We performed a comparison between CrowdStrike Falcon and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: CrowdStrike Falcon's customer service is considered prompt and helpful. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: CrowdStrike Falcon is favored over NetWitness XDR. Users like Falcon's lightweight design, machine learning capabilities, UBA features, and reliable cyberattack detection. The solution also earned praise for its integration with other systems and accurate threat detection. NetWitness XDR users mentioned difficulties with the initial setup and slow performance. CrowdStrike Falcon is considered reasonably priced, while NetWitness XDR is seen as expensive.
"The most valuable aspect is undoubtedly the exploration capability"
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"Microsoft 365 Defender is a good solution and easy to use."
"The solution is well integrated with applications. It is easy to maintain and administer."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"The feature I like the most is the solution's detection."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It is stable. We have been using it for some time, without any issues."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"This solution allows us to locate the malware in real-time."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"As the company has grown, the technical support has felt less personal."
"CrowdStrike should add support for ransomware protection."
"The price is too high."
"Some of Falcon's features are a bit pricey."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"Unfortunately, native applications are not supported."
"The console is not user-friendly or visually appealing and has room for improvement."
"The detection time has room for improvement."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The contamination feature could be improved."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"RSA NetWitness Network could improve on integration with non-native application integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The initial setup requires a high level of skill."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. CrowdStrike Falcon is rated 8.8, while NetWitness XDR is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Vectra AI. See our CrowdStrike Falcon vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
