We performed a comparison between NetWitness XDR and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Cortex XDR over NetWitness XDR. Users praise Cortex XDR for its user-friendly interface, ease of use, and comprehensive threat detection capabilities. They also appreciate its stability, scalability, and seamless integration with other solutions. NetWitness XDR users have encountered issues with slow performance, and configuration problems. They say NetWitness needs improvements in threat intelligence and reporting. While Cortex XDR has been praised for its reasonable pricing, NetWitness XDR is considered expensive. Cortex XDR offers a superior experience with robust features and better value for the investment.
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The most valuable feature is the network security."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The integration, visibility, vulnerability management, and device identification are valuable."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"It'll not slow down your system when compared to others."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The information the dashboard provides is very clear."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The stability of the RSA NetWitness Endpoint is very good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"This solution allows us to locate the malware in real-time."
"Technical support is knowledgeable."
"The log correlation is good."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Advanced attacks could use an improvement."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"The encryption is not up to the mark."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"There are a large number of false positives."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The contamination feature could be improved."
"Threat detection could be better."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while NetWitness XDR is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Corelight. See our Cortex XDR by Palo Alto Networks vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.