosscheck environments."
"Scalability hasn't been an issue for us."
"The detection is very reliable. Also, OverWatch is a great feature."
"The stability of the RSA NetWitness Endpoint is very good."
"Ability to isolate the machine when there are malicious files."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is stable. We have been using it for some time, without any issues."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"This solution allows us to locate the malware in real-time."
"The log correlation is good."
"The interface of this solution is very flexible and easy to use."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"There could be a way to proactively monitor unusual activity ."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"It can be expensive depending on the features you select."
"I would rate it an eight out of ten. It does what it needs to do but there's always room for improvement."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"The support for different OS versions needs improvement because sometimes due to business conditions, updating our OS is impossible."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"They should provide us with good visibility for everything."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The initial setup requires a high level of skill."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The contamination feature could be improved."
"Threat detection could be better."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 106 reviews while NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews. CrowdStrike Falcon is rated 8.8, while NetWitness XDR is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Vectra AI. See our CrowdStrike Falcon vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.