We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft 365 Defender is a good solution and easy to use."
"The threat intelligence is excellent."
"The integration between all the Defender products is the most valuable feature."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The visualization is very good."
"The most valuable feature is the ability to collect authentication information from service providers."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The interface of this solution is very flexible and easy to use."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It is stable. We have been using it for some time, without any issues."
"Sometimes, configurations take much longer than expected."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"Email notification should be done the same way as Logentries does it."
"The tool should improve its scalability."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"The solution could offer better reporting features."
"Sometimes, the solution isn't the easiest to use."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The solution lacks a reporting engine."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The initial setup requires a high level of skill."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The contamination feature could be improved."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"RSA NetWitness Network could improve on integration with non-native application integration."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our Elastic Security vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
