We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Its most significant advantage lies in its affordability."
"The comprehensiveness of Microsoft's threat detection is good."
"The most valuable feature is the network security."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The product is very easy to use."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"I like the indexing of the logs."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"Stability-wise, I rate the solution a ten out of ten."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"It's open-source and free to use."
"The feature that we have found the most valuable is scalability."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"Ability to isolate the machine when there are malicious files."
"This solution allows us to locate the malware in real-time."
"Technical support is knowledgeable."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The interface of this solution is very flexible and easy to use."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The tool gives inconsistent answers and crashes a lot."
"Sometimes, configurations take much longer than expected."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"Email notification should be done the same way as Logentries does it."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"We'd like to see some more artificial intelligence capabilities."
"There isn't really a very good user experience. You need a lot of training."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The initial setup requires a high level of skill."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"Threat detection could be better."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our Elastic Security vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.